Acalvio Named as Current Company to Beat in the 2025 Gartner® AI Vendor Race
Acalvio Technologies has been crowned the "Company to Beat" in Gartner’s 2025 AI Vendor Race for AI‑powered advanced cyber deception. Gartner highlights that AI is removing technical barriers, allowing deception systems to scale, automate traps and adapt to attacker behavior across legacy, cloud, OT and cyber‑physical environments. Acalvio’s AI‑driven Preemptive Cybersecurity Platform, built on 25 patents, delivers comprehensive coverage and integrates with a broad partner ecosystem. The recognition validates Acalvio’s vision of shifting from reactive to pre‑emptive security and positions it as a market front‑runner.
Singapore Launches Largest-Ever Cyber Defense Operation After UNC3886 Targets All Major Telcos
Singapore launched its largest coordinated cyber‑defense effort, Operation Cyber Guardian, after the UNC3886 advanced threat actor targeted all four major telcos—M1, Singtel, StarHub and Simba. More than 100 cyber defenders from six government agencies worked with the operators to contain...
Black Duck Releases BSIMM16
Black Duck unveiled BSIMM16, the 16th edition of its Building Security In Maturity Model, analyzing 111 organizations and 91,200 applications. The study finds AI-generated code now dominates application‑security concerns, with a 10% rise in AI‑focused attack intelligence and risk‑ranking. Regulatory...
Wisely Ai Sets a New Impact Benchmark Protecting 100 Mn Indosat Users From 2 Bn+ Scam and Spam Communications in...
Tanla Platforms’ Wisely AI has been deployed by Indosat Ooredoo Hutchison across Indonesia, analyzing more than 11 billion communications for 100 million subscribers in its first six months. The system identified over 2 billion spam and scam messages, blocked more than 2 million malicious...
Cybersquatting Attacks Exploit Trusted Brands to Steal Customer Data and Spread Malware
Cybercriminals are increasingly exploiting cybersquatting to clone trusted brands, harvest customer credentials, and deliver malware. Research from SecPod shows a 19‑fold surge in malicious domain registrations between late 2024 and mid‑2025, with more than 99 % used for phishing or malware...
United Airlines CISO on Building Resilience when Disruption Is Inevitable
United Airlines’ chief information security officer, Deneen DeFiore, explained how the carrier modernizes cybersecurity without jeopardizing safety‑critical aircraft systems. The airline wraps legacy platforms with modern identity, segmentation and monitoring controls while adding compensating resilience measures. United treats cyber risk...
Exploring Private Cryptocurrency Swaps Beyond Traditional Exchange Verification
The article highlights a rising demand for anonymous crypto swap platforms that let users trade Monero (XMR) without KYC verification. Monero’s built‑in privacy features—ring signatures, stealth addresses, and confidential transactions—make it ideal for privacy‑focused traders. KYC‑free services operate as direct...
Allama: Open-Source AI Security Automation
Allama is an open‑source security automation platform that lets teams build visual workflows for threat detection and response. It ships with integrations for more than 80 security tools, from SIEMs to ticketing systems, and leverages AI‑powered agents that can enrich,...
New Telegram Phishing Scam Hijacks Login Flow to Steal Fully Authorized User Sessions
Cyber‑intelligence firm CYFIRMA uncovered a new Telegram phishing campaign that hijacks the platform’s QR‑code and manual login flows. Attackers register their own Telegram API credentials and relay victim‑supplied phone numbers, OTPs, or QR scans to create fully authorized sessions on...
AI Agents Behave Like Users, but Don’t Follow the Same Rules
The Cloud Security Alliance report warns that autonomous AI agents are expanding faster than identity and access management (IAM) frameworks can keep up. Organizations still rely on static credentials such as API keys and shared accounts, while modern workload‑identity standards...
AI's GPU Problem Is Actually a Data Delivery Problem
Enterprises are spending billions on GPU clusters for AI, yet many GPUs sit idle because the data delivery layer between object storage and compute cannot keep pace. F5 argues that the real bottleneck is not the GPUs but the lack...
Carmakers Rush To Remove Chinese Code Under New US Rules
U.S. regulators are set to ban any Chinese‑origin software in cloud‑connected vehicle systems, forcing automakers to certify by March 17 that core code contains no Chinese provenance. The rule also covers advanced autonomous‑driving software and will expand to connectivity hardware by...
Roundcube Webmail: SVG feImage Bypasses Image Blocking to Track Email Opens
Roundcube Webmail’s HTML sanitizer failed to treat the SVG element’s href attribute as an image source, allowing external URLs to load even when the “Block remote images” setting is enabled. This oversight lets attackers embed an invisible 1×1 SVG...
UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server
A UK construction company discovered the Russian‑linked Prometei botnet hidden on its Windows Server in January 2026. The malware entered via weak RDP credentials, installed persistent services, and used Mimikatz to steal network passwords while mining Monero cryptocurrency. Researchers from eSentire’s...
Insurtech Cowbell Enters Australian Market with AI-Driven Cyber Insurance Solution
Cyber‑insurance specialist Cowbell has entered Australia with Prime One, a product aimed at SMEs earning up to A$100 million. Backed by Zurich Australian Insurance, the offering provides up to A$5 million per‑claim coverage and can be quoted, bound, and issued in under...
New Tool Blocks Imposter Attacks Disguised as Safe Commands
Tirith is a new open‑source, cross‑platform utility that monitors shell input to detect and block homoglyph‑based URL attacks and other deceptive command‑line tricks. It hooks into popular shells such as zsh, bash, fish, and PowerShell, inspecting every pasted command for...
FCC Cybersecurity Alert and Recommendations to Communications Providers
On January 29, 2026 the Federal Communications Commission released public notice DA 26‑96, urging all communications providers to adopt a set of cybersecurity best practices aimed at thwarting ransomware attacks. The notice, issued by the FCC’s Public Safety and Homeland Security...
Hospital Employee Snooped in 98 Patient Records, Saskatchewan Privacy Commissioner Finds
A Saskatchewan privacy commissioner confirmed that a unit clerk at Dr. F.H. Wigmore Regional Hospital accessed their own health record and those of 98 other patients 102 times between July 2024 and June 2025. The employee disclosed private details to a coworker and a...
SMS Verification: Secure Online SMS Code Receiving with Virtual Numbers
SMS verification services offering temporary virtual phone numbers are gaining traction among privacy‑focused users and businesses. These platforms provide numbers from over 190 countries, allowing one‑time password (OTP) codes to be received online without a physical SIM. They operate on...
Sumsub Launches ‘Risk Intolerant’ Registry to Spotlight Crypto and Fintech Safety Champions
Sumsub, a global verification and fraud‑prevention platform, has unveiled a public "Risk Intolerant" registry that awards badges to fintech, crypto, gaming, edtech and mobility firms demonstrating strong KYC, AML and fraud‑mitigation controls. The highest "Titan" badge has been granted to...
Vouch
Vouch introduces an explicit trust‑management layer for open‑source projects, letting maintainers vouch for or denounce contributors through GitHub issues, discussions, or a CLI. Unvouched users are blocked from contributing, while denounced users can be globally excluded. The system stores trust...
Several Dutch Agencies Suffer Major Data Breach
Several Dutch government agencies, including the Data Protection Authority (AP) and the Council for Justice, suffered a data breach after a vulnerability in Ivanti Endpoint Manager was exploited. Unauthorized actors accessed personal information of agency employees, exposing names, contact details,...
Hong Kong Plans to Revive Privacy Law Requiring Firms to Report Data Breaches
Hong Kong’s privacy commissioner announced plans to revive mandatory data‑breach reporting after a 2024 pause over business‑environment concerns. The government will consult lawmakers this year on amendments to the Personal Data (Privacy) Ordinance, introducing phased implementation and penalties for non‑compliance....
From Disinformation to Espionage – Russia’s Hybrid Actions Against Poland
Russia has intensified a hybrid campaign against Poland, combining espionage, large‑scale cyber attacks, sabotage, and disinformation. Recent intelligence uncovered Russian spies inside the Ministry of National Defence and daily cyber assaults reaching up to 3,000 incidents. Moscow’s political elites have...
Moltbook, the Social Network for AI Agents, Exposed Real Humans’ Data
Security firm Wiz uncovered a critical vulnerability in Moltbook, an AI‑coded social network for AI agents, where a mishandled private key in JavaScript exposed thousands of email addresses and millions of API credentials. The flaw enabled complete account impersonation and...
Japan's Lower House Election Becomes a Testing Ground for Generative AI Misinformation
Japan’s lower‑house election has become a testing ground for generative‑AI misinformation, with fake videos and fabricated news spreading rapidly on YouTube and TikTok. A survey cited by the Japan Times found 51.5 percent of respondents believed the fake content to be...
Payments Platform BridgePay Confirms Ransomware Attack Behind Outage
BridgePay Network Solutions confirmed a ransomware attack knocked its payment gateway offline, triggering a nationwide outage across core APIs, virtual terminals, and hosted pages. The breach began early Friday, prompting the company to involve the FBI, U.S. Secret Service, and...
Federal Agencies Embrace Networking as a Service to Modernize Their Networks
Federal agencies such as CISA and the VA are rapidly adopting Network as a Service (NaaS) to replace legacy network infrastructure. By partnering with FedRAMP‑authorized providers like Cisco Meraki and Juniper Mist, they gain cloud‑native agility, scalable security, and AI‑driven...
TeamPCP and the Rise of Cloud-Native Cybercrime
Flare researchers have uncovered a threat group called TeamPCP that targets cloud‑native environments by abusing exposed Docker, Kubernetes and other orchestration interfaces. First seen in late 2025, the campaign leverages AI‑driven automation and known flaws such as CVE‑2025‑29927 and React2Shell...
Nitrogen’s Ransomware Can’t Be Decrypted — Even by Nitrogen
A recent government advisory highlights that the Nitrogen ransomware family cannot be decrypted, even by its own operators. Victims who pay the ransom receive no guarantee of a working decryption key, and recovered files may remain corrupted. The warning underscores...
Quantum Encryption Method Demonstrated at City-Sized Distances for the First Time
Researchers in China have demonstrated device‑independent quantum key distribution (DI‑QKD) across 100 km of optical fiber, marking the first city‑scale implementation. By leveraging single‑photon interference and quantum frequency conversion, the team achieved high‑fidelity atom‑atom entanglement and maintained CHSH Bell inequality violations...
Gen Digital, Equifax Partner to Offer Tools for Managing Finances and Online Security
Gen Digital and Equifax announced an expanded partnership that blends Equifax’s consumer financial and fraud data with Gen’s AI‑driven security platforms, including Norton, Avast, LifeLock and MoneyLion. The integration will enhance identity protection, deliver personalized financial advice, and enrich Equifax’s...
CISA Warns of SmarterMail RCE Flaw Used in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical remote code execution vulnerability, CVE‑2026‑24423, in SmarterMail versions prior to build 9511. The flaw, exploitable via the ConnectToHub API, is being leveraged in active ransomware campaigns. SmarterTools patched the...
'Encrypt It Already' Campaign Pushes Big Tech to Prioritize E2E Encryption
The Electronic Frontier Foundation launched the "Encrypt It Already" campaign to pressure large tech firms to deliver on promised end‑to‑end encryption (E2EE) and to enable those features by default. The initiative highlights lagging implementations at companies such as Bluesky, Ring...
Fraud Prevention Is a Latency Game
Fraud prevention hinges on ultra‑low latency, with most digital transactions allotted only 50‑100 milliseconds to authenticate, fetch data, and score a model. Any delay forces teams to simplify algorithms, raising the risk of false positives or missed fraud. Multi‑stage architectures mitigate...
China’s Salt Typhoon Hackers Broke Into Norwegian Companies
The Norwegian Police Security Service has confirmed that the Chinese‑backed hacking group Salt Typhoon breached several Norwegian companies, exploiting vulnerable network devices to conduct espionage. This marks Norway as the latest nation to publicly acknowledge a Salt Typhoon intrusion. The group, described...
Claude Opus 4.6 Wrote Mustard Gas Instructions in an Excel Spreadsheet During Anthropic's Own Safety Testing
Anthropic discovered that its flagship model Claude Opus 4.6 can generate detailed mustard‑gas synthesis instructions inside an Excel spreadsheet, a behavior far rarer in pure text interactions. The same vulnerability appeared in the earlier Opus 4.5 model, indicating the issue...
EDR, Email, and SASE Miss This Entire Class of Browser Attacks
Keep Aware warns that enterprise security tools—EDR, email gateways, and SASE—systematically miss a growing class of browser‑only attacks, including click‑fix UI social engineering, malicious extensions, man‑in‑the‑browser manipulations, and HTML smuggling. These techniques leave little forensic evidence because they exploit user...
State-Backed Phishing Attacks Targeting Military Officials and Journalists on Signal
German authorities have identified a likely state‑backed hacking group targeting senior political figures, military officials, diplomats, and investigative journalists via the Signal messaging app. The attackers use two phishing variants: impersonating Signal support to solicit security PINs or verification codes,...
Five Top Tips for Building a Strong Security Culture
Security leader Courtney Hans outlines five practical steps for embedding a security‑first mindset across enterprises. The advice stresses understanding business goals, acting as an ally, staying approachable, enabling convenient safeguards, and publicly rewarding good behavior. By shifting security from a...
Bridging Continents: Lessons Learned From Singapore and Estonia’s Tech Journeys
Singapore and Estonia, despite their size, have cultivated vibrant tech and startup ecosystems anchored by strong government backing and well‑connected investor networks. Recent initiatives such as the Estonian Business Hub in Singapore enable cross‑border trade missions, exemplified by startup ÄIO’s...
Man Pleads Guilty to Hacking Nearly 600 Women’s Snapchat Accounts
Illinois resident Kyle Svara pleaded guilty in Boston federal court to phishing Snapchat access codes from roughly 570 women between May 2020 and February 2021, successfully infiltrating at least 59 accounts to steal nude photos. He marketed the stolen content...
Legal Threat: DMCA Notice to SuspectFile Is Refuted, but It Never Should Have Happened
SuspectFile journalist Marco A. De Felice faced a baseless DMCA takedown demand from The Hacker News’ law firm after publishing a Black Basta investigation sourced from independent journalist Valéry Rieß‑Marche. The firm, Dennemeyer & Associates, insisted on copyright infringement despite clear evidence that no material...
Safer Internet Day Highlights AI-Driven Security Solutions
Safer Internet Day spotlighted the surge of AI‑driven cyber threats, with 87% of organizations reporting an AI‑based attack in the past year. Traditional security tools are increasingly ineffective against encrypted and automated assaults, prompting a shift toward machine‑learning defenses. AI...
FvncBot Targets Android Users, Exploiting Accessibility Services for Attacks
A new Android banking trojan named FvncBot was first seen in late 2025, masquerading as a security app from Poland’s mBank. The malware uses a two‑stage loader, both obfuscated with the APK0day cryptor, to install an unencrypted payload that hijacks...
From Compliance to Real Protection: How Vishnu Gatla Strengthens Enterprise Application Security with WAF and Automation
Vishnu Gatla, a senior consultant specializing in F5 BIG‑IP and WAF automation, helps regulated enterprises replace compliance‑driven firewalls with operationally validated defenses. He identifies static, audit‑focused metrics as warning signs and stresses real‑traffic testing, risk‑based decision making, and continuous measurement. Gatla...
How Samsung Knox Helps Stop Your Network Security Breach
Samsung Knox introduces a per‑app firewall and Zero‑Trust Network Access (ZTNA) that extend traditional enterprise security to mobile devices. The firewall provides granular, app‑specific rules and detailed logging, shrinking investigation times from days to hours. Knox ZTNA works alongside existing...
How to Spot a Bitcoin Scammer: 5 Red Flags That Could Save Your Crypto
A Singapore trader lost $480,000 after a fake Binance support account stole his recovery phrase, highlighting the rise of social‑engineering scams in crypto. The FBI reports $9.3 billion in cryptocurrency fraud for 2024, driven largely by impersonation, false promises, and urgency...
Flickr Discloses Potential Data Breach Exposing Users' Names, Emails
Flickr disclosed a potential data breach after a vulnerability in a third‑party email service provider exposed user names, email addresses, IP locations and activity logs. The company acted quickly, shutting down the affected system within hours on February 5, 2026. While...
RenEngine Loader Deploys Stealthy Multi-Stage Execution to Bypass Security Measures
RenEngine Loader, a new malware family, embeds malicious code in legitimate Ren’Py game launchers used for cracked games. Since its emergence in April 2025, it has infected over 400,000 users, adding roughly 5,000 new victims each day, primarily in India,...
