Momentum Cyber Hosts AIxCYBER on $119B Security Bet
Momentum Cyber announced AIxCYBER, a high‑profile panel in Austin on March 12, 2026, to dissect the forces reshaping cybersecurity. The event highlights a $119 billion investment surge in 2026, driven by record M&A activity and financing across 1,222 transactions. Panelists will examine the AI landscape shock—over 330 AI security startups in three years—alongside the architectural divide of 76 tools per enterprise and a financial supercycle fueling billion‑dollar deals. The discussion aims to guide investors, founders, and CISOs on strategies amid the convergence of agentic AI and market capital flows.
The Case for Why Better Breach Transparency Matters
Cybersecurity experts Adam Shostack and Adrian Sanabria argue for greater breach transparency at RSA Conference. They highlight that current practices treat incidents as legal liabilities, limiting shared learning. The speakers propose structured feedback loops similar to aviation and medicine. Without...
CISA Warns that RESURGE Malware Can Be Dormant on Ivanti Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has detailed how the RESURGE implant silently resides on Ivanti Connect Secure appliances, exploiting the zero‑day CVE‑2025‑0282. The 32‑bit Linux shared object libdsupgrade.so remains dormant until it detects a specific inbound TLS...
What Secure Digital Work Looks Like Next: Omnissa CEO Takes the Stage at IGEL Now & Next Miami 2026
Omnissa CEO Shankar Iyer will headline IGEL Now & Next Miami 2026, showcasing the company’s AI‑driven digital work platform that merges endpoint management, virtual desktops and security into a single control plane. The platform is positioned as a frictionless, adaptive...
Rethinking How State and Local Cyber Teams Are Built and Supported
State and local governments are confronting a wave of cyberattacks, with 86% of incidents causing operational disruption that impacts schools, hospitals and public services. Tight budgets, legacy systems and a fierce cyber‑talent shortage hinder effective response. Experts argue the focus...
South Korean Authorities Accidentally Hand Hackers $4.8M in Crypto
South Korea's National Tax Service mistakenly published a photo containing the mnemonic recovery phrase of a seized cryptocurrency wallet. Hackers used the exposed phrase to transfer approximately $4.8 million worth of digital assets to their own accounts. The blunder underscores a...
FDB Vela Integrates With Photon Health Digital Prescription Marketplace
First Databank’s cloud‑native ePrescribing network, FDB Vela, has integrated with Photon Health’s digital prescription marketplace. The partnership combines FDB Vela’s HITRUST‑certified, redundant cloud infrastructure with Photon’s consumer‑focused platform that lets patients compare pharmacy options by price, location and availability before...
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
North Korean APT ScarCruft launched the Ruby Jumper campaign, employing a chain of malware that includes RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE and BLUELIGHT. The first‑stage payload uses a malicious LNK file to execute PowerShell, which carves and runs additional components....
Ukrainian Man Pleads Guilty to Running AI-Powered Fake ID Site
Ukrainian national Yurii Nazarenko pleaded guilty to operating OnlyFake, an AI‑powered subscription service that sold more than 10,000 counterfeit passports, driver’s licenses and Social Security cards to customers worldwide. The site accepted only cryptocurrency, allowed customization of documents, and marketed...
UK Court of Appeal Rules on the Concept of Personal Data in the Context of Data Security
On 19 February 2026 the UK Court of Appeal decided DSG Retail Ltd v The Information Commissioner, holding that a controller’s data‑security duty covers all information it treats as personal, even if an attacker cannot identify individuals. The ruling, based...
NL: Hackers Had Access to Prison Staff Data for Five Months
Hackers infiltrated the Dutch prisons agency DJI and accessed staff data for at least five months, according to a radio investigation by Argos. The compromised information includes employee email addresses, phone numbers and security certificates. The breach was uncovered after...
Cloud Calling Data Sovereignty Secures Business Operations
BT has launched Sovereign Voice, a cloud‑calling solution that guarantees all voice traffic remains within the United Kingdom’s borders. The service runs on domestic data centres, is managed by local staff, and incorporates Cisco’s secure‑calling platform. It targets heavily regulated...
Android 17 Second Beta Expands Privacy Controls for Contacts, SMS and Local Networks
Google’s Android 17 second beta adds system‑level privacy tools, including a Contacts Picker that grants apps access only to user‑selected contacts and an EyeDropper API that reads screen colors without screen‑capture permission. A new ACCESS_LOCAL_NETWORK runtime permission controls LAN device...
Why Application Security Must Start at the Load Balancer
Application security should begin at the load balancer, not deeper in the stack. Organizations often treat load balancers solely as performance devices, leaving encryption, protocol hygiene, and abuse controls to downstream tools. This architectural gap lets attackers exploit weak TLS...
Vibhor Kumar: Open Source, Open Nerves
At last year’s CIO Summit in Mumbai, senior leaders from banking, fintech, telecom and manufacturing debated the growing risk profile of open‑source databases, with PostgreSQL emerging as the focal point. The conversation has moved from pure performance to trust, encompassing...
Illumio Insights Brings Agentless Visibility and Breach Containment to Hybrid Environments
Illumio announced Illumio Insights, an agent‑less solution that ingests real‑time telemetry from Check Point and Fortinet firewalls to create live traffic maps across data‑center and cloud environments. The platform converts existing firewall data into visibility without installing software agents, extending...
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
Threat actors are distributing trojanized gaming utilities through browsers and chat platforms to install a Java‑based remote‑access trojan (RAT). The downloader stages a portable Java runtime, executes a malicious JAR via PowerShell and cmstp.exe, then deletes itself and configures Microsoft...
National Cyber Security Bill and NIS2: Senior Management’s Compliance Guide
The EU’s NIS2 Directive now obligates senior management to approve, oversee, and assume responsibility for cybersecurity risk, a shift echoed by Ireland’s forthcoming National Cyber Security Bill. The draft legislation mirrors NIS2’s Article 20, imposing personal liability, temporary bans, and fines...
Vulnerability Management Core Capabilities Every Platform Should Have
Vulnerability management platforms must evolve beyond basic scanning to address today’s complex attack surface. Core capabilities now include automated asset discovery, continuous scanning with real‑time risk scoring, integrated remediation workflows, threat‑intelligence enrichment, and compliance‑aligned reporting. These functions enable security teams...
Mobile App Permissions (Still) Matter More than You May Think
Mobile app permissions remain a critical security vector, with both iOS and Android prompting users for dangerous permissions at runtime. Excessive or unnecessary permissions—such as background location, accessibility services, or SMS access—can enable data theft, credential harvesting, and device surveillance....
South Yorkshire ICB Launches Digital Transformation, Cyber, and Digital Workforce Strategies
South Yorkshire Integrated Care Board (ICB) unveiled three coordinated strategies—digital transformation to 2027, a cyber resilience plan, and a digital workforce and skills programme. The digital roadmap emphasizes AI governance, a system‑wide AI and automation forum, and mandatory participation in...
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor in Developer Environments
Security researchers discovered a malicious Go module, github.com/xinfeisoft/crypto, that masquerades as the legitimate golang.org/x/crypto library. The backdoored ReadPassword function captures plaintext credentials, writes them to /usr/share/nano/.lock, and exfiltrates them via a dynamically supplied GitHub Raw URL. After exfiltration, the module pulls and...
Infostealers Drive Massive Brute-Force Attacks on Corporate SSO Gateways with Stolen Credentials
Defused Cyber uncovered a credential‑stuffing campaign that uses passwords harvested by Infostealers to brute‑force corporate SSO gateways, notably targeting F5 BIG‑IP devices. Analysis of 70 credential pairs showed 77 % originated from known Infostealer infections, confirming a direct supply chain from malware‑infected employee...
Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking
Security agency CISA disclosed that Gardyn smart indoor hydroponic gardens suffered two critical and two high‑severity vulnerabilities, affecting an estimated 138,000 devices. The critical flaws include a command‑injection bug (CVE‑2025‑29631) and hard‑coded admin credentials (CVE‑2025‑1242) that enable remote, unauthenticated control...
OpenClaw Vulnerability Exposes How an Open-Source AI Agent Can Be Hijacked
OpenClaw, an open‑source AI agent that quickly amassed over 100,000 GitHub stars, was found to contain a critical vulnerability that lets any website a developer visits hijack the local agent via an unauthenticated WebSocket connection. The flaw bypasses rate‑limiting and...
Oculeus 2FN Authenticates Calls in Real Time to Stop CLI Spoofing
Oculeus has launched its Two Factor Network (2FN) solution, giving telcos a real‑time framework to authenticate caller identity and stop CLI spoofing. The system creates a parallel verification path with digital signatures that peer‑to‑peer carriers exchange during call setup. Industry...
Hackers Tricked by Fake Satellite in Groundbreaking Cybersecurity Sting
Researchers unveiled HoneySat at NDSS 2026, the first high‑interaction satellite honeypot that mimics an entire CubeSat mission, including ground‑segment software and orbital dynamics. In three public deployments, attackers issued 22 authentic flight‑software commands, attempting to access ground systems, extract telemetry,...
Proofpoint Celebrates A/NZ Partners
Proofpoint announced the 2025 ANZ Partner Awards at its Protect Tour in Sydney, honoring partners that advance human‑ and agent‑centric cybersecurity. Nextgen Distribution earned Distributor of the Year, while NTT Data was named Partner of the Year. Infotrust secured Growth...
DoD Replaces Paper-Based Access Requests with Automated ICAM Workflow
The Department of Defense is phasing out the decades‑old DD Form 2875, replacing it with an automated Identity, Credential and Access Management (ICAM) workflow. The new system will provision, authorize, and revoke user access within hours, generate immutable audit logs,...
The Key Components of a Vendor Relationship Management Framework
The rise of distributed supply chains has turned vendors into ongoing operational dependencies, prompting the need for a structured Vendor Relationship Management (VRM) framework. By distinguishing day‑to‑day vendor management from strategic Supplier Relationship Management, companies can ensure reliability while fostering...
Cisco Says Hackers Have Been Exploiting a Critical Bug to Break Into Big Customer Networks Since 2023
Cisco disclosed that a critical vulnerability in its Catalyst SD‑WAN platform has been actively exploited since 2023. The flaw carries a CVSS rating of 10.0, granting attackers remote code execution and full administrative control. Hackers have used the bug to...
India: Cybersecurity Guidelines to Safeguard Space Systems
India has issued comprehensive cybersecurity guidelines for space systems, jointly crafted by the Indian Computer Emergency Response Team (CERT‑In) and the Space and IT Association‑India (SIA‑India). The advisory framework targets satellite operators, ground‑station managers, manufacturers and emerging private space firms,...
Malaysia Leads ASEAN in Cross-Border Cloud Governance
Malaysia, through the Malaysia Digital Economy Corporation, has secured ASEAN endorsement for a Regional Framework on Cross‑Border Cloud Computing. The framework, unveiled at the 6th ASEAN Digital Ministers’ Meeting, introduces shared governance principles and "Trusted Data Corridors" to ensure secure...
HackerOne Adds AI Agent to Validate Vulnerabilities
HackerOne introduced an AI agent that automatically validates reported vulnerabilities, distinguishing real threats from false positives. The agent, built on the Hai platform and trained with a Continuous Threat Exposure Management methodology, assesses risk, identifies duplicates, and recommends remediation priorities....
Fake Zoom and Google Meet Scams Install Teramind: A Technical Deep Dive
A fake Zoom update and a parallel Google Meet impersonation are delivering the same Teramind monitoring MSI to Windows PCs. The installer’s filename contains a unique 40‑character hex string that the MSI parses at install time to set attacker‑specific instance IDs,...
Stars Align for Passkeys but Will Adoption Follow?
Credential‑based fraud and login friction are eroding conversion for high‑value e‑commerce shoppers, prompting merchants to seek stronger, lower‑friction authentication. Passkeys, built on FIDO public‑key cryptography and unlocked via biometrics or PIN, promise to eliminate password reuse and phishing risk. PayPal...
Marquis V. SonicWall Lawsuit Ups the Breach Blame Game
Fintech firm Marquis, which serves over 700 banks, filed a lawsuit against firewall vendor SonicWall after a ransomware breach exposed client data for roughly 780,000 individuals. SonicWall later disclosed that a breach of its own firewall configuration backups affected all...
Can Agentic AI Effectively Handle Enterprise Security Needs
Enterprises are turning to Non‑Human Identity (NHI) management to close security gaps created by machine‑generated accounts and their secrets. By automating discovery, classification, monitoring and decommissioning, organizations can reduce breach exposure while cutting operational costs. Centralized NHI platforms deliver real‑time...
How Smart Are NHIs in Managing Complex Security Environments
Non‑Human Identities (NHIs) are machine credentials that protect data in cloud‑first environments. The article outlines a full NHI lifecycle—from discovery to remediation—and stresses that piecemeal tools fall short. It highlights industry‑specific challenges, such as patient data in healthcare and DevOps...
How Can Agentic AI Improve Digital Security Processes
Agentic AI is emerging as a transformative layer for digital security by automating the management of Non‑Human Identities (NHIs) and their secrets. The technology enables proactive threat detection, automated response, and continuous visibility, allowing security teams to shift focus toward...
Does Implementing Agentic AI Fit the Budget of SMBs
Non‑human identities (NHIs) such as machine‑generated secrets are becoming a critical attack surface, prompting organizations to adopt comprehensive NHI management across discovery, classification, detection and remediation stages. Effective NHI programs deliver reduced breach risk, regulatory compliance, and operational efficiencies through...
Infotrust to Reinvest $50M From Nexgen Sale Into Shoring up Sovereign Security
Infotrust has sold its cloud and communications arm Nexgen to Aussie Broadband for up to $50 million, freeing capital to accelerate its sovereign cyber‑security strategy. The proceeds will be redeployed into identity, data‑privacy and broader federal‑government capabilities, as well as potential...
ServiceNow AI Platform Vulnerability Enables Unauthenticated RCE
ServiceNow disclosed and patched a critical vulnerability, CVE-2026-0542, in its AI Platform that could allow unauthenticated remote code execution. The flaw bypasses the ServiceNow Sandbox, affecting web interfaces, API endpoints, and automation modules, and carries a CVSS rating of 9.8....
Idemia PS Deal Brings Growing Number of US mDLs to Trinsic’s Digital Identity Network
Trinsic has integrated Idemia Public Security’s mobile driver’s license (mDL) solution into its Digital Identity Acceptance Network, adding support for mDLs issued in New York, Arkansas, Iowa, West Virginia and Kentucky. Idemia, the leading U.S. provider of state‑backed mDLs, also serves three...
Project Compass Is Europol’s New Playbook for Taking on The Com
Project Compass, a Europol‑led operation backed by 28 nations including the Five Eyes, began in January 2025 to dismantle the transnational youth‑focused cybercrime network known as The Com. Since its launch the initiative has secured 30 arrests, fully or partially...
Senate Moves One Step Closer to Passing Health Care Cyber Reforms
The Senate Health, Education and Labor Committee approved the bipartisan Health Care Cybersecurity and Resiliency Act by a 22‑1 vote, with only Sen. Rand Paul dissenting. The legislation obliges the Department of Health and Human Services to craft a cybersecurity...
FedRamp 20x Opens the Door to Fast Access to Secure Services
FedRAMP 20x redesigns the federal cloud‑security authorization process by eliminating the agency sponsor requirement and introducing a cloud‑native path that can deliver approvals in weeks instead of years. Automation replaces narrative controls with machine‑readable evidence, targeting over 80% validation through continuous‑monitoring...
Building Day 2 Ops Guardrails with Terraform and Packer
The article outlines how Terraform and Packer can establish Day 2 operations guardrails that keep cloud environments secure, compliant, and cost‑effective after initial provisioning. It identifies common post‑deployment pitfalls such as manual ticketing, policy drift, orphaned resources, and misconfigurations that drive...
IonQ Deploys Romania’s National Quantum Communication Infrastructure (RoNaQCI)
IonQ has rolled out Romania’s National Quantum Communication Infrastructure (RoNaQCI), creating a 1,500‑kilometer quantum‑key‑distribution (QKD) network that links six major cities. The system comprises 36 quantum‑secured links, accounting for more than 20% of Europe’s terrestrial quantum communications capacity. Leveraging wavelength‑division...
Mike Pezzullo Reflects on Action Following Major ANU Data Breach
Former public servant Mike Pezzullo addressed the Universities Australia Solutions Summit, reflecting on the 2019 cyber‑attack that compromised nearly 20 years of Australian National University (ANU) student and staff records. The breach, attributed to Chinese state‑linked threat actors, exposed bank...
