News•Feb 25, 2026
Arctic Wolf Snaps up Sevco Security to Bolster Exposure Management
Arctic Wolf announced the acquisition of Texas‑based Sevco Security, a cloud‑native exposure assessment specialist, for an undisclosed amount. Sevco’s platform, recognized as a Gartner Visionary in 2025, will be folded into Arctic Wolf’s Aurora platform to unify asset intelligence, vulnerability context, and control coverage. The integration aims to give managed‑service providers and enterprise customers real‑time visibility and prioritized remediation across hybrid environments. This deal follows Arctic Wolf’s 2025 purchases of Cylance and UpSight, reinforcing its broader consolidation strategy.
By ITPro (UK)
News•Feb 25, 2026
Chinese Group’s ChatGPT Use Reveals Worldwide Harassment Campaign Against Critics
OpenAI’s latest threat report reveals a Chinese law‑enforcement unit using ChatGPT to edit internal briefings and draft a propaganda push against Japan’s prime minister. The single account uploaded dozens of operation reports, exposing a coordinated effort involving mass posting, bogus...
By CyberScoop
News•Feb 25, 2026
EnforceAuth Free Version Gives Enterprises AI-Native Auth for AI Agents, Machine Identities & Non-Human Workloads
EnforceAuth announced a free tier of its AI Security Fabric, giving enterprises a vendor‑neutral platform to govern AI agents, automated workflows, and machine identities. The solution shifts from traditional access control to decision‑centric authorization, evaluating each action with full context...
By MarTech Series
News•Feb 25, 2026
The Missing Link Moves Into Infosys’ North Sydney Office
Cyber‑security specialist The Missing Link, acquired by Infosys in May 2025, has moved from Artarmon to Infosys’ North Sydney office. The relocation creates an upgraded Global Security Operations Centre offering 24/7 monitoring and services aligned with the Australian Signals Directorate’s Essential Eight....
By ARN (Australia)
News•Feb 25, 2026
Boards Don’t Need Cyber Metrics — They Need Risk Signals
Security teams flood boards with counts of attacks, patches, and alerts, but executives need signals that translate those numbers into business risk. Experts argue that time‑based metrics like detection and containment speed, and financial exposure indicators, better reveal whether risk...
By CSO Online
News•Feb 25, 2026
U.S. Sanctions Russian Broker Over Zero-Day Exploits Theft
The United States has sanctioned Russian cyber‑exploit broker Operation Zero, its director Sergey Zelenyuk, and a UAE‑based front company for stealing eight zero‑day vulnerabilities from a U.S. defense contractor. Australian insider Peter Williams allegedly sold the exploits for roughly $1.3 million...
By The Cyber Express
News•Feb 25, 2026
Threat Actors Exploit Apache ActiveMQ Vulnerability to Gain RDP Access, Deploy LockBit Ransomware
Threat actors leveraged the critical Apache ActiveMQ flaw CVE‑2023‑46604 to achieve remote code execution, download a Metasploit stager via CertUtil, and gain SYSTEM privileges on a Windows host. After dumping LSASS credentials, they moved laterally using a harvested domain‑admin account,...
By GBHackers On Security
News•Feb 25, 2026
OAuth Vulnerabilities in Entra ID Could Exploit ChatGPT to Breach User Email Accounts
Security researchers have identified a new OAuth consent attack vector in Microsoft Entra ID where a legitimate service principal such as ChatGPT is granted high‑risk Graph permissions like Mail.Read. By tricking users into approving a consent screen, attackers obtain persistent...
By GBHackers On Security
News•Feb 25, 2026
Secfix Raises $12M Series A to Build End-to-End Security Compliance Platform
Munich‑based Secfix closed an oversubscribed $12 million Series A round led by Alstin Capital, with Bayern Kapital and existing backer neosfer participating. The funding will accelerate Secfix’s European expansion and the development of its AI‑native automation and CISO‑as‑a‑Service capabilities. Secfix’s platform automates...
By Tech.eu
News•Feb 25, 2026
Microsoft Alerts Developers of Malicious Next.js Repositories Used in Ongoing Hacker Attacks
Microsoft Defender has identified a coordinated campaign that weaponizes seemingly legitimate Next.js repositories to compromise developers. The malicious projects, often presented as interview assessments, exploit Visual Studio Code workspace automation, build‑time scripts, and server startup routines to fetch and execute...
By GBHackers On Security
News•Feb 25, 2026
From the Outside In: A Smarter Approach to Vendor Access
Security teams increasingly view vendors and contractors as the most vulnerable entry points, exposing gaps in traditional employee‑centric access controls. Boon Edam advocates an “outside‑in” strategy that places layered verification at the perimeter, limiting tailgating and ad‑hoc credential use. By shifting...
By Security Magazine – Building Security
News•Feb 25, 2026
Fake Zoom Meeting Silently Installs Surveillance Software, Says Malwarebytes
Malwarebytes uncovered a new fake‑Zoom meeting scam that silently installs a covert build of the Teramind employee‑monitoring tool on Windows workstations. Victims are lured by a realistic Zoom waiting room, then an automatic “Update Available” countdown triggers a silent download...
By CSO Online
News•Feb 25, 2026
Ransomware Is the Invoice for Compounding Technical Debt
Ransomware attacks are increasingly being framed as the overdue invoice for years of accumulated technical debt. Experts highlight that identity sprawl, inconsistent patching, and legacy backup systems create fertile ground for ransomware to cripple organisations. A Rubrik survey found 95%...
By ARN (Australia)
News•Feb 25, 2026
Beyond the Queue: Smarter Security Will Ultimately Shape the Future of Global Air Travel
Airports in 2026 face a rapidly evolving threat matrix that blends physical, digital and human risks, from sophisticated stowaways and drone incursions to a 600% surge in cyber‑attacks. Balancing passenger convenience with robust security is no longer optional—it defines the...
By CAPA – Centre for Aviation
News•Feb 25, 2026
Sektor Signs up Concentric AI to A/NZ Distie Portfolio
Sektor has entered a distribution agreement with AI and data‑security‑governance vendor Concentric AI to serve the Australian and New Zealand market. As an authorised distributor, Sektor will equip its channel partners with enablement, go‑to‑market support and local expertise, positioning Concentric AI’s platform for...
By ARN (Australia)
News•Feb 24, 2026
Phishing Campaign Targets Freight and Logistics Orgs in the US, Europe
A financially motivated group called Diesel Vortex has been running a phishing campaign against freight and logistics operators in the U.S. and Europe since September 2025. Using 52 domains and Cyrillic homoglyph tricks, the actors stole 1,649 unique credentials from...
By BleepingComputer
News•Feb 24, 2026
What Does Business Email Compromise Look Like?
Business email compromise (BEC) continues to surge, costing $2.7 billion in 2022—a 12.5% increase over the prior year. Attackers masquerade as CEOs, HR staff, or trusted vendors, using deep reconnaissance, AI‑generated voice cloning, fake invoices, QR codes, and conversation hijacking to...
By CSO Online
News•Feb 24, 2026
What Are the Types of Ransomware Attacks?
Ransomware has evolved into a multi‑strain ecosystem, ranging from classic crypto ransomware that encrypts data to double‑extortion variants that also threaten public leaks. Newer models such as encryption‑less, locker, scareware, and Ransomware‑as‑a‑Service (RaaS) broaden the attack surface and lower the...
By CSO Online
News•Feb 24, 2026
Q&A: Palo Alto’s Eric Trexler Urges Identity-First, AI-Secure, Platformized Cyberdefenses
Eric Trexler, senior VP for the public sector at Palo Alto Networks, highlighted the federal government’s massive, fragmented cyber‑attack surface and the $27 billion FY 2025 cybersecurity budget, of which roughly $1.8 billion targets identity management. He noted that while agencies have made...
By FedTech Magazine
News•Feb 24, 2026
US Imposes Cyber-Related Sanctions on Russian, UAE Individuals and Entities
The U.S. Treasury announced cyber‑related sanctions on four individuals and three entities, including parties in Russia and the United Arab Emirates. The measures target those involved in acquiring and distributing malicious cyber tools that threaten U.S. national security. The sanctions...
By Al-Monitor – All
News•Feb 24, 2026
1Password’s Annual Subscription Plans Are Getting a Price Hike Next Month
1Password announced a price increase for its annual plans effective March 27 2026. Individual subscriptions will rise to $47.88 per month and family plans to $71.88 per month, representing a $12 yearly bump. The company attributes the hike to added value and...
By 9to5Google
News•Feb 24, 2026
Lift Cybersecurity, Warns Report
Australian government agencies are urged to upgrade cybersecurity after Cisco and the University of Canberra released the "Securing the Nation" report. The study highlights that 59% of federal agencies view legacy, end‑of‑life technology as a top security challenge and warns...
By Government News (Australia)
News•Feb 24, 2026
Discord Is Delaying Its Controversial Age Verification Methods Due to Backlash: ‘We’ve Made Mistakes’
Discord announced a global age‑verification rollout featuring facial scans and ID uploads, but user backlash forced a delay. CTO Stanislav Vishnevskiy admitted the company failed to explain the process clearly, especially after a 2024 breach that exposed 1.5 TB of verification...
By Destructoid
News•Feb 24, 2026
DISA's $201M Browser Contract Shows Resellers Still Have a Role to Play
DISA has issued a $201 million solicitation for cloud‑based internet isolation (CBII), requiring authorized Menlo Security resellers to deliver a managed service. Menlo Security supplies the underlying remote‑browser platform, while resellers will operate, integrate, and support the solution within DISA’s security...
By Washington Technology
News•Feb 24, 2026
ADVP Expects Digital Identity Consultation to Play by Rules of Data Act, DIATF
The Association of Digital Verification Professionals (ADVP) has urged the UK government to shape its upcoming digital‑identity consultation around the Data (Use and Access) Act 2025, warning that a single, government‑only wallet would lock out the private sector. ADVP argues...
By Biometric Update
News•Feb 24, 2026
Blumira Lands in Pax8 Marketplace, MSPs Get a Scalable Path to Managed SIEM
Blumira has entered the Pax8 Marketplace, allowing managed service providers (MSPs) to purchase, provision, and bill a full‑stack security operations platform through the same portal they use for cloud services. The integration eliminates separate sales and onboarding steps, enabling MSPs...
By ChannelE2E
News•Feb 24, 2026
‘It’s Not over’: Cyber Info-Sharing Center Begins ‘Next Chapters’ After Losing Federal Funding
The Multi-State Information Sharing and Analysis Center (MS-ISAC) lost its federal grant in September 2025 and transitioned to a dues‑paying model. Sixteen states and territories are now full members, while eight additional states have purchased services for all their agencies....
By Route Fifty — Finance (section)
News•Feb 24, 2026
Accelerating Federal Cloud Modernization
Federal agencies are accelerating cloud modernization, but must first close gaps in data readiness, cybersecurity, and legacy infrastructure. Officials from the Centers for Medicare & Medicaid Services, the Department of Energy, and NinjaOne discussed prerequisites for hybrid and multi‑cloud success....
By GovernmentCIO Media & Research
News•Feb 24, 2026
Cost of Insider Incidents Surges 20% to Nearly $20m
The DTEX Cost of Insider Risks 2026 report, based on 8,750 security practitioners, finds average insider‑related losses of $19.5 million per organization, with employee negligence—largely driven by shadow AI—accounting for 53% of that cost. Negligence losses rose 17% year‑on‑year, pushing total...
By Infosecurity Magazine
News•Feb 24, 2026
Google Patches Three High-Severity Chrome Flaws
Google released a Chrome security update that fixes three high‑severity vulnerabilities (CVE‑2026‑3061, CVE‑2026‑3062, CVE‑2026‑3063). Two of the flaws involve out‑of‑bounds memory reads, while the third adds out‑of‑bounds writes in the WebGPU shader compiler. The bugs affect Chrome’s media stack, the...
By eSecurity Planet
News•Feb 24, 2026
Marquis Sues Firewall Provider SonicWall, Alleges Security Failings with Its Firewall Backup Led to Ransomware Attack
Fintech firm Marquis has filed a lawsuit against firewall vendor SonicWall, alleging that a 2025 breach of SonicWall’s cloud backup service exposed critical firewall configuration data. The compromised backup files allegedly gave threat actors the keys to bypass SonicWall defenses,...
By TechCrunch Fintech
News•Feb 24, 2026
Greater Pittsburgh Orthopaedic Associates Disclosed a 2025 Breach, but Was There Also One in 2024?
Greater Pittsburgh Orthopaedic Associates disclosed a data breach that began around August 10, 2025, affecting tens of thousands of patients. The group reported 35,000 records to HHS in August 2025, but a February 2026 filing to the Maine Attorney General raised the figure...
By DataBreaches.net
News•Feb 24, 2026
Multifaceted Phishing Scheme Deceives Bitpanda Customers
Cybersecurity firm Cofense uncovered a sophisticated phishing campaign that impersonates cryptocurrency broker Bitpanda. The fake site replicates Bitpanda’s login and adds a counterfeit multi‑factor authentication flow to harvest credentials, names, phone numbers, addresses, and birth dates. Attackers host the clone...
By Infosecurity Magazine
News•Feb 24, 2026
Mobile Credentials Provide Safer, More Seamless Security: HID
Mobile credentials are rapidly gaining traction in higher‑education campuses and commercial‑real‑estate portfolios, driven by seamless integration with smart‑building and HR systems. HID’s 2025 State of Security and Identity report shows that 69% of security leaders have deployed or plan to...
By Facilities Dive
News•Feb 24, 2026
SMEs Urged by Government to “Lock the Door” Against Cybercriminals
The UK Government has launched a new campaign urging small‑ and medium‑size enterprises to adopt the Cyber Essentials framework after research showed that 50% of SMEs suffered a cyber attack in the past year. The study also revealed that cyber...
By Startups.co.uk
News•Feb 24, 2026
How to Use Cyber-Deception in Your Security Strategy
Cyber deception is gaining prominence as AI‑driven threats rise, prompting the UK NCSC to champion its wider use. The approach relies on high‑fidelity decoys—honeypots, fake credentials, and canary tokens—to generate early breach signals and expose lateral movement. While plug‑and‑play tools...
By ITPro
News•Feb 24, 2026
Enterprises Still Can't Get a Handle on Software Security Debt – and It’s only Going to Get Worse
Enterprises are wrestling with a surge in software security debt, with 82% reporting heightened vulnerability backlogs—a rise of 11% year‑over‑year. Critical flaws now account for 60% of that debt, and high‑risk, highly exploitable issues jumped 36% in the same period....
By ITPro
News•Feb 24, 2026
Sendmarc Releases DMARCbis Fireside Chat Featuring Co-Editor Todd Herr
Sendmarc has published a fireside chat with DMARCbis co‑editor Todd Herr, outlining the draft’s progress toward Proposed Standard status. The discussion details upcoming tag revisions, clearer reporting expectations, and a DNS tree‑walk method for receiver‑side domain discovery. Herr emphasizes that...
By HackRead
News•Feb 24, 2026
How to Maximize DDoS Readiness with Proactive Protection Strategies
Cyber Security Intelligence reports a surge in DDoS attacks in 2025, with assaults escalating from gigabyte to terabyte volumes. The article outlines proactive protection steps, starting with comprehensive risk assessments that inventory public‑facing assets and establish traffic baselines. It then...
By HackRead
News•Feb 24, 2026
How to Use Intune App Protection without MDM Enrollment
Microsoft Intune now lets organizations protect corporate data on BYOD devices without enrolling them in a full MDM solution. By applying app‑protection policies to apps that embed the Intune SDK, IT can enforce PINs, data‑sharing restrictions, and multi‑identity separation. Conditional...
By TechTarget SearchERP
News•Feb 24, 2026
How Camunda’s Skyflow Connector Helps Regulated Organizations Orchestrate Sensitive Data Safely
Camunda introduced a Skyflow connector that tokenizes and de‑identifies PII/PHI within BPMN workflows. The connector forwards selected fields to Skyflow’s vault, replaces them with tokens, and permits controlled re‑identification only at approved steps. This approach shrinks the cleartext data footprint...
By Camunda – Blog
News•Feb 24, 2026
Hackers Threaten to Leak 8 Million People’s Stolen Data if Dutch Telecom Odido Won’t Pay Ransom
Dutch telecom operator Odido confirmed a breach by the Shinyhunters cyber‑criminal group, which claims to have exfiltrated data on up to eight million customers. The attackers are demanding more than one million euros in ransom and have issued a final...
By DataBreaches.net
News•Feb 24, 2026
Ukraine Pushes Tighter Telegram Regulation, Citing Russian Recruitment of Locals
Ukrainian officials are urging tighter regulation of Telegram after Russian intelligence allegedly used the app to recruit saboteurs for attacks, including a deadly Lviv strike that killed a police officer. Interior Minister Ihor Klymenko and SBU deputy head Ivan Rudnytskyi...
By The Record by Recorded Future
News•Feb 24, 2026
Slotegrator Introduces an AI-Powered Anti-Fraud Assistant
Slotegrator has launched an AI‑powered anti‑fraud assistant for iGaming operators, turning existing dashboard metrics into concise, structured insights. The tool does not create new data or make autonomous blocking decisions, instead offering analytical recommendations for human review. It targets new...
By IT News Africa
News•Feb 24, 2026
Some Patients Listed as “Charlie Kirk” Or Dead After Major NZ Health App MediMap Hacked
New Zealand health‑tech firm MediMap was forced offline after an unauthorized intrusion altered patient records, including changing names to “Charlie Kirk” and marking individuals as deceased. The breach affected dozens of providers in aged‑care, disability, hospice and community settings, prompting the...
By DataBreaches.net
News•Feb 24, 2026
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Security firm Orca disclosed a critical vulnerability in GitHub Codespaces that lets attackers exfiltrate the automatically generated GITHUB_TOKEN and seize full control of a repository. The exploit, dubbed RoguePilot, leverages malicious content hidden in a GitHub issue, symbolic links, and...
By SecurityWeek
News•Feb 24, 2026
Windows 11: A Guide to the Updates
Microsoft’s Windows 11 25H2 update consolidates a year’s worth of incremental features and security patches, delivering enhancements such as AI‑driven File Explorer actions, Quick Machine Recovery, and enterprise‑grade Wi‑Fi 7 support. Recent out‑of‑band builds address critical bugs, from Remote Desktop sign‑in...
By Computerworld – IT Leadership
News•Feb 24, 2026
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs
TeamT5, a Taiwan‑based cybersecurity firm, confirmed that CVE‑2024‑7694 – a privilege‑escalation flaw allowing malicious file uploads and arbitrary command execution – was likely weaponized by Chinese advanced persistent threat groups Slime57 and Slime62. The vulnerability, patched in August 2024, was exploited...
By SecurityWeek
News•Feb 24, 2026
Enterprise Risk Management and Cybersecurity: Closing the Gap in Risk Governance
APQC’s new research highlights the critical gap between cybersecurity and enterprise risk management, revealing that only 41 % of organizations have integrated cyber risk into their ERM processes. The study introduces the Cyber‑ERM Integration Index, which measures governance alignment, risk quantification,...
By APQC Blog
News•Feb 24, 2026
Identity Prioritization Isn't a Backlog Problem - It's a Risk Math Problem
Identity programs still rank remediation like IT tickets, ignoring context. The article argues that true prioritization must treat identity risk as a function of controls posture, hygiene, business impact, and user intent, not just checklist completion. When these factors align,...
By The Hacker News