Low-Code by Design: A Practical Way to Modernize Identity Governance
Low‑Code by Design reframes identity governance automation by building reusable, metadata‑driven integration modules instead of bespoke scripts. The approach captures application attributes such as account models and correlation rules, allowing a single tested component to be configured for many systems. Early adopters report onboarding times shrinking from weeks to days, while centralizing lifecycle management reduces technical debt. As organizations scale, the framework curbs integration sprawl, delivering faster delivery, lower costs, and clearer audit trails.
Huawei Takes Part in EU Research Programs Despite Commission Crackdown
Huawei is participating in 16 Horizon Europe research projects despite being labeled a high‑risk supplier by the European Commission. Fifteen of the contracts were signed before the 2023 ban, while a sixth‑year project was deemed outside the restriction scope. The...
$3M FanDuel Fraud Case Shows Why Online Gambling Needs Biometric IDV, Liveness
Federal prosecutors charged two Connecticut men with a $3 million fraud scheme that exploited knowledge‑based authentication on FanDuel, DraftKings and BetMGM. The perpetrators harvested personal data from roughly 3,000 victims using services such as TruthFinder and BeenVerified to open fraudulent gambling...
AWS Security Hub Extended Brings Enterprise Security Under One Roof
AWS Security Hub Extended introduces a bundled plan that lets enterprises procure, deploy, and manage a full‑stack security suite covering endpoints, identity, email, network, data, browsers, cloud, AI, and security operations from a single console. The offering expands protection beyond...
India and Israel Sign Tech and Cyber Security Pacts During Modi's Trip
During Prime Minister Narendra Modi’s state visit, India and Israel signed multiple agreements to deepen cooperation in technology and cybersecurity. The pacts create a joint innovation fund, enable real‑time cyber‑threat intelligence sharing, and launch collaborative projects in artificial intelligence, quantum...
European DYI Chain ManoMano Data Breach Impacts 38 Million Customers
ManoMano, a leading European DIY e‑commerce platform, disclosed a data breach affecting roughly 38 million customers after hackers compromised a Tunis‑based third‑party customer support provider. The breach exposed personal details such as names, email addresses, phone numbers, and support ticket communications,...
The NIST OSCAL Framework for State and Local Governments
NIST’s Open Security Controls Assessment Language (OSCAL) gives state and local governments a machine‑readable alternative to spreadsheets, Word files, and PDFs for security‑control documentation. By encoding controls, implementations, and assessment results in JSON, XML or YAML, agencies can automate validation,...
Act Now to Battle Data Exfiltration
Accounting firms are facing a surge in data‑exfiltration attacks, where cybercriminals silently steal sensitive financial records to extort victims or sell the data. Traditional detection tools often miss covert channels, encrypted uploads, and traffic mimicry, leaving firms vulnerable. The average...
Critical Juniper Networks PTX Flaw Allows Full Router Takeover
Juniper Networks disclosed a critical CVE‑2026‑21902 vulnerability in the On‑Box Anomaly Detection framework of its Junos OS Evolved running on PTX Series routers. The flaw lets an unauthenticated attacker reach a root‑level service over an external port, enabling full device...
Olympique Marseille Confirms 'Attempted' Cyberattack After Data Leak
Olympique de Marseille confirmed it was the target of an attempted cyberattack after a threat actor claimed to have breached its servers and leaked a sample of a database containing staff and supporter information. The club said its technical teams...
Aeternum Botnet Shifts Command Control to Polygon Blockchain
Aeternum, a newly discovered botnet loader, has moved its command‑and‑control (C2) infrastructure onto the Polygon blockchain, using smart contracts to issue instructions. By writing commands as immutable blockchain transactions, the botnet eliminates the traditional servers and domains that law‑enforcement typically...
Greek Court Sentences Predator Spyware Gang
A Greek court sentenced four individuals, including two Israelis, to prison for operating the illegal Predator spyware that targeted politicians, journalists and business executives. The defendants—linked to the Israeli firm Intellexa—were convicted of breaching telephone confidentiality and illegal data access....
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
Cisco Talos has identified a new threat cluster, UAT-10027, delivering a novel backdoor called Dohdoor that leverages DNS‑over‑HTTPS for command‑and‑control. The malware uses DLL side‑loading through legitimate Windows executables and drops a Cobalt Strike beacon that unhooks NTDLL calls to evade...
Why Europe Can’t Defend What It Can’t Connect
Europe faces its most contested security decade since the Cold War, with the digital backbone—networks, data infrastructures and connectivity—now the primary frontline. Recent blackouts in Portugal and Spain illustrate how digital failures become national security events, while adversaries target subsea...
Contrast Security Integration Brings Verified Application Risk Into ServiceNow Workflows
Contrast Security’s integration with ServiceNow Application Vulnerability Response (AVR) streams verified, runtime‑backed vulnerabilities directly into ServiceNow tickets, uniting detection and remediation workflows. The bidirectional sync supplies exploitability evidence, code location and environment context, eliminating manual validation steps. This enables security...
Ransomware Payment Rate Drops to Record Low as Attacks Surge
Chainalysis reports ransomware victims paid only 28% of demanded sums in 2025, the lowest rate on record despite a 50% surge in attacks. Total on‑chain ransomware payments are near $820 million and could exceed $900 million as attribution improves. While the number...
Versa Launches Sovereign SASE-As-A-Service As ‘Something New’ In Partners’ Toolkits
Versa has introduced the world’s first sovereign SASE‑as‑a‑Service, extending its earlier sovereign SASE model to a fully managed, in‑country offering. The service provides local control, management, and storage to satisfy data‑residency regulations such as the U.S. CLOUD Act. Versa reports...
Phishing‑Led Agent Tesla Campaign Uses Process Hollowing and Anti‑Analysis to Evade Detection
Agent Tesla’s newest campaign leverages a multi‑stage, fileless delivery chain that begins with a phishing email containing a RAR‑packed JSE loader. The loader fetches an AES‑encrypted PowerShell script, which executes entirely in memory and uses process hollowing to inject malicious...
How to Cut MTTR by Improving Threat Visibility in Your SOC
Mean Time to Respond (MTTR) is a critical KPI linking security speed to business risk. The article explains that poor threat visibility—stale data, alert overload, fragmented tools—drives MTTR higher, while high‑quality, execution‑verified threat intelligence can compress response times. ANY.RUN’s sandbox‑derived...
Passware Kit Mobile 2026 V2 Decrypts Samsung S21/S20 Series
Passware Kit Mobile 2026 v2 introduces a proprietary method to decrypt Samsung Galaxy S20 and S21 devices powered by Exynos 990 and 2100 chipsets, supporting security patches up to April 2025. The update also adds full‑disk encryption support for Unisoc‑based phones and accelerates password...
Telegram Rises to Top Spot in Job Scam Activity
Revolut’s latest report shows encrypted messaging apps now dominate Authorised Push Payment (APP) fraud, with Telegram accounting for over 58% of job‑related scams. The platform’s share of total APP fraud rose more than 30% year‑over‑year, overtaking WhatsApp in several categories....
Microsoft Expands Windows Restore to More Enterprise Devices
Microsoft has broadened its first‑sign‑in restore experience, part of Windows Backup for Organizations, to include hybrid‑managed devices, multi‑user setups, and Windows 365 Cloud PCs. The feature lets users who sign in with a Microsoft Entra ID account restore personal settings and...
6 Ways Family Offices Can Keep Cybercriminals at Bay
Cybercriminals are increasingly targeting high‑net‑worth individuals, exploiting the wealth of personal and financial data stored online. The FBI reports $16.6 billion lost to internet‑enabled crimes in 2024, highlighting the scale of the threat. Family offices, positioned as trusted advisors, can extend...
Almost a Third of UK Businesses Hit by Remote Working-Related Cybersecurity Breaches in the Past Year
Almost a third of UK businesses experienced a remote‑working related cyber breach in the past year, with phishing responsible for 85% of incidents. The Cyber Security Breaches Survey 2025 shows larger firms are most affected, reporting breach rates of 67%...
The Use of GenAI Is Turning Innocent Employees Into Insider Threats: Here’s How to Fix It
Enterprise adoption of generative AI tools is soaring, with nearly one in twenty companies regularly using them and internal data uploads to public models increasing thirty‑fold year‑on‑year. Employees often paste confidential contracts or credentials into tools like ChatGPT, unintentionally turning...
Rootly | How to Build an Effective Incident Response Team: Step-by-Step Guide
Meta’s 2021 global outage highlighted how a coordinated, cross‑functional incident response team can limit downtime and reputational harm. The article uses that case to illustrate the challenges smaller firms face when structuring such teams. It outlines essential roles—Incident Commander, Technical...
Banks – and Google – Open to Gemini-Powered Exfil via Public API Keys, Researchers Say
Security firm Truffle Security revealed that publicly exposed Google API keys can be upgraded to full‑access Gemini credentials, enabling data exfiltration from any organization using them. A November scan uncovered 2,863 such keys, affecting major banks, security vendors, and even...
Ribbon and AWS Transform Cloud Deployment for Service Providers and Enterprises
Ribbon Communications announced a strategic collaboration with Amazon Web Services to deliver a cloud‑native, secure voice communications suite on AWS Marketplace. The offering bundles Ribbon’s Session Border Controller, policy routing engine, and centralized management platform as containerized services optimized for...
ResidentBat Android Malware Grants Belarusian KGB Ongoing Mobile Access
ResidentBat is a custom Android spyware implant deployed by the Belarusian KGB to turn seized smartphones into persistent surveillance tools. The malware is sideloaded via Android Debug Bridge after physical access, granting extensive data collection and remote‑wipe capabilities. First disclosed...
The Cyber Resilience Act: Implications for the Global Rail Industry
The EU Cyber Resilience Act (CRA) is set to overhaul security requirements for the global rail supply chain, targeting connected products and software. Nomad Digital hosted a webinar with experts from Alstom, Durham University and its own security team to...
Harvest Now, Decrypt Later: Preparing for the Quantum Hangover
Quantum‑era risk is no longer a distant theory; adversaries are already harvesting encrypted data to decrypt later when quantum computers mature. This "harvest‑now, decrypt‑later" model threatens long‑life information across government, finance, healthcare and private‑sector IP. CEOs must shift focus from...
How We Engineered a Scalable and Performant Enterprise AI Platform
To meet the stringent data‑privacy demands of enterprise insurance, the company abandoned the traditional multi‑tenant SaaS model and built a single‑tenant AI platform where each client receives an isolated database and compute environment. By eliminating middleware and moving business logic...
Trend Micro Patches Critical Apex One Vulnerabilities
TrendAI, the enterprise arm of Trend Micro, released patches for eight vulnerabilities in its Apex One endpoint security suite. Two critical CVEs (2025‑71210 and 2025‑71211) could let remote attackers upload malicious code and execute commands via the management console, while six high‑severity...
Ecommpay Launches Free E-Commerce Fraud Defence Guide
Payments platform Ecommpay released a free whitepaper titled “E‑commerce fraud defence: A quick guide for merchants.” The guide details nine top fraud threats, including friendly fraud, refund fraud, account takeover and AI‑powered deepfakes, and offers actionable mitigation tactics. Ecommpay claims...
Samsung SDS Identifies Top Cybersecurity Threats of 2026 as AI Risks Escalate
Samsung SDS released its 2026 cybersecurity outlook, highlighting five priority threats: AI‑driven attacks, ransomware, cloud misconfigurations, phishing/account takeovers, and data security gaps. The report, based on 667 Korean security professionals, warns that generative AI and autonomous agents will intensify phishing,...
Wireshark 4.6.4 Resolves Dissector Flaws, Plugin Compatibility Issue
Wireshark 4.6.4 releases address two critical dissector vulnerabilities—a crash in the HTTP3 dissector and an infinite loop in the MEGACO dissector. The update also resolves a plugin compatibility problem introduced by an API/ABI change in version 4.6.1, restoring functionality for...
How AI Could Impact Tax Season Security This Year
The IRS Criminal Investigation report shows tax‑related financial crimes hit $4.5 billion in FY 2025, a 111.8 % jump from the prior year, signaling heightened risk this tax season. Cybercriminals are leveraging generative AI to produce hyper‑personalized phishing, deepfake voice and video scams,...
Intellicheck Desktop Application Helps Organizations Combat Identity Theft
Intellicheck launched an enriched Desktop Application that lets organizations of any size stop identity theft and fraud instantly, without needing system integration. The solution works with existing scanners, incurs minimal cost, and stores transaction history securely in the cloud via...
MHCLG Publishes New Local Government Reorganisation Digital and Cyber Playbook
The Ministry of Housing, Communities and Local Government (MHCLG) has released a Local Government Reorganisation Digital and Cyber Playbook to help councils navigate digital, data and cybersecurity challenges during structural changes. Developed with input from local and central government, sector...
Tailscale and LM Studio Introduce ‘LM Link’ to Provide Encrypted Point-to-Point Access to Your Private GPU Hardware Assets
LM Studio and Tailscale have launched LM Link, a feature that lets developers access remote GPU rigs as if they were locally attached. The solution replaces public APIs and SSH tunnels with a private, WireGuard‑encrypted tunnel built on Tailscale’s userspace tsnet...
_(36).jpg)
Security for Smart Devices – Time to Step Forward because There's Nowhere to Hide
From 4 March 2026 the Australian government will enforce minimum security standards for all smart devices sold in the market, shifting compliance from voluntary guidance to mandatory requirement. The IoT Alliance Australia (IoTAA) is spearheading a voluntary Security Labelling Scheme, slated to...
Tassie Cybersecurity Scaleup Upguard Pockets $105 Million Series C
UpGuard, the Hobart‑based cybersecurity firm, closed a $75 million Series C round led by Springcoast Capital, with participation from August Capital, Square Peg and Pelion Venture Partners. The capital will accelerate development of its AI‑powered cyber‑risk posture management (CRPM) platform, expand go‑to‑market operations,...
Keeper Security Integrates Kyber to Provide Quantum-Resistant Identity Protection
Keeper Security announced integration of the Kyber key encapsulation mechanism across its platform to deliver quantum‑resistant identity protection. The hybrid approach layers lattice‑based Kyber on existing elliptic‑curve primitives, securing backend APIs, Keeper Commander, and upcoming mobile apps. This rollout aligns...
Singapore’s Approach to Building a Resilient Digital Future
Singapore is bolstering its cybersecurity ecosystem through a multi‑pronged strategy that includes large‑scale cyber‑drills, senior leadership training, and youth programmes to grow a skilled talent pipeline. The Cyber Security Agency and the Ministry of Digital Development coordinate rapid response to...
Medical Device Maker UFP Technologies Warns of Data Stolen in Cyberattack
UFP Technologies, a $600 million medical‑device maker, disclosed a cyberattack detected on February 14 that compromised several IT systems. The company isolated the breach, removed the threat and engaged external advisors, but confirmed that data was stolen and some functions, such as...
Simplify MSP Technician Authentication with Duo Delegated Access
Cisco Duo unveiled Delegated Access, a feature that lets Managed Service Provider (MSP) technicians authenticate to client applications using a single Duo user account. The solution centralizes MFA policy, logs, and monitoring on the parent account while granting access to...
Clalit Probes Suspected Cyberattack After Iranian-Linked Hackers Leak Patient Files
Clalit Health Services, Israel’s largest HMO, announced it is probing a suspected cyberattack after the Iranian‑linked group Handala claimed to have breached its systems. The hackers released thousands of documents containing patients' personal and medical information on public platforms. Clalit...
Singapore Sees Cyber Scams Soar 61% as Global Taskforce Warns of Widespread Crime
The Financial Action Task Force (FATF) warned that cyber‑enabled fraud is now a top money‑laundering threat in 90% of the jurisdictions it assessed. Singapore alone saw a 61% jump in scam cases over the past two years, while the United...
US Cybersecurity Agency CISA Reportedly in Dire Shape Amid Trump Cuts and Layoffs
U.S. Cybersecurity and Infrastructure Security Agency (CISA) is reportedly operating at roughly 38% of its pre‑Trump staffing levels, after losing about one‑third of its workforce during the administration’s first year. The cuts have crippled core programs, including the counter‑ransomware initiative...
Five Stages to Secure Military Operational Technology Using Zero Trust and Risk Operations Centers
The Pentagon released an OT‑specific zero‑trust roadmap, the “fan chart,” outlining 84 baseline and 21 advanced activities to protect military operational technology. The guidance emphasizes asset visibility, risk‑operations centers, network segmentation, passive monitoring, and AI‑driven automation. Agencies are urged to...
