The Cyber Siege of Private Practices: Are You at Risk?
The Identity Theft Resource Center’s 2025 Data Breach Report reveals a 79 % surge in U.S. data compromises, with 534 incidents targeting health‑care providers. Private‑practice physicians face precise, AI‑driven attacks that exploit patient records and vendor relationships. Transparency in breach notifications has collapsed to 30 %, leaving practices in the dark about root causes. Experts urge comprehensive staff training, Zero Trust architectures, and managed detection services to shift from reactive defense to informed resilience.
Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense
Booz Allen Hamilton has launched the general availability of Vellox Reverser™, an AI‑driven malware reverse‑engineering platform that automates deep analysis at machine speed. The solution leverages a resilient agentic AI architecture, AWS Lambda, Bedrock and Step Functions to ingest samples,...
California Fines Disney For Alleged Privacy Violations
Disney agreed to pay $2.75 million to settle California Attorney General claims it breached the state’s privacy law by not honoring user opt‑out requests. The settlement requires Disney to create a consumer‑friendly, easy‑to‑execute opt‑out process and to cease cross‑context behavioral advertising...
It’s 2026, but Hospitals Still Haven’t Prevented Snooping in Celebrities’ Records
A Michigan hospital, likely McLaren Northern Michigan, is accused by internet personality Josh Clarke of allowing staff to view his medical records, take selfies in his treatment area, and conceal his presence on a notice board. Clarke’s video alleges that...
Hacker Linked to Epstein Removed From Black Hat Cyber Conference Website
Black Hat quietly removed veteran hacker Vincenzo Iozzo from its review board after DOJ documents linked him to Jeffrey Epstein. Iozzo, founder of SlashID and former CrowdStrike senior director, had served on the board since 2011. He denies any illegal...
Identity Security Looks Different by Industry. Here’s How MSPs Can Keep Up
Identity attacks remain the top breach vector, yet only 33 % of leaders trust their identity providers to stop them. With 82 % increasing spend and 85 % shifting to security‑first identity strategies, execution gaps are widening. Modern identity now includes machines, APIs...
Anna’s Archive Ignores Court Order and Starts Making Stolen Spotify Files Available to Torrent
Anna’s Archive, a piracy activist group, has begun seeding roughly 2.8 million Spotify tracks—about 6 TB of audio—via its torrent index, despite a New York court injunction and a $13 trillion lawsuit filed by Spotify and major labels. The leak follows a massive...
UK Customers Aren't as Worried About Sovereignty as EU, Cisco Exec Says
Cisco’s EMEA president Gordon Thomson told The Stack that British companies are less preoccupied with data‑sovereignty than their European counterparts. He noted that infrastructure autonomy has become a board‑level fear across the region, while AI localisation requirements are muddying the...
Apple Patches Actively Exploited Zero-Day Flaw
Apple has issued patches for CVE-2026-20700, a zero‑day vulnerability in the dyld dynamic linker affecting iOS, iPadOS, macOS, tvOS, watchOS and visionOS. The flaw enables arbitrary code execution with memory‑write capability and was actively exploited in highly sophisticated, targeted attacks,...
Why Every MSP Needs a Battle-Tested Incident Response Framework
Managed Service Providers face escalating ransomware threats, making ad‑hoc responses untenable. A battle‑tested Incident Response Plan (IRP) provides a structured lifecycle—from preparation to lessons learned—that safeguards client systems and the MSP’s reputation. The guide outlines core pillars such as preparation,...
A Guide to the Best Disaster Recovery Solutions for Health Care Organizations
Healthcare providers face heightened risk from cyber attacks and natural disasters, making robust disaster recovery essential. Vendors such as Dataprise, Veeam, Acronis, Zerto, and Carbonite offer cloud, hybrid, and on‑premises solutions that promise rapid recovery, HIPAA compliance, and proactive monitoring....
Viral AI Caricatures Highlight Shadow AI Dangers
A viral Instagram and LinkedIn trend sees millions prompting ChatGPT to generate caricatures that describe their jobs, then posting the images publicly. The practice unintentionally reveals how employees use large language models (LLMs) at work and what data they may...
World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks
World Leaks, a high‑profile extortion group, has introduced a new Rust‑written malware called RustyRocket, according to Accenture research. The tool provides stealthy persistence on both Windows and Linux systems, using heavily obfuscated, multi‑layered encrypted tunnels to exfiltrate data and proxy...
EXCLUSIVE | Trump Pauses China Tech Curbs Ahead of Xi Summit
The Trump administration has temporarily shelved a suite of technology security measures targeting Chinese firms ahead of the April Trump‑Xi summit. The paused actions include a ban on China Telecom’s U.S. operations, restrictions on Chinese equipment in data centres, and...
Integrating FIDO Standards Into Secure OT Connectivity — A Practical Path to Resilience
The FIDO Alliance is mapping its phishing‑resistant passkeys, Device Onboard (FDO) and emerging Bare Metal Onboarding (BMO) to the UK NCSC’s Secure Connectivity Principles for Operational Technology. By replacing passwords with cryptographic credentials, FIDO eliminates the most common breach vector...
The Download: AI-Enhanced Cybercrime, and Secure AI Assistants
Artificial intelligence is rapidly becoming a tool for cybercriminals, enabling faster, lower‑skill attacks and fueling a surge in deep‑fake‑driven scams. At the same time, AI‑powered personal assistants such as OpenClaw expose massive amounts of user data, raising urgent security concerns....
Google Says Hacker Groups Are Using Gemini to Augment Attacks – and Companies Are Even ‘Stealing’ Its Models
Google Threat Intelligence Group, together with DeepMind, released an AI Threat Tracker revealing that state‑backed APT groups are weaponizing Google’s Gemini models to research targets, craft multilingual phishing, and generate code for attacks. Notable actors include China‑based Temp.HEX, UNC6148 targeting...
AI Skills Represent Dangerous New Attack Surface, Says TrendAI
TrendAI, the new business unit of Trend Micro, warns that AI skills—executable artifacts that blend human‑readable text with LLM instructions—represent a dangerous attack surface. These skills, used in products like Anthropic’s Agent Skills, OpenAI’s GPT Actions, and Microsoft’s Copilot Plugins, can...
Does Your TV Track You Even Through the HDMI Port? Short Answer: Yes
Smart TVs can monitor content played on HDMI‑connected devices using two methods: HDMI‑CEC metadata and Automatic Content Recognition (ACR). ACR takes pixel‑level snapshots to fingerprint shows, movies, or games, while CEC logs device IDs and usage duration. The article outlines...
Companies Are Using ‘Summarize with AI’ to Manipulate Enterprise Chatbots
Microsoft's research reveals a new AI hijacking technique called AI recommendation poisoning, where "Summarize with AI" buttons embed hidden prompts that bias enterprise chatbots toward a vendor’s products. Over two months, researchers found 50 instances across 31 companies in sectors...
9 Ways to Ensure Regulatory Compliance in Cloud Storage
Cloud storage compliance has become a top priority for IT leaders in 2026 as organizations increasingly rely on remote data repositories. Rising regulatory scrutiny—spanning GDPR, HIPAA, PCI DSS, CCPA and others—means non‑compliance can trigger hefty fines, reputational harm, and operational...
0APT Ransomware Group Rises Swiftly with Bluster, Along with Genuine Threat of Attack
The 0APT ransomware group burst onto the scene last month, publicly claiming roughly 200 victims within its first week. While investigators have found no evidence that any of those organizations were actually breached, the group’s infrastructure includes a fully functional,...
Once-Hobbled Lumma Stealer Is Back with Lures that Are Hard to Resist
Lumma Stealer has reemerged at scale after a 2025 law‑enforcement takedown that crippled its command‑and‑control infrastructure. The malware‑as‑a‑service operation now relies on ClickFix lures—fake CAPTCHAs that trick users into running malicious commands—and the memory‑only CastleLoader to evade detection. Researchers report...
Interim CISA Chief: ‘When the Government Shuts Down, Cyber Threats Do Not’
Acting CISA Director Madhu Gottumukkala warned that a DHS shutdown would cripple the agency’s ability to issue timely cyber guidance, force over a third of frontline security staff to work without pay, and halt proactive threat‑hunting activities. The shutdown would...
CVE-2026-25646: Legacy Libpng Flaw Poses RCE Risk
CVE‑2026‑25646 reveals a heap‑buffer overflow in libpng’s png_set_quantize function, a flaw that has existed for nearly three decades across all historic releases. The bug triggers when a PNG image contains a palette chunk without a histogram and requests color quantization,...
Review: Box Facilitates Secure Collaboration for Healthcare Workers
Box Intelligent Content Management delivers a cloud‑based, zero‑trust platform tailored for healthcare’s strict security and compliance needs. The solution unifies over 1,500 integrations, enabling seamless collaboration between Office 365, Google Workspace and other systems while providing built‑in e‑signatures and workflow automation....
CISA’s Acting Chief Says 70 Staff Were Reassigned to Other DHS Offices in Last Year
Acting CISA director Madhu Gottumukkala told House appropriators that roughly 70 CISA employees were reassigned to other DHS components over the past year, while more than 30 staff were moved into the agency. A small number of those transfers went...
DOJ Says Trenchant Boss Sold Exploits to Russian Broker Capable of Accessing ‘Millions of Computers and Devices’
The DOJ has charged Peter Williams, former general manager of Trenchant—a cyber‑offensive unit of L3Harris—with stealing eight zero‑day exploits and selling them to a Russian broker for about $1.3 million in cryptocurrency. Prosecutors say the tools could grant access to millions of...
CVE-2026-21514: Actively Exploited Word Flaw Evades OLE Security
Microsoft disclosed CVE‑2026‑21514, an actively exploited vulnerability in Word that bypasses Object Linking and Embedding (OLE) security controls. The flaw lets specially crafted documents execute code without triggering Protected View or enable‑content prompts, requiring only a user to open the...
Arcjet Release V1 of Its SDK for Enabling Security Capabilities in JavaScript Apps
Arcjet launched version 1.0 of its JavaScript SDK, delivering a stable, production‑ready API for security functions such as bot mitigation, email verification, rate limiting, and data redaction. The SDK can block malicious bots, enforce custom traffic rules, and protect against...
Digital Forensics Round-Up, February 11 2026
The February 11 digital forensics round‑up highlights a wave of open‑source tools—including triagectl for macOS, Hindsight v2026.01’s Chrome Sync parsing, a chunked BitLocker‑key recovery script, a Velociraptor Notepad++ artifact, and FOSSOR for malware hash lookup—aimed at streamlining evidence collection. It also...
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments
Pentera Labs identified nearly 2,000 publicly exposed training applications across cloud platforms, with about 60% hosted on AWS, Azure or GCP. Roughly one‑fifth of these instances contained crypto‑mining scripts, web‑shells or persistence tools, indicating active exploitation. The vulnerable apps were...
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact
Industrial control system vendors Siemens, Schneider Electric, Aveva, and Phoenix Contact released a flurry of Patch Tuesday advisories on February 11, 2026, addressing high‑severity flaws across dozens of OT products. Siemens issued eight advisories covering Desigo CC, Sentron Powermanager, Simcenter Femap, NX, and...
Identy.io Announces Strategic Expansion in Africa
Identy.io, a global biometric authentication firm, announced a strategic expansion into Africa, focusing initially on Kenya and Nigeria. The company will deploy its software‑first Automated Biometric Identification System (ABIS) that captures biometrics via standard smartphones, reducing hardware costs. To support...
CISOs Must Separate Signal From Noise as CVE Volume Soars
The FIRST forecast predicts 2026 will see roughly 59,000 CVEs, with extreme scenarios approaching 118,000, far exceeding the 48,000 reported in 2025. The surge stems from more CVE Numbering Authorities, expanded bug‑bounty programs, and AI‑driven discovery, not a sudden drop...
CrowdStrike Appoints Jonathon Dixon as JAPAC Lead
CrowdStrike announced Jonathon Dixon as vice‑president and managing director for Japan and Asia Pacific, tasking him with leading AI‑powered cyber‑security transformation across the region. Dixon arrives with more than 25 years of experience, most recently serving as JAPAC head at Verkada and...
The European Supervisory Authorities and UK Financial Regulators Sign Memorandum of Understanding on Oversight of Critical ICT Third-Party Service Providers...
The European Supervisory Authorities (EBA, EIOPA and ESMA) have signed a Memorandum of Understanding with the Bank of England, the Prudential Regulation Authority and the Financial Conduct Authority to coordinate oversight of critical ICT third‑party service providers under the Digital...
Asia Fumbles With Throttling Back Telnet Traffic in Region
Telnet remains a major security weakness in the Asia‑Pacific, accounting for roughly half of the world’s exposed Telnet endpoints. Global throttling on Jan. 14 cut Telnet sessions by 83 % but Asian providers applied inconsistent filters, leaving the region’s traffic relatively high....
Know Before You Share: Be Mindful of Data Aggregation Risks
Financial data aggregators consolidate accounts into a single dashboard, using either APIs or screen‑scraping to retrieve information. While APIs provide scoped, credential‑free access, many providers still rely on screen‑scraping, which requires users to share login details. The article highlights privacy,...
Advance-Fee Frauds Keep Dropping the FINRA Name—Don’t Fall for “Regulator” Imposter Ploys
Fraudsters are increasingly impersonating FINRA and its executives, using authentic‑looking logos, signatures, and fake email domains to lure victims into advance‑fee scams. The scams typically demand payment for alleged regulatory or tax charges tied to worthless securities or nonexistent inheritances,...
UK to Lead Multinational Cyber Defence Exercise From Singapore.
Britain will lead the Defence Cyber Marvel 2026 exercise, bringing together more than 2,500 personnel from 29 nations in Singapore. The week‑long drill simulates real‑world cyber attacks, pitting blue and red teams against each other while integrating military, government and...
Cyber Command, NSA Nominee Rudd Advances to Senate Floor
The Senate Intelligence Committee voted 14‑3 to advance Army Lt. Gen. Joshua Rudd’s nomination as head of U.S. Cyber Command and the National Security Agency. Rudd, currently deputy chief of U.S. Indo‑Pacific Command, has no prior cyber warfare or intelligence...
Best Tools for Test Data Management to Accelerate QA Teams in 2026
Test Data Management (TDM) tools are becoming essential for QA and DevOps teams as CI/CD pipelines demand rapid, compliant data provisioning. In 2026, vendors such as K2view, Delphix, Datprof, IBM Optim, Informatica, and Broadcom lead the market, each emphasizing self‑service,...
February Patches for Azure DevOps Server
Microsoft released February 2026 patches for its self‑hosted Azure DevOps Server suite, covering the core product and the 2022.2, 2020.1.2, and 2019.1.2 releases. Each patch is available via direct download links and includes detailed release notes. The company urges all...
FortiOS Authentication Bypass Exposes VPN and SSO Deployments
Fortinet disclosed CVE‑2026‑22153, an authentication‑bypass flaw in FortiOS versions 7.6.0 through 7.6.4. The bug lets unauthenticated attackers skip LDAP checks for Agentless VPN or FSSO policies when the directory permits anonymous binds, potentially granting access to internal networks via SSL‑VPN....
Regional Bank Execs Love Mobile Apps, Fear Wire Transfer Fraud
Regional midsize and community banks are prioritizing mobile banking apps, with 54% ranking them among the top five technology spend categories for 2026. At the same time, 42% of respondents view agentic artificial intelligence as the most significant catalyst for...
EU Unconditionally Approves Google’s $32B Acquisition of Wiz
The European Commission has given unconditional approval to Google’s $32 billion acquisition of cloud‑security firm Wiz, allowing the deal to close without any remedial conditions. The EU antitrust review concluded that the transaction poses no significant competition risk in the European...
Volvo Group North America Customer Data Exposed in Conduent Hack
Volvo Group North America announced that an indirect data breach exposed personal information of about 17,000 customers and staff. The breach stemmed from Conduent, a U.S. business‑process‑outsourcing firm, whose systems were compromised between October 21, 2024 and January 13, 2025. Threat actors accessed names,...
Microsoft Rolls Out New Secure Boot Certificates Before June Expiration
Microsoft has begun distributing updated Secure Boot certificates through the regular monthly Windows updates, replacing the original 2011 certificates that will expire in late June 2026. The refresh targets Windows 11 24H2 and 25H2 devices, with many newer PCs already shipping the...
Web3 Audit: What It Is, What It Covers, and How Teams Choose an Auditor (2026)
In 2026 a web3 audit must be scoped around the entire value‑moving system—on‑chain code, privileged controls, integrations, and any off‑chain components that can affect outcomes. Most security gaps arise from what teams leave out of scope, such as front‑end risk,...
