Clark: Managing Third- and Fourth-Party Cyber Risk in Trucking Operations
Third‑party vendors are now a primary attack vector for trucking firms, with 35.5% of all data breaches in 2024 traced to external partners—a 6.5% rise year‑over‑year. The report also notes that 4.5% of breaches originated from fourth‑party suppliers, highlighting deep supply‑chain vulnerabilities. Jane Clark recommends continuous vendor assessments, least‑privilege network segmentation, and contract clauses that enforce breach‑notification and liability. Implementing these controls can curb exposure and protect operational continuity.
How Exposed Endpoints Increase Risk Across LLM Infrastructure
Enterprises deploying private Large Language Models are rapidly adding inference APIs, model‑management dashboards, and tool‑calling endpoints. Each new endpoint widens the attack surface, especially when permissions are excessive and credentials remain static. Exposed endpoints let attackers hijack non‑human identities, enabling...
Ukraine Says Cyberattacks on Energy Grid Now Used to Guide Missile Strikes
Russian cyber actors targeting Ukraine’s energy grid have shifted from causing immediate outages to gathering intelligence that guides missile strikes. By mapping facilities, tracking repair crews, and monitoring recovery rates, they provide real‑time data that improves strike accuracy. The number...
Ransomware Gangs Advancing Moscow’s Geopolitical Aims, Romanian Cyber Chief Warns
Romanian officials say recent ransomware attacks on the country’s water agency, oil pipeline operator and coal‑based power producer were part of a coordinated Russian hybrid operation. Groups such as Qilin and Gentlemen, which speak Russian, claimed responsibility, linking the attacks...
The EBA Publishes Follow-Up Report on ICT Risk Assessment Under the Supervisory Review and Evaluation Process
The European Banking Authority released a follow‑up to its 2022 peer‑review on ICT risk assessment under the Supervisory Review and Evaluation Process (SREP). The report finds that competent authorities have markedly strengthened ICT risk supervision, largely due to the Digital...
Attackers Exploit Ivanti EPMM Zero-Days to Seize Control of MDM Servers
Attackers are actively exploiting two critical Ivanti Endpoint Manager Mobile (EPMM) zero‑days (CVE‑2026‑1281 and CVE‑2026‑1340) that allow unauthenticated remote code execution. More than 4,400 EPMM instances are exposed on the public internet, giving threat actors full control of enterprise mobile...
EscalaX Reinforces Its Privacy & Compliance With BidSafe One
EscalaX announced a strategic partnership with privacy‑focused consultancy BidSafe One to strengthen its data‑protection and regulatory compliance posture. The collaboration will help EscalaX optimise consent management and align its operations with GDPR, CCPA/CPRA, IAB TCF and GPP standards. By integrating...
Simbian Launches Autonomous AI Pentest Agent
Simbian unveiled its AI Pentest Agent, the first autonomous penetration‑testing solution that embeds business context to prioritize real‑world risk. Developed with LRQA, the agent delivers on‑demand assessments in hours, replacing periodic manual tests and providing transparent reasoning traces. It operates...
Humanity Unveils Proof of Trust to Tackle AI Fraud
Humanity, a startup building an internet trust layer, announced a shift from its Proof of Humanity model to a broader Proof of Trust framework. The new system lets users verify attributes such as age, residency, and employment without exposing raw...
Google Bans Antigravity Users over OpenClaw Activity, Cites Surge in ‘Malicious Usage’
Google has disabled several Antigravity accounts, including paid Gemini Ultra subscribers, after detecting a sharp rise in malicious activity tied to the open‑source AI agent OpenClaw. The bans target only the Antigravity backend, leaving Gmail, Workspace and other Google services...
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
Iranian APT group MuddyWater has launched Operation Olalampo, targeting organizations across the Middle East and North Africa. The campaign, first seen on Jan 26, 2026, deploys new malware families—GhostFetch, HTTP_VIP, the Rust backdoor CHAR, and the GhostBackDoor implant—delivered via macro‑laden Office...
Noted North Carolina Private Radiology Practice Experiences Data Breach
Triad Radiology Associates, a 50‑year‑old North Carolina imaging practice, disclosed a data breach affecting roughly 11,000 patients. The intrusion, detected in February, likely occurred between late July and September and exposed names, addresses, Social Security numbers and bank account details....
The Hidden Security Cost of Treating Labs Like Data Centers
In a Help Net Security interview, Rich Kellen, VP‑CISO of IFF, warns that treating operational technology (OT) labs like conventional IT data centers creates hidden security risks that can corrupt scientific results and endanger safety. He explains that OT environments...
WARNING: Manual ID Checks Leave Agents ‘Vulnerable to Scams’
Property agents are being warned that manual identity checks expose them to sophisticated scams. SmartSearch reports that 54% of verification checks remain manual, leaving gaps for AI‑generated IDs and deepfake documents. A recent survey of 1,000 decision‑makers shows fraud incidents...
Human-Related Security Risks Rose 90% in 2025
A KnowBe4 report reveals human‑related security incidents surged 90% in 2025, driven largely by social‑engineering attacks and employee error. Email‑based threats grew 57%, with 64% of organizations hit by external attacks exploiting staff inboxes. Human mistakes affected 90% of firms,...
41% of Organizations Have Hired a Fake Candidate
A GetReal Security survey reveals that 41 % of IT, cybersecurity, risk and fraud leaders admit their firms have hired and onboarded a fraudulent candidate, underscoring AI‑driven identity attacks’ real‑world impact. The same study shows 88 % of organizations encounter deep‑fake or...
Vitalik Buterin Floats Simulated Transactions to Enhance Crypto Security
Ethereum co‑founder Vitalik Buterin proposed using transaction simulations to boost wallet and smart‑contract security. He argues that showing users a preview of on‑chain consequences lets them confirm intent before execution. The approach pairs simulations with spending limits and multisig approvals...
Regtech HYPR Introduces Context-Based Attestation, Enhancing Identity Verification Beyond Traditional Checks
HYPR has launched a context‑based attestation framework to strengthen identity verification across hiring, onboarding, and account recovery. The method layers traditional document, location, and biometric checks with internal role data, workflow cues, calendar events, and peer validations. By continuously cross‑referencing...
AI & Data Security: Insights From IBM’s Chief Architect
IBM’s Chief Architect Devan Shah outlines how the company’s OnePipeline platform now supports over 450 developers by shifting from Travis CI to Tekton and Argo CD, trading longer build times for automated security scans. He details the internal AI coding assistant...
North Korea’s Crypto Theft Machine Shows No Signs of Slowing After ByBit Hack : Analysis
Elliptic reports North Korea stole a record $2 billion in cryptocurrency in 2025, pushing its total illicit haul past $6 billion and financing the regime’s weapons programs. The ByBit breach, which yielded $1.46 billion, saw more than $1 billion laundered within six months via...
What Can’t You Say on TikTok?
In this episode, host David Ruiz talks with Malwarebytes senior social media manager Zach Hinkle and content creator MinJi Pae about the sudden technical glitches on TikTok after its ownership transferred to American stewards, which many users interpreted as censorship of...
Mississippi Healthcare System Shuts Down Clinics After Ransomware Attack
The University of Mississippi Medical Center (UMMC) suffered a ransomware attack on February 19 that crippled its Epic EHR, IT network, and phone systems, forcing the shutdown of nearly 30 clinics and a shift to paper‑based documentation. Vice Chancellor LouAnn...
Cache Deception Flaw in SvelteKit And Vercel Stack Exposes User Data
A cache‑deception flaw was found in SvelteKit applications deployed on Vercel, where the `__pathname` query parameter can override request paths and cause private API responses to be cached as public assets. The vulnerability affects any route under `/_app/immutable/`, which Vercel...
NDSS 2025 – The Midas Touch: Triggering The Capability Of LLMs For RM-API Misuse Detection
The episode presents ChatDetector, a novel LLM‑empowered system for detecting misuse of resource‑management APIs (RM‑APIs) in open‑source software. By leveraging a ReAct‑inspired chain‑of‑thought prompting framework and cross‑validation techniques, ChatDetector overcomes LLM hallucinations to accurately extract allocation/release API pairs and constraints,...
Top NATO Allies Believe Cyberattacks on Hospitals Are an Act of War. They’re Still Struggling to Fight Back.
A new POLITICO poll reveals that citizens in the United States, Canada and other key NATO allies overwhelmingly consider cyberattacks on hospitals to be acts of war. Despite this public sentiment, NATO’s official response remains measured, emphasizing diplomatic channels and...
The Hospitality Sector Continues to Be Lucrative Targets
The hospitality sector faced three data breaches this week. Choice Hotels International disclosed a social‑engineering attack that accessed franchisee and applicant records, including names and Social Security numbers, despite multi‑factor authentication. Wynn Resorts is alleged to have had 800,000 employee...
Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack
Security researchers at Veracode uncovered a malicious NPM package named buildrunner-dev that exploits a typosquatting trick to mimic the legitimate buildrunner tool. The package drops a massive batch script that conceals its true commands among random text and then downloads...
Is Your Travel Data Safe with Agentic AI
Agentic AI is rapidly entering the travel sector, automating itinerary management and personalizing experiences. However, its ability to process massive volumes of sensitive travel data introduces new security vulnerabilities. Experts stress encryption, strict access controls, continuous behavior monitoring, and compliance...
Figure Technology Faces Major Data Breach Impacting Nearly One Million Customers
Figure Technology Solutions, the largest non‑bank home‑equity lender, disclosed a data breach affecting roughly 967,000 customer accounts. The breach resulted from a social‑engineering (vishing) attack on a single employee, allowing the ShinyHunters group to exfiltrate personal identifiers such as names,...
Predator Spyware Hooks iOS SpringBoard to Hide Mic, Camera Activity
Intellexa’s Predator spyware can silently record iPhone camera and microphone feeds by hijacking iOS 14’s SpringBoard UI layer. Using a kernel‑level hook called HiddenDot::setupHook, the malware nullifies the SBSensorActivityDataProvider, preventing the green and orange privacy dots from ever lighting up. Jamf’s...
NDSS 2025 -DUMPLING: Fine-Grained Differential JavaScript Engine Fuzzing
Researchers at EPFL and KIT introduced DUMPLING, a fine‑grained differential fuzzer that instruments JavaScript engines rather than the input code. By extracting detailed execution state dumps from both interpreted and JIT‑compiled paths, DUMPLING can spot subtle divergences that traditional fuzzers...
Amazon: AI-Assisted Hacker Breached 600 Fortinet Firewalls in 5 Weeks
Amazon’s Integrated Security team warned that a Russian‑speaking threat actor leveraged generative AI services to automate a campaign that compromised more than 600 FortiGate firewalls in 55 countries between Jan 11 and Feb 18, 2026. The attackers scanned for internet‑exposed management ports,...
This Is How You Do It: Dentist Speaks Out After Practice Hit by Cyber Attack
Grange Dental Care in Northern Ireland suffered a cyber attack on Thursday morning, resulting in fraudulent invoice emails being sent from its system. The breach was identified at 9:50 am, and the dentist immediately alerted his IT provider, who halted the...
Discord’s Age Verification Data Has a Frontend Leak — Now What?
Discord’s new age‑verification system, powered by identity vendor Persona, has a critical frontend exposure. Security researchers discovered that verification components are reachable on the public web, potentially revealing users’ age‑related data. The flaw adds urgency to Discord’s 2026 compliance roadmap,...
IoTeX Confirms ‘Suspicious Activity’ Involving Token Safe, Says Losses Contained
Decentralized identity platform IoTeX confirmed a breach of one of its token safes, with on‑chain analyst Specter estimating losses around $4.3 million across USDC, USDT, IOTX and WBTC. The project’s team is working with major exchanges and security partners to trace...
Can Microsoft Teams Chat Be Monitored?
Microsoft Teams chat can be monitored using native Microsoft 365 compliance features and third‑party solutions. Monitoring requires an E5 license or an E3 plan with the E5 Compliance add‑on, after which admins enable communication‑compliance, assign roles, and create policies. Tools such...
Anthropic Debuts Claude Code Security – AI Now Scan Vulnerabilities in Your Entire Codebase
Anthropic launched Claude Code Security, an AI‑driven tool that scans entire codebases for vulnerabilities and suggests patches. Powered by Claude Opus 4.6, it uses frontier reasoning to map data flows and identify complex bugs that traditional SAST tools miss. Internal tests...
Best Cyber Security Consulting Companies
The explosion of IoT and IIoT devices—projected at 200 billion—has dramatically widened the cyber‑attack surface, prompting organizations to treat security as a core priority. A recent Gartner study shows cybersecurity now eclipses AI and cloud as the top CIO spend, fueling...
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
EC‑Council announced its Enterprise AI Credential Suite, adding four role‑based AI certifications and an updated Certified CISO v4 program. The launch targets the estimated $5.5 trillion global AI risk exposure and a U.S. reskilling gap of 700,000 workers. It aligns with recent...
Resource: Privacy Law Directory — Codamail
Codamail has launched a Privacy Law Directory that maps data‑protection, surveillance and intelligence frameworks across 21 jurisdictions, including the United States, the European Union and key international partners. The resource is organized around the Five, Nine and Fourteen Eyes intelligence...
The White House Scrapped SBOMs in Favor of Agency-Managed Cyber Risk. Flexibility, Meet Accountability.
The Office of Management and Budget has withdrawn the mandatory software bill of materials (SBOM) requirement, replacing it with a risk‑based menu of options for federal agencies. This shift moves compliance from a prescriptive checklist to agency‑driven risk assessment, granting...
AI Apps On The Google Play Store Are Leaking Customer Data And Photos
AdGuard is offering its Family Plan as a lifetime subscription for $15.97 through February 22, covering up to nine devices. The deal bundles enterprise‑grade ad blocking, tracker suppression, malware and phishing protection, and built‑in parental controls. Users receive continuous updates without...
HID Reports Delicate Opportunity for Biometrics Adoption in Shaky Trust Environment
HID’s 2026 State of Security and Identity Report, based on a survey of over 1,500 security and IT leaders, shows digital identity management is a top priority for 73% of respondents. Three‑quarters of organizations have already deployed or are evaluating...
Romanian Hacker Faces up to 7 Years for Breaching Oregon Emergency Management Department
A 45‑year‑old Romanian national, Catalin Dragomir, pleaded guilty to breaching Oregon’s Department of Emergency Management in June 2021 and selling the compromised access for roughly $3,000 in Bitcoin. The hacker also infiltrated ten additional U.S. companies, generating at least $250,000...
Media Authentication an Emerging Front in Battle Against Deepfakes: Microsoft Report
Microsoft released a report on media integrity and authentication (MIA), detailing techniques such as C2PA provenance, imperceptible watermarking, and soft‑hash fingerprinting to verify digital content origins. The study concludes that no single method can stop deepfakes, urging a layered approach...
5 Things To Know On Anthropic’s Claude Code Security
Anthropic announced that its Claude Code platform will now include Claude Code Security, an AI‑driven vulnerability‑scanning feature that reads and reasons about code like a human researcher. The tool, launched in a limited research preview, aims to uncover complex issues...
Apache Tomcat Vulnerability Circumvents Access Rules
Apache Tomcat’s CVE‑2026‑24733 vulnerability allows attackers to bypass security constraints that permit HEAD but deny GET requests by sending a malformed HEAD request using the obsolete HTTP/0.9 protocol. The flaw stems from Tomcat’s legacy handling of HTTP/0.9, which does not...
Des Moines ANGB to Gain ANG Cyber Operations Squadrons
The Department of the Air Force has chosen Des Moines Air National Guard Base in Iowa as the preferred site to convert reassigned manpower into Air National Guard cyber operations. The 2025 defense budget eliminated half of the ANG Tactical...
Fort Gordon to Gain ANG Cyber Operations Squadrons
The Department of the Air Force has chosen Fort Gordon, Georgia, as the preferred site for two new Air National Guard cyber operations squadrons. The 117th Air Control Squadron will be inactivated at Hunter Army Airfield, releasing manpower that will...
Fusaka Upgrade Fuels Record Address Poisoning on Ethereum
The recent Fusaka upgrade slashed Ethereum gas fees by sixfold, creating record‑low transaction costs. This price drop sparked a dramatic rise in address‑poisoning attacks, with daily dust transactions jumping from roughly 30,000 to 167,000 and peaking at 510,000. In just...
