Data From Insight Hospital and Medical Center Leaked on Dark Web
Insight Hospital and Medical Center disclosed that an unauthorized actor accessed its network from August 22 to September 11, 2025, compromising extensive personal and health data. The breach involved roughly 360 GB of files—about 900,000 records—including names, Social Security numbers, and medical images. On February 24, the hacker group Termite posted the full data set on a dark‑web leak site without offering remediation services. Insight has yet to confirm individual notifications or HHS reporting.
30 Alleged Members of 'The Com' Arrested in Project Compass
Europol’s Project Compass, launched in January 2025, has led to the arrest of 30 alleged members of the cyber‑extremist collective known as “The Com,” while identifying a further 179 participants across 28 partner nations. The operation targets a loosely organized network of...
Fake Google Security Site Uses PWA App to Steal Credentials, MFA Codes
A phishing campaign masquerading as a Google Account security page deploys a malicious Progressive Web App (PWA) to harvest one‑time passwords, cryptocurrency wallet addresses, and device data. The PWA, hosted on google‑prism.com, requests clipboard, notification, and location permissions, uses the...
Wisconsin K-12 District Hit by Weeklong Outage
The Denmark School District in Wisconsin experienced a five‑day internet outage after a reported cyber incident that appears to be a ransomware attack claimed by the group INC Ransom. The attackers say they encrypted roughly 70.76 GB of district data and posted...
With Quantum Transformation Looming, No Time to Waste in Maturing Cryptography Management
Quantum computers can break RSA and ECC encryption in seconds, prompting urgent action for healthcare data security. At HIMSS26, DigiCert’s Mike Nelson and other experts will outline practical steps for post‑quantum cryptography (PQC) migration, emphasizing crypto agility and automated management....
Incode Aces iBeta Level 3 Biometric PAD Test for Both iOS and Android
Incode’s Deepsight liveness detection software passed iBeta’s Level 3 presentation‑attack detection tests on both iOS and Android, achieving zero errors for APCER and BPCER. The evaluation, based on ISO/IEC 30107‑3, involved 900 sophisticated attacks, including advanced masks and AI‑generated faces. Incode previously...
Hacktivists Claim to Have Hacked Homeland Security to Release ICE Contract Data
Hacktivist collective “Department of Peace” announced a breach of the U.S. Department of Homeland Security, releasing a trove of Immigration and Customs Enforcement (ICE) contract records via DDoSecrets. The dump contains details on more than 6,000 vendors, including major defense...
NFC-Based IDV with Liveness Delivers Zero Fraud, Fewer Support Calls for BankID Norway
BankID Norway, serving 4.7 million users, processed nearly 901 million transactions in 2025. Since mid‑2024 it has layered NFC‑based biometric ID verification with iProov’s liveness check, completing one million activations that now represent about half of all new enrollments. The combined approach has...
Alabama Man Pleads Guilty to Hacking, Extorting Hundreds of Women
A 22‑year‑old Alabama man, Jamarcus Mosley, pleaded guilty to extortion, cyberstalking, and computer fraud after hijacking the social‑media accounts of hundreds of young women between 2022 and 2025. He used social‑engineering tactics to obtain recovery codes, seized control of Snapchat,...
Best Data Discovery Tools in 2026 for Product, Network, and IT Assets
Data discovery tools are essential for uncovering product, network, and IT assets, providing the first step toward risk mitigation and operational optimization. The article outlines top‑rated 2026 solutions—Productboard, Amplitude, Fullstory, Pendo for product; Auvik, SolarWinds NPM, Paessler PRTG, Domotz for...
Pathlock Extends SAP Threat Detection Into Microsoft Sentinel’s SIEM Architecture
Pathlock has integrated its Cybersecurity Application Controls platform with Microsoft Sentinel, delivering SAP‑specific threat detection inside the cloud‑based SIEM. The solution ingests over 70 SAP log sources and applies more than 1,500 detection signatures, enriching alerts with business context before...
Amadeus Emerges as Suitor for Idemia PS, Deal Would Create Airport Biometrics Behemoth
Amadeus IT SA is in advanced talks to acquire Idemia Public Security for an estimated €2‑3 billion, a move that would combine the airline‑tech group’s travel‑focused biometric suite with Idemia’s law‑enforcement and border‑control capabilities. Idemia PS brings core biometric algorithm IP...
SAPinsider 2026 Awards Finalists Announced Ahead of Las Vegas Event
SAPinsider has announced the finalists for its 2026 Awards, covering seven categories that recognize measurable business outcomes through SAP‑based AI, cloud, ERP, and cybersecurity initiatives. The shortlist includes global enterprises such as BRG Sports, HP Inc., Microsoft, and the U.S....
Alleged India-Linked Espionage Campaign Targeted Pakistan, Bangladesh, Sri Lanka
Arctic Wolf identified a year‑long espionage campaign, dubbed SloppyLemming, that targeted government agencies and critical infrastructure in Pakistan, Bangladesh and Sri Lanka starting in January 2025. The group delivered malicious PDFs containing the BurrowShell backdoor and Excel files with keyloggers, using 112 Cloudflare‑hosted...
Fake DOD Memo About ‘Compromised’ Apps Shows Swift Spread of Deceptive Messaging
A fabricated U.S. Cyber Command memo warned that popular apps such as Uber, Snapchat and Talabat were "compromised" and could expose servicemembers' locations. The Department of Defense quickly denied any such directive, confirming the memo never existed. The false alert...
NeuralTrust Recognized by Gartner® Market Guide for Guardian Agents
NeuralTrust has been named a Representative Vendor in Gartner’s Market Guide for Guardian Agents, highlighting its role as an Agent Risk and Security Specialist. The firm’s platform provides runtime protection, automated red‑team testing, continuous evaluation, and observability for AI agents...
I Stopped Trusting Google Drive with Sensitive Files After I Found This Free Encryption Tool
The author stopped trusting Google Drive for sensitive data after discovering Cryptomator, a free open‑source encryption tool. Cryptomator encrypts files locally, storing only gibberish on cloud services, so providers and hackers cannot read the content. It integrates seamlessly with major...
Vibe Coding Service Lovable Accused of Hosting Malware-Ridden Apps Exposing Thousands of Users — It Says They Should Take More...
Vibe coding platform Lovable is under fire after security researcher Taimur Khan uncovered severe vulnerabilities in apps built with its AI‑generated code. A showcased EdTech app contained 16 flaws, including six critical issues that exposed over 18,000 user records. A...
BYOVD Turns Trusted Drivers Against Windows Security
Threat actors are increasingly exploiting the Bring Your Own Vulnerable Driver (BYOVD) technique, loading digitally signed but flawed Windows drivers to obtain Ring 0 kernel privileges. By leveraging legitimate drivers extracted from vendor installers, attackers can bypass endpoint detection and response...
Criminal IP to Present Decision-Ready Threat Intelligence at RSAC™ 2026
Criminal IP, an AI‑driven attack‑surface management and cyber‑threat intelligence platform, will exhibit at RSAC 2026 in San Francisco from March 23‑26. The company will host visitors at Booth N‑6555, offering live demos, one‑on‑one consultations, and hands‑on guidance. Serving more than 150 countries, Criminal IP combines large‑scale...
Feb Recap: New AWS Privileged Permissions and Services
In February 2026 AWS expanded privileged permissions to focus on generative AI model integrity. The key addition is the `bedrock-mantle:CreateFineTuningJob` permission, which lets users launch fine‑tuning jobs within the Bedrock Mantle ecosystem. This capability introduces a new attack surface where...
British Organizations Urged to Be Alert to Threat of Iranian Cyberattacks
The UK’s National Cyber Security Centre (NCSC) has issued an advisory warning British organisations of a heightened indirect cyber threat from Iran following a joint U.S.-Israeli airstrike that killed Iran’s Supreme Leader. While the agency sees no immediate surge in...
Agencies Aim to Harness AI for Cyber Defense
The upcoming national cyber strategy will make artificial intelligence a cornerstone of federal network security, as emphasized by National Cyber Director Sean Cairncross. Agencies are urged to secure AI use cases while leveraging AI to strengthen information security across government....
White Hat Helps Recover $1.8M After $2.3M Foom Cash Exploit
A white‑hat researcher known as Duha identified a critical deployment error in Foom Cash’s zero‑knowledge proof setup, enabling a $2.26 million exploit. Working with security firm Decurity, the hacker helped recover $1.84 million—about 81% of the stolen funds—while the protocol awarded a...
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
This week’s cyber‑threat landscape featured a critical Cisco SD‑WAN zero‑day (CVE‑2026‑20127) being actively exploited, highlighting the risk to network infrastructure. Anthropic accused three Chinese AI firms of large‑scale model‑distillation attacks, echoing similar concerns raised by OpenAI. Google disrupted the UNC2814...
Answering Your Webinar Questions: Risk-Free DMARC Enforcement
The recent webinar on risk‑free DMARC enforcement was followed by a detailed Q&A that clarified common misconceptions about email forwarding, policy progression, and related standards. Attendees learned that DMARC alone cannot fix forwarding issues, but preserving DKIM signatures and enabling...
Upwind Doubles Down on India and Expands Footprint Across Asia-Pacific and Japan to Meet Growing Demand for Real-Time Cloud and...
Upwind announced a major expansion across Asia‑Pacific and Japan, adding local SaaS instances in India, Australia, Singapore and Japan while tripling its regional workforce in just three months. The cloud‑security vendor says its global customer base has grown 200% year‑over‑year,...
NetQuest Launches NetworkLens for Hyperscale AI Threat Detection
NetQuest unveiled NetworkLens, a portfolio of hyperscale, real‑time network intelligence datasets designed for AI‑driven cyber threat detection. The datasets are continuously generated by the NetQuest Streaming Network Sensor, which captures wire‑speed traffic and transforms it into structured records covering application...
Everyone Knows About Broken Authorization – So Why Does It Still Work for Attackers?
Broken authorization, including BOLA and BFLA, remains a top API vulnerability despite widespread awareness and OWASP coverage. The flaw persists because authorization checks are embedded in business logic and only break under real‑world traffic patterns, not in design‑time testing. Attackers...
Shutdown Stalls Compliance Plans for Cyber Breach Reporting Rule
A partial shutdown of the Department of Homeland Security is delaying the finalization of the Cyber Incident Reporting for Critical Infrastructure Act rule, which would impose stricter breach‑notification requirements on critical‑infrastructure firms. The agency announced in February that it was...
_jvphoto_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Quantum-Resistant Data Diode Secures Sensitive Data on Edge Devices, Critical Systems
Forward Edge‑AI unveiled Isidore Quantum, a palm‑sized data diode that enforces one‑way data flow while encrypting traffic with post‑quantum algorithms such as ML‑KEM and ML‑DSA. The device, co‑developed with the U.S. government and Microsoft, delivers sub‑0.5 ms latency and up to...
CISA Releases New Guidance on Assembling Multi-Disciplinary Insider Threat Management Teams
CISA issued new guidance on Jan. 28, 2026 for assembling multi‑disciplinary insider‑threat management teams. The resource introduces the POEM (Plan, Organize, Execute, Maintain) framework to align physical security, cybersecurity, personnel awareness, and community partnerships. While aimed at critical‑infrastructure operators, the guidance is...
Enterprise Passwordless Authentication for Retail Brands
MojoAuth announced an enterprise‑grade passwordless authentication platform tailored for large retail brands. The solution combines WebAuthn passkeys, OTP, magic links, and adaptive risk‑based MFA to eliminate passwords while supporting PCI‑DSS requirements and private‑cloud deployments. It is engineered to handle massive...
AI Fraud Hits Canadian Companies’ Bottom Lines: KPMG
KPMG Canada’s latest survey reveals AI‑driven fraud is now a major threat to Canadian firms, with 72% reporting a profit loss of up to five percent last year. Eighty‑one percent of businesses that experienced fraud say the attacks were AI‑enabled,...
How to Protect Your SaaS From Bot Attacks with SafeLine WAF
SaaS companies are increasingly targeted by sophisticated bots that inflate sign‑ups, scrape APIs, and overload infrastructure. SafeLine, a self‑hosted web application firewall, inspects every HTTP request using a semantic analysis engine that detects malicious intent with 99.45% accuracy. By deploying...
CIAM Authentication Sessions at #IdentityWeekAmerica2026: Protecting Organisational and Customer Security
Identity Week America, taking place September 2‑3 in Washington D.C., will host a series of CIAM authentication sessions aimed at strengthening organizational and customer security. The agenda highlights next‑generation technologies such as password‑less login, multi‑factor authentication, and facial recognition, with...
PureLiFi Unveils LiFi Architecture to Extend Gigabit Capacity Indoors
pureLiFi introduced a high‑bandwidth LiFi architecture capable of 10 Gbps indoor data rates, targeting the fixed wireless access (FWA) market. The company unveiled the Bridge XC Flex, a plug‑and‑play bridge that delivers gigabit broadband through windows without drilling, and announced partnerships with 5G...
Druva Uses Graph Relationships to Mine Metadata
Druva has introduced Dru MetaGraph, a graph‑database layer that stores backup metadata as interconnected nodes, enabling AI agents to answer security and compliance questions with real‑time context. The approach stems from three drivers: security queries are fundamentally relationship‑based, customers need instant,...
Configuration and Runtime: The PB&J of Effective Security Operations
The article argues that effective security operations now require merging configuration data with runtime telemetry. Traditional SIEMs focused on static logs, but cloud and SaaS environments make permissions and policies highly dynamic. CSPM and SSPM tools have elevated configuration to...
Cyberattack Briefly Disrupts Russian Internet Regulator and Defense Ministry Websites
Russia’s internet regulator Roskomnadzor and the Defense Ministry suffered a large distributed denial‑of‑service (DDoS) attack that briefly took down several government websites. The agency described the assault as a complex multi‑vector operation originating from servers and botnets in Russia, the...
How to Evaluate HR Tech Vendors for Cybersecurity
HR data appears in four out of five cyber breaches, highlighting the sector’s vulnerability. As HR platforms become central to employee information ecosystems, vendor security directly impacts corporate risk. A structured evaluation—starting with data‑flow mapping, compliance verification, and baseline controls—helps...
Pakistan’s Top News Channels Hacked and Hijacked With Anti-Military Messages
On March 1, 2026, Pakistan’s leading news channels Geo News, ARY News and Samaa TV were hijacked during the Ramadan Iftar slot, with hackers inserting anti‑military messages into the live feed. The intrusion was achieved by commandeering the PakSat satellite...
Bug in Google's Gemini AI Panel Opens Door to Hijacking
Google patched a high‑severity vulnerability (CVE‑2026‑0628) in the Gemini AI side‑panel of Chrome that could let a malicious extension with basic permissions hijack the panel, capture screenshots, and access the camera, microphone, and local files. Palo Alto Networks’ Unit 42 demonstrated...
Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat
Link11’s European Cyber Report 2026 shows DDoS attacks surged 75% in 2025, reaching a record 12,388 minutes of continuous assault and 509 TB of traffic. Three attacks topped 1 Tbit/s, with the strongest at 1.33 Tbit/s, indicating terabit‑scale threats are now routine. The data...
Why Security Teams Can No Longer Ignore Recruitment Fraud
Recruitment fraud is emerging as a critical enterprise security threat, driven by AI‑powered social engineering that can convincingly impersonate recruiters and hiring workflows. Labor market volatility, highlighted by 1.17 million U.S. job cuts in 2025, has amplified the urgency and exposure...
Embedding Security: Designing Fraud Risk Out of Business Transactions
Embedded finance is set to exceed $7 trillion in transaction volume by 2026, cementing its role as core infrastructure for business platforms. However, fraud attempts are rising two to three times faster than in traditional banking, outpacing legacy detection tools. The...
Chilean National Extradited to U.S. Over Stolen Credit Card Data Trafficking Scheme
A Chilean national, Alex Rodrigo Valenzuela Monje, was extradited to the United States and arraigned in Salt Lake City for operating a Telegram‑based carding marketplace that sold over 26,000 stolen credit‑card records between 2021 and 2023. The indictment alleges he...
4 Data Security Incidents to Know About (February 2026)
February 2026 saw four notable data security incidents. Inadequate redactions of the Jeffrey Epstein files exposed roughly 100 victims, including personal contacts and nude images. Updates to the 2024 Conduent breach revealed secondary leaks affecting customers such as Volvo Group North America...
Run Pulumi Insights on Your Own Infrastructure
Pulumi announced that its Insights platform can now be run on customer‑managed workflow runners, allowing enterprises to execute discovery scans and policy evaluations within their own infrastructure. The self‑hosted option supports both SaaS Pulumi Cloud and self‑hosted installations, and works...
How CISOs Can Build a Resilient Workforce
Cybersecurity leaders face mounting workforce challenges as skill gaps, burnout, and unpredictable threat spikes strain limited budgets. CISOs like Stephen Ford and Jon France emphasize data‑driven staffing, AI‑augmented workflows, and early‑career pipelines to sustain teams. The 2025 ISC2 study shows...
