Fortanix and NTT DATA Partner to Solve Challenges Around Data Sovereignty and Security for AI Factories With NVIDIA
Fortanix, NTT DATA and NVIDIA have launched a joint service that lets Indian enterprises run AI Factories within hardware‑based secure enclaves. The offering combines Fortanix’s Confidential Computing platform, NVIDIA’s secure GPUs and NTT DATA’s full‑lifecycle managed services to protect data and models at rest, in transit, and during computation. It is designed to meet the stringent requirements of India’s Digital Personal Data Protection (DPDP) Act and other data‑sovereignty mandates. The solution targets regulated sectors such as finance, healthcare, telecom, manufacturing and the public sector.
Smart Contracts Auditing Process
Smart contract auditing is a critical pre‑deployment step that safeguards blockchain applications by uncovering coding errors and security vulnerabilities. The process follows a structured workflow—from specification gathering and automated scanning to manual line‑by‑line analysis, functional testing, and iterative remediation—culminating in...
Intellexa’s Predator Spyware Used to Hack iPhone of Journalist in Angola, Research Says
Amnesty International reported that a government client of sanctioned spyware firm Intellexa used its Predator tool to compromise the iPhone of Angolan journalist Teixeira Cândido in 2024. The intrusion was delivered through a malicious WhatsApp link, exploiting an outdated iOS...
Simplify Red Hat Enterprise Linux Provisioning in Image Builder with New Red Hat Lightspeed Security and Management Integrations
Red Hat has rebranded its Insights service as Red Hat Lightspeed, keeping core advisor, vulnerability and compliance capabilities while emphasizing AI‑driven speed. New Image Builder integrations now auto‑register RHEL images to Red Hat Satellite and Ansible Automation Platform, and allow compliance profiles...
Hong Kong Fortifies Cybersecurity Training in the AI Era
Hong Kong released its Cybersecurity Outlook 2026, revealing that nearly 30% of local firms lack dedicated security staff and only 26% of SMEs have such roles compared with 59% of large enterprises. To address the talent gap, the government, HKPC...
Texas AG Sues Wi-Fi Company over Links to China
Texas Attorney General Ken Paxton sued TP‑Link Systems Inc., alleging the Wi‑Fi maker deceived consumers by marketing its routers as "Made in Vietnam" while sourcing most components in China. The complaint cites longstanding firmware vulnerabilities that Chinese state‑backed hackers have...
CompTIA Launches SecAI+ Certification
CompTIA unveiled SecAI+, its first Expansion Series certification, aimed at securing AI systems and leveraging AI tools within cybersecurity operations. The credential builds on foundational certifications such as Security+, CySA+ and PenTest+, requiring three to four years of IT experience...
How to Transform Your SOC Through XDR and MDR
In a recent Palo Alto Networks webcast, experts highlighted that modern attackers compress breach timelines to under an hour, overwhelming traditional SOC processes. They argued that XDR platforms like Cortex XDR solve the data‑silo problem by unifying telemetry across endpoints,...
Flaws in Popular VSCode Extensions Expose Developers to Attacks
Security researchers at Ox Security uncovered critical and high‑severity vulnerabilities in four widely used Visual Studio Code extensions, collectively downloaded over 128 million times. The flaws—affecting Code Runner, Markdown Preview Enhanced, Live Server, and Microsoft Live Preview—allow attackers to execute remote...
OpenClaw Flaw Enables AI Log Poisoning Risk
A log‑poisoning flaw was discovered in OpenClaw’s gateway server, affecting versions up to 2026.2.12. The vulnerability arises from unsanitized WebSocket headers—such as Origin and User‑Agent—being written directly to structured logs when a handshake is aborted. An unauthenticated attacker could inject...
Cyber Attacks Enabled by Basic Failings, Palo Alto Analysis Finds
Palo Alto Networks’ 2026 Global Incident Response Report shows cyber‑attack timelines have collapsed, with the fastest breaches moving from initial access to data exfiltration in just 72 minutes, down from nearly five hours in 2024. The acceleration is largely driven...
CVE-2026-25903 Impacts Apache NiFi Users
A new vulnerability, CVE‑2026‑25903, affects Apache NiFi versions 1.1.0 through 2.7.2 and was patched in 2.8.0. The flaw allows users with limited privileges to modify the configuration of already‑deployed restricted components, bypassing the platform’s authorization checks. While it does not...
HCP Packer Adds SBOM Vulnerability Scanning
HashiCorp announced that HCP Packer now offers SBOM vulnerability scanning in public beta, while its package‑visibility feature has moved to general availability. The new scanning capability cross‑references each artifact’s software bill of materials against the MITRE CVE database and flags...
Quesma Releases BinaryAudit
Quesma unveiled BinaryAudit, an independent benchmark that measures how well artificial‑intelligence models can spot hidden threats in software binaries. The tool aims to shift binary analysis from a reactive, post‑breach activity to a proactive safeguard applied before deployment, during updates,...
The 2026 Security 100
AI has become the baseline for security vendors in 2026, with advanced generative AI and agentic features now considered essential rather than differentiators. Leaders like MicroAge note that clients increasingly expect AI‑enhanced upgrades across their security stacks. As large language...
Aware Points to Independent PAD and Bias Testing as Remote ID Pressure Mounts
Aware announced that its biometric platform has earned independent validation for presentation‑attack detection (PAD) at ISO/IEC 30107‑3 Levels 1‑3, completed bias testing under ISO/IEC 19795‑10, and participated in the U.S. Department of Homeland Security’s 2025 Remote Identity Validation Rally. The company ties these...
WSO2 Joins MOSIP and IIIT-Bangalore to Refresh eSignet Authentication for National IDs
WSO2 has partnered with IIIT‑Bangalore and the MOSIP project to overhaul eSignet, the open‑source authentication layer used in national digital ID systems. The effort focuses on boosting scalability, OpenID Connect‑style flows, and offline QR support for low‑connectivity environments. By integrating...
Energy Department ‘Center of Excellence’ Delves Into OT Cybersecurity
The U.S. Department of Energy has established a Center of Excellence to tackle operational technology (OT) cybersecurity across its labs and agencies. Sponsored by the Office of Science and the National Nuclear Security Administration, the effort unites cyber experts to...
Bluefin and Basis Theory Offer Unified Token Strategy Across Digital and In-Person Payments
Bluefin and Basis Theory have formed a strategic partnership to deliver a unified token strategy that bridges digital and in‑person payment channels. By integrating Bluefin’s PointConex platform with Basis Theory’s API‑driven tokenization and vaulting, merchants can capture, tokenize, and reuse...
CAN Networks Can Meet EU CRA Requirements, but Security Levels Matter
The CAN in Automation (CiA) group warns that all CAN‑based products sold in the EU now fall under the European Union Cyber Resilience Act (EU CRA) unless covered by sector‑specific rules. Compliance hinges on achieving the appropriate IEC 62443 security level (SL),...
UL Solutions Develops New Certification Program for Solar Inverter Cybersecurity
UL Solutions has introduced a new certification program that establishes the first industry‑wide cybersecurity baseline for distributed energy resources (DER) and inverter‑based devices. The program follows UL 2941, a standard covering access management, cryptography, and data handling, and complements the existing...
What 5 Million Apps Revealed About Secrets in JavaScript
Intruder scanned five million JavaScript bundles and uncovered more than 42,000 exposed secrets, including active GitHub, GitLab, and SaaS API tokens. The research revealed 688 repository tokens that granted full access to private code and CI/CD pipelines. Traditional static and...
Palo Alto Networks To Acquire ‘Agentic Endpoint’ Security Startup Koi
Palo Alto Networks announced it will acquire AI‑agent security startup Koi, a move aimed at strengthening visibility and protection for AI‑driven workloads on endpoint devices. While the purchase price was not disclosed, a prior report suggested a $400 million valuation. Koi’s...
New Keenadu Backdoor Found in Android Firmware, Google Play Apps
Kaspersky has uncovered a sophisticated Android backdoor named Keenadu, embedded in firmware of multiple device brands and distributed through compromised OTA updates, system apps, and even Google Play applications. The malware can infiltrate every installed app, grant attackers unrestricted control,...
Cybersecurity Excellence Awards Reveal Nomination Shift From AI Hype to Governance Execution
Cybersecurity Insiders' 2026 Excellence Awards reveal a notable shift in vendor nominations from AI hype toward concrete governance, identity, and data security solutions. While agentic AI categories are growing rapidly, nominations now emphasize oversight mechanisms, ISO‑42001‑aligned frameworks, and human‑in‑the‑loop controls....
API Threats Grow in Scale as AI Expands the Blast Radius
API vulnerabilities accounted for 17% of the 60,000+ flaws disclosed in 2025, and 43% of exploited weaknesses were API‑related, underscoring a growing attack surface. Wallarm’s report highlights a dramatic 270% rise in Model Context Protocol (MCP) flaws between Q2 and...
Over-Privileged AI Drives 4.5 Times Higher Incident Rates
Teleport’s 2026 State of AI in Enterprise Infrastructure Security report reveals that AI workloads with excessive access rights suffer a 4.5‑times higher incident rate than those governed by least‑privilege controls. Seventy percent of surveyed security leaders say AI systems enjoy...
SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer
Researchers have uncovered a new SmartLoader campaign that distributes a trojanized Oura Health Model Context Protocol (MCP) server to install the StealC infostealer. The malicious server is hosted in fabricated GitHub repositories and submitted to the MCP Market registry, exploiting...
Checkmarx Enhances IDE-Native Agentic Application Security in Kiro
Checkmarx announced that its AI‑driven Developer Assist tool is now embedded directly within the AWS Kiro integrated development environment. The integration scans source code and dependencies in real time, surfacing security findings inside the IDE and synchronizing them with the...
Poland Arrests Suspect Linked to Phobos Ransomware Operation
Polish authorities detained a 47‑year‑old man suspected of collaborating with the Phobos ransomware group during a joint operation in the Małopolska region. The arrest, part of Europol‑coordinated Operation Aether, yielded computers and phones loaded with stolen credentials, credit‑card data, and server‑access...
How to Securely Edit and Redact Sensitive PDFs: A Cybersecurity Guide
PDFs remain the go‑to format for confidential data, yet hidden metadata, annotations, and embedded objects often leak information despite password protection. In 2023, over 400 breach incidents were traced to incomplete redactions or metadata exposure. The guide outlines a six‑step...
Cloud On Demand & StorVault Announce Partnership to Strengthen Local Data Protection
Cloud On Demand and South African backup specialist StorVault have announced a partnership that combines scalable cloud delivery with locally‑grounded, immutable data protection. The joint offering targets ransomware, hardware failures and endpoint vulnerabilities that threaten hybrid workforces, while delivering point‑in‑time...
3 Threat Groups Started Targeting ICS/OT in 2025: Dragos
Dragos’ 2026 Year in Review OT/ICS report adds three new adversaries—Sylvanite, Azurite and Pyroxene—targeting industrial control systems in 2025. Sylvanite acts as a rapid‑exploitation broker, weaponising n‑day flaws within 48 hours and handing access to the Voltzite group across power, oil,...
Unit 42: Nearly Two-Thirds of Breaches Now Start with Identity Abuse
Unit 42’s annual incident‑response report reveals identity abuse now initiates roughly two‑thirds of network intrusions, with social engineering responsible for one‑third of the 750 incidents examined. Compromised credentials, brute‑force attacks and permissive identity policies further fuel the trend, while identity‑related...
Citizen Lab Links Cellebrite to the Hacking of a Kenyan Presidential Candidate’s Phone
Citizen Lab’s forensic analysis uncovered Cellebrite’s phone‑cracking software on Kenyan activist Boniface Mwangi’s device, indicating that state authorities used the tool after his arrest. The evidence shows the phone was unlocked without a password, exposing personal photos, messages, and his...
Magnet Virtual Summit 2026 Kicks Off February 23!
The Magnet Virtual Summit 2026 runs February 23‑26, featuring over 50 leading experts who will discuss AI, mobile forensics, cloud investigations, deepfakes, eDiscovery, and incident response. The event spotlights the new Magnet One platform, promising faster, AI‑enhanced case building, and...
The Copilot Problem: Why Internal AI Assistants Are Becoming Accidental Data Breach Engines
Internal AI copilots are being deployed across enterprises as search and decision‑aid layers, inheriting every permission granted to users. Their ability to index, retrieve, and combine data from email, file shares, and SaaS tools exposes vast amounts of previously hidden...
Harnessing AI to Secure the Future of Identity
Artificial intelligence is reshaping identity management, with machine and AI agents now surpassing human users in many environments. This surge creates a broader attack surface, as each automated identity demands governance yet often appears outside IT‑approved systems. Channel partners are...
India’s Cybersecurity Cost Equation
India’s enterprises are boosting cybersecurity spend as multi‑cloud, API‑led ecosystems expand, yet Security Operations Centre (SOC) capacity lags behind. The average data‑breach cost has climbed to ₹22 crore (≈US$2.6 million), highlighting the financial stakes. Tool proliferation generates more alerts, but analyst throughput...
Netrio Named to CRN’s MSP 500 List For 2026
Netrio has been named to CRN’s 2026 Managed Service Provider (MSP) 500 list in the Elite 150 category, highlighting its role as a leading AI‑driven managed IT and cybersecurity provider for mid‑market enterprises. The Elite 150 spot recognizes Netrio’s end‑to‑end...
Malicious Fork of Legitimate Triton App Discovered on GitHub, Exposing New Malware Threat
A malicious fork of the legitimate Triton macOS client was posted on GitHub, masquerading as an official release while embedding a Windows‑only malware payload. The attacker, operating under the account “JaoAureliano,” used a deceptive README and raw asset links to...
How to Choose a Password Manager for Your Business
Choosing a password manager is now a strategic security decision, not just a convenience tool. While consumer‑focused apps handle basic storage, enterprise‑grade solutions add centralized provisioning, role‑based access, and detailed audit trails. Decision‑makers must evaluate encryption models, zero‑knowledge architecture, MFA...
DSS Files Charges Against El-Rufai Over Alleged NSA Phone Interception
The Department of State Services has filed a three‑count criminal charge against former Kaduna governor Nasir El‑Rufai for allegedly intercepting the telephone communications of National Security Adviser Nuhu Ribadu. Prosecutors say El‑Rufai admitted the illegal interception during a televised interview on 13 February 2026,...
CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover
A critical remote code execution flaw, CVE‑2026‑1357, has been discovered in the WPvivid Backup & Migration WordPress plugin, affecting over 900,000 active sites. The vulnerability lets unauthenticated attackers upload and run arbitrary PHP files via the plugin’s backup‑receive endpoint, granting...
How SSO Simplifies Identity Management for Deskless and Frontline Workforces
Frontline and deskless workers comprise roughly 80% of the global labor force, yet traditional identity systems struggle with shared devices, shift changes, and high turnover. Single Sign‑On (SSO) consolidates credentials, cutting password‑reset tickets and speeding up access at shift handovers....
REMnux V8 Brings AI Integration to the Linux Malware Analysis Toolkit
REMnux released version 8, rebuilt on Ubuntu 24.04 LTS, and introduces a new Cast‑based installer that handles fresh deployments, upgrades, and container installs. The highlight is the REMnux MCP server, which implements the Model Context Protocol to connect AI agents with the...
How Red Teaming Reduces Breach Risk?
Red Teaming, also known as adversary simulation, pits authorized security experts against an organization’s defenses to expose real‑world attack gaps. By mimicking the full cyber kill chain—from OSINT‑driven reconnaissance to covert data exfiltration—teams reveal weaknesses that traditional scans miss. The...
Hackers Abuse ScreenConnect to Hijack PCs via Fake Social Security Emails
Forcepoint X‑labs uncovered a new phishing campaign that spoofs the US Social Security Administration to deliver a malicious .cmd script. The script auto‑elevates, disables Windows SmartScreen and Mark‑of‑Web, and leverages Alternate Data Streams to hide before silently installing a compromised...
Montana Hospital Restores Phones as Cyber-Related Network Disruptions Persist
Livingston HealthCare in Montana announced that its phone system has been fully restored after a recent cybersecurity incident forced the hospital to shut down communications and other network services. The disruption, first reported on Feb. 13, stemmed from a potential...
FOI Is Arming Cyberattackers – Here Is How to Fix It
Freedom of Information (FOI) requests on cybersecurity governance are exposing a stark inconsistency in public‑sector disclosures. Large NHS trusts and other big bodies tend to refuse or invoke national‑security exemptions, while smaller organisations often provide granular details. This uneven approach...
