Cyber Responses Will Be ‘Linked to Adversary Actions,’ Involve Industry: White House
The White House announced that future U.S. cyber responses will be directly linked to specific adversary actions and will involve close coordination with state and local governments as well as private‑sector operators of critical infrastructure. The approach will be codified in an upcoming national cyber strategy that emphasizes a more offensive posture against foreign hackers, especially after recent Chinese intrusions. Existing agencies such as the NSA, CIA and Cyber Command already have authority for offensive operations, but the new framework will formalize industry participation. The strategy’s six‑pillar plan also targets regulatory reform, federal network modernization, emerging‑technology superiority, and a cyber talent pipeline.
HHS Burrows Into Identifying Risks to Health Sector From Third-Party Vendors
HHS is intensifying its focus on third‑party vendor security after the 2024 Change Healthcare ransomware attack, which exploited a remote‑access portal lacking multifactor authentication and exposed the data of about 190 million individuals. The breach threatened the liquidity of the entire...
ONCD Official Says Trump Administration Aims to Bolster AI Use for Defense without Increasing Risk
The Office of the National Cyber Director announced that the Trump administration will accelerate the deployment of AI-driven cyber defensive tools while safeguarding against expanded attack surfaces. Principal Deputy Assistant Cyber Director Alexandra Seymour said the effort will be coordinated...
Automating Unix Security Across Hybrid Clouds
The article introduces a “Patching as Code” framework that automates Unix security updates across hybrid‑cloud environments by containerizing the patching toolchain and driving it through a CI/CD pipeline. A CSV‑based schedule stored in Git triggers a Python controller that launches...
INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown
INTERPOL’s Operation Red Card 2.0, conducted from Dec 8 2025 to Jan 30 2026, resulted in 651 arrests across 16 African nations and the seizure of more than $4.3 million. The eight‑week crackdown exposed scams responsible for roughly $45 million in losses and identified 1,247 victims worldwide....
Better-Auth Flaw Allows Unauthenticated API Key Creation
A critical flaw (CVE‑2025‑61928) in the better‑auth npm library’s API‑key plugin lets unauthenticated actors mint privileged API keys for arbitrary users. The vulnerability stems from improper authorization checks in the createApiKey and updateApiKey handlers, which accept a userId without a...
When Air Gaps Are Not Enough—Managing File and Media Risk in Nuclear Facilities
Urenco, a global uranium enrichment firm, faced fragmented, manual controls for removable media and file transfers across its air‑gapped nuclear facilities. To achieve consistent security, it deployed OPSWAT’s MetaDefender platform, routing all devices through centralized, zero‑trust inspection checkpoints. The solution...
Flaw in Grandstream VoIP Phones Allows Stealthy Eavesdropping
A critical stack‑buffer overflow (CVE‑2026‑2329) was discovered in six Grandstream GXP1600 series VoIP phones, receiving a CVSS score of 9.3. The flaw resides in an unauthenticated web API endpoint that lets attackers overflow a 64‑byte buffer, gain root privileges, and...
MSP Next Dimension Consolidates Security Stack on Todyl Platform
Next Dimension has entered a strategic partnership with Todyl to migrate its managed security services onto Todyl’s cloud‑native platform, unifying SIEM, EDR and MXDR under a single console. The integration replaces fragmented toolsets with AI‑driven, contextual case management, cutting investigation...
Google Blocked over 1.75 Million Play Store App Submissions in 2025
Google reported that in 2025 it blocked more than 1.75 million app submissions and denied 255,000 apps access to sensitive user data on the Play Store. The company also banned over 80,000 developer accounts and added 10,000 new safety checks powered...
Saving Banks From Technical Debt: How Atruvia Built Secure, Self-Service Infrastructure
Atruvia, the backbone of over 900 German cooperative banks, tackled massive technical debt by adopting HashiCorp Terraform and Vault. The shift to infrastructure‑as‑code slashed cluster provisioning from three months to two hours and cut network setup from weeks to minutes....
Chinese Telecom Hackers Likely Holding Stolen Data ‘in Perpetuity’ for Later Attempts, FBI Official Says
The FBI disclosed that the Chinese state‑backed group Salt Typhoon infiltrated dozens of telecom operators worldwide, exfiltrating data from over a million Americans. The hackers accessed U.S. lawful‑intercept systems, targeting communications of senior officials in a campaign that began at least...
How to Create a Mobile Device Management Policy for Your Org
Mobile device management (MDM) policies are now a core governance tool for protecting data across corporate, BYOD, and hybrid workforces. The guide outlines five essential steps—defining purpose, engaging stakeholders, drafting usage rules, setting enforcement, and ongoing review—to build a robust...
CarGurus Purportedly Breached by ShinyHunters
CarGurus disclosed that approximately 1.7 million corporate files were taken by the ShinyHunters hacking group after a voice‑phishing attack compromised its single‑sign‑on credentials on Feb 13. The attackers threatened to publish the data unless negotiations were reached by Feb 20. ShinyHunters has previously...
Federal AI Series: Security Priorities
Federal agencies are rapidly integrating artificial intelligence, prompting heightened focus on securing the underlying data and systems. Zscaler’s Federal Field CTO Chad Tetreault outlined the evolving AI threat landscape, highlighting supply‑chain vulnerabilities, data‑poisoning, prompt‑injection, and emerging agentic AI risks. He...
Remcos RAT Expands Real-Time Surveillance Capabilities
A newly observed Remcos RAT variant now streams webcam footage and transmits keystrokes in real time, shifting from local data storage to direct, encrypted communication with attacker‑controlled servers. The malware decrypts its configuration only at runtime, loads critical Windows APIs...
Palo Alto Networks CEO Sees AI as Demand Driver, Not a Threat
Palo Alto Networks CEO Nikesh Arora told investors AI will drive, not diminish, cybersecurity demand. He argued AI expands attack surfaces, creating new risk categories that require robust security solutions. The company posted 15% year‑over‑year revenue growth to $2.6 billion and...
Analysis: Palo Alto Networks Vs. Everyone
Palo Alto Networks marked the two‑year anniversary of its platformization strategy, a move that initially sank its stock but has since become an industry standard. CEO Nikesh Arora highlighted a “flywheel” effect as new customers consolidate tools onto Palo Alto’s...
ICO Wins Appeal over Data Protection Obligations in Currys Cyber Attack
The UK Court of Appeal upheld the Information Commissioner’s Office decision to fine Currys Group Ltd (formerly DSG Retail) £500,000 for failing to protect personal data after a 2017‑18 cyber‑attack. The ruling confirms that organisations must safeguard all personal data,...
The New Geography of Enterprise Risk
Enterprises are seeing risk migrate from downstream system failures to upstream decision‑making as software adoption cycles shrink. Identity and access management, once a gatekeeper for core systems, now sits at the top of the IT stack, shaping workflows, roles, and...
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia
Group‑IB uncovered a sophisticated fraud campaign that spoofed Indonesia’s Coretax tax platform by distributing counterfeit Android apps. The scheme combined phishing websites, WhatsApp impersonation of tax officers, and voice‑phishing calls to install RATs such as Gigabud.RAT and MMRat, leading to...
University of Mississippi Medical Center Closes All Clinics in Wake of Cyberattack
The University of Mississippi Medical Center (UMMC) suffered a severe cybersecurity breach on Thursday, forcing multiple IT systems offline, including its Epic electronic medical records platform. The outage crippled access to patient data, prompting the Jackson‑based health system to shut...
Connected and Compromised: When IoT Devices Turn Into Threats
The proliferation of consumer and enterprise IoT devices continues unchecked, yet most lack basic security controls such as passwords and encryption. Research presented by Mattia Epifani at RSAC 2026 shows that devices—from Amazon Echo to smart refrigerators—store unprotected audio, credentials, and personal...
Adronite Secures $5M Series A to Scale AI Code Platform
Adronite announced a $5 million Series A round led by Gatemore Capital Management, appointing Gatemore’s Liad Meidar as board chair. The funding will accelerate development of its AI‑powered platform that scans entire software codebases across more than 20 languages, delivering deterministic, explainable...
Criminals Outpacing Banks as Firms Struggle with AI Defence, Report Warns
A new State of Financial Crime 2026 report from ComplyAdvantage reveals that financial institutions are falling behind AI‑enabled criminal networks. Over 600 senior compliance leaders reported 99% detection weaknesses, with only 33% employing AI for core AML functions and manual...
How Medplum Secured Their Healthcare Platform with Docker Hardened Images (DHI)
Medplum, an open‑source headless EHR serving over 20 million patients, migrated its production containers to Docker Hardened Images (DHI) with just 54 lines of code changes across five files. The switch replaced custom hardening scripts with Docker’s secure‑by‑default base images, eliminating...
Google's Air Gapped Cloud Gets "Public-Like" Networking
Google Cloud has unveiled a new networking layer that gives its air‑gapped, confidential computing environments public‑like connectivity. The feature leverages zero‑trust VPC Service Controls to keep workloads isolated while allowing them to communicate with external services as if they were...
Industrial Control System Vulnerabilities Hit Record Highs
Forescout’s 2026 report shows industrial control system (ICS) advisories surpassed 500 in 2025, the highest level since tracking began. The 2,155 CVEs tied to those advisories pushed average CVSS scores above 8.0, reflecting increasingly critical flaws. Manufacturing and energy assets...
Belkasoft Advances AI-Assisted DFIR With Major Update To Belkasoft X And BelkaGPT
Belkasoft released a major update to its DFIR platform Belkasoft X and the offline AI assistant BelkaGPT. The upgrade adds context‑aware conversational Q&A, expands relevance scoring to up to ten artifacts, and introduces a GPU‑enabled BelkaGPT Hub for media processing. It...
How This Cybersecurity Firm’s Graph Database Investment Is Paying Off
Darktrace, fresh from its $5.3 billion Thoma Bravo acquisition, migrated its security platform to Amazon Neptune, a managed graph database, to map threats across complex cloud environments in real time. The shift enables multi‑hop relationship queries that relational databases struggle with at...
Data Protection Failures on Moldovan Portals Leave Citizens at Risk
Moldovan job‑seeker portal cariere.gov.md exposed 7,758 applicant dossiers, including personal IDs, medical forms and criminal records, due to a lack of authentication. The data were accessible simply by altering a URL parameter, revealing nearly 19,000 JSON files. After a researcher...
How MSPs Can Ensure Regulatory Compliance and Secure Sensitive Data
Managed Service Providers (MSPs) serving healthcare, finance and legal sectors must embed regulatory expertise into every service layer to meet HIPAA, SEC, FINRA and related compliance mandates. The article outlines how MSPs can implement encryption, MFA, role‑based access, documentation and...
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
A new phishing kit called Starkiller has emerged on the dark web as a commercial‑grade, subscription‑based service. It proxies live login pages through attacker‑controlled infrastructure, eliminating static HTML templates and allowing real‑time credential capture. By routing authentication traffic through the...
Stephen Chapman Praises UK Passport System, Calls for International Standards to Support National Systems
Stephen Chapman, a veteran UK passport official, lauded the country's end‑to‑end passport issuance system for its efficiency, security, and alignment with ICAO standards. He warned that rising fraud and border‑security threats are driving the adoption of advanced features such as...
Québec Has a New Digital Sovereignty Plan. Will It Work?
Quebec announced a $1.4 billion digital sovereignty plan to shift data hosting and procurement to local providers, aiming to reduce reliance on US tech giants. The policy emphasizes sovereign cloud services, hydro‑powered data centres, and free‑software development. However, recent cost‑overrun scandals...
Using AI to Generate Passwords Is a Terrible Idea, Experts Warn
Cybersecurity firm Irregular found that popular AI chatbots such as ChatGPT, Claude, and Google Gemini generate highly predictable passwords with low entropy. Tests showed repeated strings and narrow character selection, yielding only about 27 bits of entropy for a typical...
PromptSpy Ushers in the Era of Android Threats Using GenAI
ESET researchers have identified PromptSpy, the first Android malware that leverages Google’s Gemini generative AI to maintain persistence on infected devices. The AI receives a real‑time XML snapshot of the screen and returns JSON‑formatted tap instructions, allowing the app to...
USB Drives and the Hidden Front Door Into Secure Systems for Startup Security
Removable media remains a critical attack vector despite the rise of cloud‑based file sharing. Recent Honeywell research shows USB drives are increasingly used to deliver malware in industrial environments, and historic incidents like Stuxnet illustrate how air‑gapped networks can be...
Why Traditional Upskilling Strategies Fall Short in Cybersecurity
Traditional cybersecurity upskilling programs are losing relevance as threats and technologies evolve rapidly. Ha Hoang, CIO of Commvault, argues that organizations now need hybrid talent that blends security fundamentals with automation, cloud, and data‑governance expertise. Conventional certification‑centric paths are too...
How the Cybersecurity and Resilience Bill Could Impact MSPs
The UK Cybersecurity and Resilience Bill (CSRB) cleared its first two parliamentary readings, extending the 2018 NIS Directive to cover Managed Service Providers (MSPs) with at least 50 employees and €10 million turnover—roughly 1,100 firms. The legislation forces these MSPs to...
Paytently Strengthens Regulatory Compliance and Fraud Defence with SEON Partnership
Paytently, a Malta‑licensed payment institution, announced a partnership with fraud‑prevention specialist SEON to embed the latter’s command‑centre technology into its orchestration platform. The integration brings real‑time AML screening, risk scoring, device intelligence and centralized case management to the core of...
Is Poshmark Safe? How to Buy and Sell without Getting Scammed
Poshmark, a leading social‑commerce app for fashion and home goods, is attracting a surge of fraud as the broader $1.1 trillion industry expands. Its 20 % commission on items over $15 pushes users to negotiate off‑platform, exposing them to phishing, counterfeit, and...
More Than 40% of South Africans Were Scammed in 2025
South Africa experienced a staggering 77% scam victimization rate in the 12 months to early 2025, with 42% of adults losing money, averaging $130 per incident. GASA estimates scammers extracted roughly $2.3 billion from over 17.5 million South Africans, equating to about...
Advantest Cyberattack Triggers Ransomware Investigation Across Internal Network
Advantest Corp., a Tokyo‑listed semiconductor test equipment maker, disclosed a cyberattack that surfaced on February 15, when unusual activity triggered its incident‑response protocols. Preliminary analysis suggests an unauthorized third party infiltrated parts of the internal network and deployed ransomware, prompting...
Mozilla Firefox Issues Emergency Patch for Heap Buffer Overflow in Firefox V147
Mozilla released an out‑of‑band update, Firefox v147.0.4, to fix a high‑severity heap buffer overflow in the libvpx video codec (CVE‑2026‑2447). The flaw, discovered by researcher jayjayjazz, could allow attackers to execute arbitrary code by delivering crafted VP8/VP9 video streams. Parallel patches...
Singapore Warns That Vulnerabilities Span the Entire Space Value Chain
Singapore has launched its National Space Agency and warned that cyber‑vulnerabilities permeate every stage of the space value chain, from satellites to ground networks. The February 2022 KA‑SAT attack, which knocked out communications and energy services across Europe, underscored the systemic...
South Africa’s Cybersecurity Challenge Is Not a Tool Problem
South African enterprises are pouring significant budgets into cybersecurity tools, yet breach rates keep rising. The core issue is execution: security teams are overwhelmed by data and lack the capacity to turn visibility into action. Unified platforms like Rapid7’s Command...
Agentic AI Era: Cloud Security Shifts From Asset Protection to Identity-First Zero Trust
At the ETCIO Cloud Summit, leaders from Starbucks India and Jio argued that cloud security must shift from protecting static assets to continuously validating identities, especially as AI agents and autonomous workloads proliferate in hybrid environments. They emphasized that bots,...
Remote Access Abuse Drives Majority of Breaches
Arctic Wolf’s 2026 Threat Report reveals a dramatic shift toward data‑only extortion, which surged from 2% to 22% of incidents in 2025. Remote‑access tool abuse initiated 65% of non‑BEC breaches, while AI‑enhanced phishing powered 85% of BEC attacks. Ransomware remains common,...
From Acceleration to Exposure: Why AI Demands Mature AppSec
AI‑driven development is dramatically speeding code creation, reviews and releases, but application security (AppSec) has not kept pace. Autonomous AI actions now make decisions on dependencies, configurations and remediation, turning isolated flaws into system‑wide risks. When AppSec foundations are immature,...
