6,000 AWS Accounts, Three People, One Platform: Lessons Learned
ProGlove runs a SaaS platform on AWS using an account-per-tenant architecture, currently operating about 6,000 tenant accounts—half active—with over 120,000 service instances and a million Lambda functions. The approach gives each customer isolated compute, storage, and IAM boundaries, simplifying security, debugging, and per‑tenant cost attribution. To make this feasible, the team relies heavily on automation tools such as AWS Organizations, Service Control Policies, CloudFormation StackSets, and Step Functions, while centralizing observability through tagging and cross‑account monitoring. Despite the operational shift, the model lets a three‑person ops team scale without proportional headcount growth.
I only Look for This One Feature in a VPN Now
Choosing a VPN today means sifting through countless features, but the author argues that multi‑hop capability is the single most critical attribute. Multi‑hop routes traffic through multiple servers, preventing any one node from seeing both the user’s IP and the...
PCI Council Says Threats to Payments Systems Are Speeding Up
The PCI Security Standards Council published its inaugural 2025 annual report, the first since its 2006 founding, outlining a surge in payment‑system threats and the council’s expanding role. The report highlights accelerated attacks leveraging AI, ransomware incidents such as BridgePay,...
PXL Vision Integrates Deepfake Detection Technique From Research with Idiap
PXL Vision, Idiap Research Institute and Innosuisse have released a deepfake detector integrated into the PXL Ident platform. The tool, developed under the ROSALIND project, targets face‑swapping, reenactment and fully synthetic identities in ID documents. A companion Idiap paper benchmarks...
Space ISAC Launches New Quantum Initiative
Space ISAC has announced a new quantum initiative, launching its first Quantum Community of Interest (COI) meeting on Feb. 25, co‑hosted with MITRE. The COI will explore how quantum technologies can strengthen security and resilience across space systems, which underpin critical...
Researchers Expose Critical Security Vulnerability in Autonomous Drones
UC Irvine computer scientists have uncovered a critical flaw in camera‑based autonomous target‑tracking drones, dubbed the FlyTrap attack. By attaching a specially designed visual pattern to an ordinary umbrella, attackers can trick drones into believing the target is receding, causing...
Resilience: Cyber Risk Shifts From Disruption to Long-Tail Losses
Resilience’s 2025 Cyber Risk Report reveals a decisive shift from ransomware‑focused disruption to extortion attacks that rely on stolen data. Data‑theft‑only extortion claims rose to 65 % of incidents in the second half of last year, turning cyber incidents into multi‑year...
ShinyHunters Claims Wynn Resorts Data Theft
Wynn Resorts disclosed that an unauthorized party accessed employee data after the casino‑hospitality firm appeared on ShinyHunters' extortion leak site. The group claims to have stolen more than 800,000 records, including Social Security numbers, from Wynn's Oracle PeopleSoft HR platform....
DHS Wants More than Biometrics in US-EU Data Sharing Agreement
The United States and the European Union are negotiating the Enhanced Border Security Partnership (EBSP), which would grant visa‑free travel to EU citizens in exchange for access to European biometric databases. The latest draft does not explicitly prohibit the use...
UnsolicitedBooker Targets Telecoms in Central Asia with New Backdoors
The China‑aligned threat group UnsolicitedBooker has begun targeting telecommunications providers in Kyrgyzstan and Tajikistan. The campaign employs two custom backdoors, LuciDoor and MarsSnake, delivered through phishing emails that embed malicious Office macros and loaders such as LuciLoad. These implants can...
Georgia Tech Researchers Highlight Vulnerabilities in Threat Intelligence Sharing
Georgia Tech researchers have uncovered critical weaknesses in the global threat‑intelligence supply chain, highlighting how inconsistent data quality and limited sharing impede rapid response. Their study, presented at the NDSS Symposium, found that while 67% of vendors sandbox suspicious binaries,...
PowerSchool, Chicago Public Schools to Settle Student Data Privacy Lawsuit for $17 Million
PowerSchool and Chicago Public Schools have agreed to a $17.25 million settlement to resolve a class‑action lawsuit accusing the ed‑tech firm of covertly recording student communications. The fund will be divided among more than 10 million potential class members and obligates PowerSchool...
German Startup Launches Gateway to Block Inverter Kill Switches
German startup Solarsecure Tech introduced the SolarSecure Vision gateway, a hardware‑agnostic device installed at the meter connection point that intercepts and validates inverter‑to‑cloud communications. The gateway blocks unverified kill‑switch commands while allowing authenticated signals, including mandatory grid‑operator directives, to pass via a...
New UAC-0050 Social Engineering Campaign Discovered
Russia‑linked threat group UAC‑0550, also known as DaVinci Group, launched a sophisticated social‑engineering campaign against a European financial institution that supports Ukraine. The attackers sent legal‑themed phishing emails from a counterfeit Ukrainian judicial domain, directing victims to download a ZIP...
AI-Powered CVE Research: Winning the Race Against Emerging Vulnerabilities
Praetorian unveiled its AI‑driven CVE Researcher pipeline, automating the end‑to‑end analysis of new vulnerabilities from CISA’s KEV catalog. The system ingests a CVE ID and outputs research reports, technology reconnaissance, asset correlation, and validated Nuclei detection templates within minutes. Reported...
NDSS 2025 – On Borrowed Time – Preventing Static Side-Channel Analysis
The NDSS 2025 paper introduces Borrowed Time, a countermeasure that protects integrated circuits from emerging static side‑channel attacks such as static power analysis, laser logic state imaging, and impedance analysis. By continuously monitoring a device and securely erasing key‑dependent data...
Why “Magic Links” And Passcodes Are Taking over News Logins
News publishers are increasingly replacing passwords with email‑based magic links or one‑time passcodes. Small‑scale outlets using platforms like Ghost, Substack, and Beehiiv cite reduced security overhead and faster onboarding as primary benefits. Industry voices argue that magic links combat password...
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
Scattered LAPSUS$ Hunters (SLH) is paying women $500 to $1,000 per call to conduct voice‑phishing attacks against IT help desks. The group supplies pre‑written scripts and leverages legitimate proxy services and tunneling tools to evade detection. These vishing campaigns aim...
Netskope NewEdge AI Fast Path Reduces Latency for Enterprise AI Workloads
Netskope introduced NewEdge AI Fast Path, a suite of network‑optimizing capabilities that route AI traffic through low‑latency, secure paths across public, private and neo‑cloud environments. The service cuts time‑to‑first‑token for conversational models, speeds up multi‑prompt agentic workflows, and enhances retrieval‑augmented...
The OpenClaw Hype: Analysis of Chatter From Open-Source Deep and Dark Web
OpenClaw, an AI‑driven automation framework with a modular skill marketplace, has sparked intense discussion across developer forums and security‑research channels. Critical flaws—including CVE‑2026‑25253, which enables one‑click remote code execution, and a lack of skill sandboxing—expose users to credential theft and...
Telehealth Privacy and Security Aren’t as Scary as You Think
Telehealth’s rapid expansion has spotlighted privacy and security anxieties among clinicians, largely because these topics were never part of standard medical training. Fear‑driven HIPAA instruction and vague regulatory language amplify uncertainty, while the shift to digital platforms adds perceived technical...
SentinelOne Addresses Identity Risk Across Endpoints, Browsers, and AI Workflows
SentinelOne launched the Singularity Identity portfolio to protect non‑human identities such as AI agents, service accounts, APIs, and workloads. The solution moves beyond static authentication, requiring continuous validation of intent across endpoints, browsers, and AI workflows. By tying identity data...
Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It
The article outlines five common triage failures that inflate business risk, from decisions made without execution evidence to manual, error‑prone processes. It shows how interactive sandboxes—exemplified by ANY.RUN—provide rapid execution evidence, enabling analysts to reach evidence‑backed verdicts within seconds. Reported...
Veza Expands Platform with AI Access Agents for Enterprise Identity Governance
Veza announced the launch of Veza Access Agents, AI‑driven tools that automate identity and access governance for both human users and autonomous AI agents. The agents, built on AWS Bedrock, provide natural‑language interfaces for risk queries, permission visualizations, and AI‑assisted...
CloudCasa Expands Red Hat OpenShift Data Protection Across Edge and Hybrid Cloud
CloudCasa has upgraded its backup and recovery platform to better serve Red Hat OpenShift deployments across core, edge, and hybrid cloud environments. The update adds native SMB protocol support as a backup target, letting customers use existing SMB storage or operator‑deployed...
Why 'Call This Number' TOAD Emails Beat Gateways
Researchers at StrongestLayer analyzed about 5,000 phishing emails that evaded secure email gateways between December 2025 and early 2026. They found that telephone‑oriented attack delivery (TOAD), which consists solely of a phone number, represented roughly 28 % of all bypasses and...
Cherry Bekaert Strengthens AI Security and Compliance Offerings Through Enkrypt AI Alliance
Cherry Bekaert announced a strategic alliance with Enkrypt AI, integrating the firm’s risk and compliance expertise with Enkrypt’s automated AI security platform. The partnership delivers real‑time guardrails, testing, validation, and continuous monitoring to help clients meet emerging standards such as...
South Korea Considers Updates to Data and Cyber Laws
South Korea is preparing amendments to its Network Act and Personal Information Protection Act after a wave of high‑profile data breaches in telecommunications, retail and finance. The revisions aim to tighten data protection, reinforce security governance, and boost the effectiveness...
World-Class Cybersecurity for UK Law Firms and Why It’s More Important than Ever
UK law firms are increasingly targeted by cybercriminals, with 60% of attacks now stemming from credential compromise. Legacy on‑premise systems and fragmented security tools leave firms vulnerable, while modern SaaS platforms like OneAdvanced offer continuous patching, real‑time monitoring, and built‑in...
Malicious NuGet Package Targets Stripe Developers
Security researchers discovered a malicious NuGet package, StripeApi.Net, that mimics Stripe's official .NET library. The typosquatting campaign generated over 180,000 artificial downloads across 506 versions to appear legitimate. Embedded code silently captured Stripe API keys and a machine identifier, sending...
Zyxel Warns of Critical RCE Flaw Affecting over a Dozen Routers
Zyxel has issued security updates to fix a critical remote code execution flaw (CVE‑2025‑13942) affecting more than a dozen of its router, CPE and extender models. The vulnerability exploits the UPnP function and requires both UPnP and WAN access to...
Vega Reederei Picks Inmarsat’s NexusWave for Newbuild Fleet
Inmarsat Maritime has secured a contract to outfit Vega Reederei’s ten new diesel‑electric coaster vessels with its NexusWave bonded connectivity service. The 89‑meter, 3,800‑dwt ships are slated for delivery by July 2026 and will also receive Fleet Secure UTM and endpoint...
.jpg?width=1280&auto=webp&quality=80&disable=upscale)
'Richter Scale' Model Measures Magnitude of OT Cyber Incidents
The Operational Technology Incident (OTI) Impact Score, unveiled at the S4x26 conference, offers a Richter‑scale‑style metric for gauging OT cyber‑attack consequences. It combines severity, reach, and duration into a single figure, with assessments delivered via an online portal within 12...
Romanian National Pleads Guilty to Selling Access to Networks of Oregon State Government Office
Romanian national Catalin Dragomir pleaded guilty to selling unauthorized access to an Oregon state government computer network and to aggravated identity theft. He provided buyers with personal data samples and sold access to multiple U.S. victims, causing at least $250,000...
Spike in Cyberattacks Demand Persistent Tracking at Sea
Cyber attacks on the maritime sector are accelerating, with the cost of a single incident rising to an average of $550,000 between 2022 and 2023. Marinelink’s security operations centre recorded 9 billion security events and more than 10,000 malware detections across...
Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site
Wynn Resorts confirmed that hackers exfiltrated more than 800,000 employee records, including Social Security numbers, after the data appeared on the ShinyHunters leak site on February 20. The casino operator said the stolen data has been deleted and that no guest...
IoT Devices Make Municipal Infrastructure an Easy Target for Cyberattackers
Municipalities are rapidly deploying IoT and OT devices for smart‑city services, but many of these assets remain unsecured. In April 2025, hackers exploited default passwords on audio‑enabled crosswalk buttons in three California cities, using AI‑generated voices to broadcast fake messages....
Manual Processes Are Putting National Security at Risk
More than half of national‑security agencies still move classified data by hand, a practice the CYBER360 report flags as a strategic liability. Manual transfers introduce human error, audit gaps, and exploitable seams that adversaries can weaponize. Legacy platforms, protracted procurement...
Back To Myrtle Beach: Techno East 2026 Returns To The Core Of DFIR
Techno Security & Digital Forensics Conference East returns to Myrtle Beach June 2‑4, 2026, after a two‑decade hiatus. The event features six focused tracks spanning digital forensics, incident response, financial cyber crimes, human exploitation, AI‑driven DFIR, and eDiscovery. Over 100 sessions will...
HDAI Achieves HITRUST R2 Certification, Including New AI Security
Health Data Analytics Institute (HDAI) announced that its core information systems have achieved HITRUST r2 Certification, a rigorous cybersecurity and data protection standard. The certification also incorporates the newly introduced HITRUST AI Security Assessment, providing a structured framework for AI...
$300 a Month Android Malware ‘Oblivion’ Uses Fake Updates to Hijack Phones
A new Android Remote Access Trojan called Oblivion is being sold on the public web for $300 a month, with longer‑term plans up to $2,200. The malware disguises itself as a legitimate Google Play update, hijacking the Accessibility Service to...
Arctic Wolf Snaps up Sevco Security to Bolster Exposure Management
Arctic Wolf announced the acquisition of Texas‑based Sevco Security, a cloud‑native exposure assessment specialist, for an undisclosed amount. Sevco’s platform, recognized as a Gartner Visionary in 2025, will be folded into Arctic Wolf’s Aurora platform to unify asset intelligence, vulnerability...
Chinese Group’s ChatGPT Use Reveals Worldwide Harassment Campaign Against Critics
OpenAI’s latest threat report reveals a Chinese law‑enforcement unit using ChatGPT to edit internal briefings and draft a propaganda push against Japan’s prime minister. The single account uploaded dozens of operation reports, exposing a coordinated effort involving mass posting, bogus...
EnforceAuth Free Version Gives Enterprises AI-Native Auth for AI Agents, Machine Identities & Non-Human Workloads
EnforceAuth announced a free tier of its AI Security Fabric, giving enterprises a vendor‑neutral platform to govern AI agents, automated workflows, and machine identities. The solution shifts from traditional access control to decision‑centric authorization, evaluating each action with full context...
The Missing Link Moves Into Infosys’ North Sydney Office
Cyber‑security specialist The Missing Link, acquired by Infosys in May 2025, has moved from Artarmon to Infosys’ North Sydney office. The relocation creates an upgraded Global Security Operations Centre offering 24/7 monitoring and services aligned with the Australian Signals Directorate’s Essential Eight....
Boards Don’t Need Cyber Metrics — They Need Risk Signals
Security teams flood boards with counts of attacks, patches, and alerts, but executives need signals that translate those numbers into business risk. Experts argue that time‑based metrics like detection and containment speed, and financial exposure indicators, better reveal whether risk...
U.S. Sanctions Russian Broker Over Zero-Day Exploits Theft
The United States has sanctioned Russian cyber‑exploit broker Operation Zero, its director Sergey Zelenyuk, and a UAE‑based front company for stealing eight zero‑day vulnerabilities from a U.S. defense contractor. Australian insider Peter Williams allegedly sold the exploits for roughly $1.3 million...
Threat Actors Exploit Apache ActiveMQ Vulnerability to Gain RDP Access, Deploy LockBit Ransomware
Threat actors leveraged the critical Apache ActiveMQ flaw CVE‑2023‑46604 to achieve remote code execution, download a Metasploit stager via CertUtil, and gain SYSTEM privileges on a Windows host. After dumping LSASS credentials, they moved laterally using a harvested domain‑admin account,...
OAuth Vulnerabilities in Entra ID Could Exploit ChatGPT to Breach User Email Accounts
Security researchers have identified a new OAuth consent attack vector in Microsoft Entra ID where a legitimate service principal such as ChatGPT is granted high‑risk Graph permissions like Mail.Read. By tricking users into approving a consent screen, attackers obtain persistent...
Secfix Raises $12M Series A to Build End-to-End Security Compliance Platform
Munich‑based Secfix closed an oversubscribed $12 million Series A round led by Alstin Capital, with Bayern Kapital and existing backer neosfer participating. The funding will accelerate Secfix’s European expansion and the development of its AI‑native automation and CISO‑as‑a‑Service capabilities. Secfix’s platform automates...
