Why Operational Threat Intelligence Needs AI Agents Now, Not Later
Operational threat intelligence is being overwhelmed by noise and slow manual processes, prompting a shift toward AI agents. Gartner highlights that most organizations lack end‑to‑end AI integration across the intelligence lifecycle, with only 43% reporting tangible benefits. AI agents can ingest, triage, and correlate massive threat data, automating actionable responses in real time. This orchestration reduces false positives, accelerates decision‑making, and allows analysts to focus on high‑value tasks.
Microsoft Rolls Out Native Sysmon Monitoring in Windows 11
Microsoft has begun rolling out native Sysmon functionality to Windows 11 Insider builds in the Beta and Dev channels. The built‑in service mirrors the popular Sysinternals Sysmon tool, logging process, file and clipboard events to the Windows Event Log. It remains...
Former Nuance Communications Employee Facing More Charges in 2023 Geisinger Data Breach Case
Former Nuance Communications employee Max Vance has been hit with two additional false‑statement counts after a superseding indictment revealed he lied to FBI agents about downloading protected health information. The indictment follows his original charge of unlawfully accessing data belonging...
Banks Are Not Prepared for the Industrialization of Crypto Theft
Drainer‑as‑a‑Service (DaaS) platforms are industrializing crypto theft, letting low‑skill actors launch high‑value heists at scale. Traditional bank compliance, reliant on static blacklists, cannot keep pace with the real‑time, multi‑domain attacks these services enable. The author urges banks to shift from...
Noah Taps Sumsub for Reusable KYC
Financial infrastructure firm Noah has teamed up with identity‑verification specialist Sumsub to embed a reusable KYC framework across its platform. The integration enables users verified by any of Sumsub’s 4,000+ partner institutions to onboard on Noah‑powered wallets, exchanges and payment...
DMARC Alerts in Slack
EasyDMARC now pushes DMARC and email‑authentication alerts straight into Slack, turning a traditionally passive control into an active operational signal. The integration delivers high‑signal events—such as DNS record changes, authentication‑failure spikes, and policy shifts—complete with domain, severity and rationale, while...
SECNAP CloudJacket MXDR Integrates SOC, SIEM, and NDR
SECNAP Network Security launched CloudJacket MXDR, a managed extended detection and response platform that unifies SOC, SIEM, and NDR functions under a single pane of glass. Built on the patented CloudJacket foundation, the solution adds multi‑tenant capabilities, AI‑augmented analyst workflows,...
Interlock Ransomware Exploits Zero-Day in Gaming Anti-Cheat Driver to Disable EDR, AV
Interlock ransomware has added a zero‑day exploit in a gaming anti‑cheat driver (CVE‑2025‑61155) to its arsenal, deploying a signed kernel driver called UpdateCheckerX64.sys. The new BYOVD tool, dubbed Hotta Killer, creates a demand‑start service and uses DeviceIoControl to terminate security...
AI Bots Are Now a Signifigant Source of Web Traffic
The latest TollBit report, backed by Akamai data, shows AI‑driven scraping bots now account for a sizable share of web traffic, with one out of every 50 visits to monitored sites originating from such bots. AI bots are increasingly ignoring...
Supply Chain Attack Exploits Notepad++ Update Mechanism to Push Targeted Malware
A sophisticated supply‑chain attack hijacked Notepad++'s update mechanism after a hosting‑provider breach, remaining active from June 2025 to December 2025. Attackers rotated command‑and‑control servers and deployed three distinct infection chains that delivered Cobalt Strike beacons and a custom Chrysalis backdoor. The...
The First 90 Seconds: How Early Decisions Shape Incident Response Investigations
Eric Zimmerman of the SANS Institute argues that incident response failures stem more from early‑stage decisions than from tool gaps. He defines the "first 90 seconds" as a repeatable decision window that recurs each time a new system enters scope,...
Zero Trust in Practice: A Deep Technical Dive Into Going Fully Passwordless in Hybrid Enterprise Environments
Eliminating passwords in hybrid Active Directory and Microsoft Entra ID environments requires a complete redesign of identity architecture, not a simple switch. Success hinges on three prerequisites—cloud Kerberos trust, device registration, and Conditional Access policies—forming a prerequisite triangle. Organizations must...
OfferUp Scammers Are Out in Force: Here’s What You Should Know
OfferUp, the 15‑year‑old U.S. marketplace that processes more than 30 million transactions each year, is grappling with a surge of fraud schemes. Scammers routinely steer buyers and sellers toward off‑platform payment methods such as Zelle, Venmo, gift‑card codes, or cash‑app transfers,...
Snyk Unveils the AI Security Fabric
Snyk introduced the AI Security Fabric, a continuous‑defense layer that spans the entire software development lifecycle. The Fabric unifies visibility, prevention, and governance across three vectors: AI‑accelerated DevSecOps, AI‑driven development, and AI‑native software. New data shows that each deployed AI...
How Generative AI Is Transforming Fraud Detection in Digital Banking
Generative AI has become central to digital‑banking fraud defenses as AI‑powered scams now account for over half of global fraud incidents. Traditional rule‑based systems struggle with adaptive threats, prompting banks to adopt deep generative models that analyze transaction graphs and...
Avast Brings Deepfake Scam Detection to Windows PCs and Mobile Devices
Avast announced the global rollout of its Scam Guardian and Scam Guardian Pro apps for Android and iOS, and introduced Deepfake Guard for Windows PCs. The new AI‑driven feature scans video audio in real time to detect malicious deepfake content, supporting...
Hackers Exfiltrate NTDS.dit File, Gain Full Control of Active Directory Environments
Threat actors are increasingly targeting the NTDS.dit database, the core repository of Active Directory credentials and configuration, to gain unrestricted domain access. By creating Volume Shadow Copies and leveraging native tools such as ntdsutil, SecretsDump, and Mimikatz, attackers can extract...
Darwinium Tackles the Agentic AI Fraud Era With Strategic GTM Acceleration
Darwinium announced an accelerated go‑to‑market push in North America, appointing Michael Rodriguez as Global Head of GTM and adding senior hires Donnie Gates and Melissa Griffin. The new team will help fintechs, banks and eCommerce merchants combat “agentic AI” fraud...
OutSystems Achieves FedRAMP Authorization
OutSystems announced it has earned Federal Risk and Authorization Management Program (FedRAMP) authorization, allowing its low‑code development platform to be used by U.S. federal agencies. The certification, achieved in partnership with cloud provider Knox, confirms that the platform meets stringent...
Horizon3.ai Strengthens Global Partner Team for Faster Growth
Horizon3.ai announced a major expansion of its global partner leadership, appointing Tim Mackie as Global Vice President of Worldwide Channels and highlighting Marc Inderhees on CRN’s 2026 Channel Chiefs list. The moves are designed to accelerate MSP‑ and partner‑led growth...
Rebrand Cybersecurity From “Dr. No” To “Let’s Go”
The article urges a cultural shift in cybersecurity, moving from a restrictive "Dr. No" stance to an enabling "Let's Go" approach. It highlights Cross Domain Solutions (CDS) as a hidden but critical technology that securely transfers and accesses data across...
Mountain View Shuts Down Flock Safety ALPR Cameras After Year-Long Unrestricted Data Access
Mountain View police chief Mike Canfield ordered an immediate shutdown of the city’s Flock Safety automated license‑plate reader (ALPR) system after discovering that hundreds of unauthorized law‑enforcement agencies had been able to query the data for more than a year....
Building a Zero-Trust Framework for Cloud Banking
Financial institutions are moving beyond perimeter‑based defenses by adopting zero‑trust frameworks that continuously validate identities, devices, and services across multi‑cloud environments. The approach combines identity‑first security, micro‑segmentation, and AI‑driven risk analytics to meet stringent regulations such as PCI DSS, DORA, GDPR,...
Detectify Internal Scanning Finds and Fixes Vulnerabilities Behind the Firewall
Detectify introduced Internal Scanning, a tool that extends its external‑facing crawling and fuzzing engine into private networks, enabling security teams to locate and fix vulnerabilities behind the firewall with the same speed as external tests. The solution deploys via a...
CYGNVS Launches AI Model for Cyber Readiness and Response
CYGNVS unveiled a purpose-built AI model for cyber readiness and incident response, trained on more than 20,000 real-world cyber incidents and outages. The model leverages proprietary data from Marsh, the leading cyber insurance broker, without exposing any client‑specific information. By...
Lakelands Public Health Confirms Cyberattack, Says Sensitive Data Unaffected
On Jan 29, 2026, Lakelands Public Health confirmed a cyberattack that disrupted internal systems but left sensitive health records untouched. The agency activated its incident‑response plan, isolated affected assets, and hired a leading cybersecurity firm to investigate and restore services....
Fasoo Advances Personal Data Protection with AI-Powered Detection and Encryption
Fasoo unveiled an AI‑driven personal data protection suite combining Fasoo Data Radar and Fasoo AI‑R Privacy. The solution moves beyond keyword scans, using context‑aware models to detect PII across unstructured formats with fewer false positives. Detected data is automatically encrypted,...
Jennifer Duman of Skyhawk Security Named a 2026 CRN® Channel Chief
Skyhawk Security announced that Channel Director Jennifer Duman has been named a 2026 CRN® Channel Chief. Duman, who joined Skyhawk in 2025, has transformed the company’s channel‑first go‑to‑market model by automating onboarding and opportunity management. Under her guidance, Skyhawk’s partner...
Mitiga Reports Exceptional Growth as Enterprises Embrace Real-Time Cloud Detection and Response
Mitiga, the zero‑impact cloud detection and response leader, announced a 234% year‑over‑year sales surge in 2025 and rapid expansion following its Series B round led by SYN Ventures. The company doubled its workforce, launched a 25‑member CISO advisory board, and...
Tencent Cloud EdgeOne Launches Free AI Crawler Control: Empowering Developers to Reclaim Content Sovereignty
Tencent Cloud EdgeOne has rolled out its Basic Bot Management suite to all users, including those on the free tier, introducing AI Crawler Control and a CAPTCHA Page. The AI Crawler Control leverages continuous User‑Agent recognition to detect and act...
Privilege Disruption: The Key Choke Point for Cyber Deterrence
The article argues that privilege disruption is the critical choke point for effective cyber deterrence under the new 2026 White House Cyber Strategy. By denying and containing privileged access early, defenders shift the attacker’s risk‑benefit calculus, preventing initial footholds from...
E-Commerce Fraud Set to More Than Double to $131 Billion by 2030
Juniper Research projects global e‑commerce fraud to surge from $56 billion in 2025 to $131 billion by 2030, a 133 % increase. The spike is largely driven by "friendly fraud," which now accounts for the majority of chargeback disputes. Existing merchant defenses are...
Foxit Releases Security Updates for PDF Editor Cloud XSS Vulnerabilities
Foxit Software released security updates on February 3 2026 that remediate two moderate‑severity cross‑site scripting (XSS) vulnerabilities (CVE‑2026‑1591, CVE‑2026‑1592) in Foxit PDF Editor Cloud, and a related XSS flaw (CVE‑2025‑66523) in Foxit eSign patched on January 15 2026. The flaws allowed crafted file attachment...
Global Threat Map: Open-Source Real-Time Situational Awareness Platform
Global Threat Map is an open‑source platform that aggregates multiple public threat‑intelligence feeds into a live, animated world map showing malware, phishing, botnet and other malicious activity. The project publishes its data‑collection code on GitHub, offering full transparency of sources...
How Secure by Design Helps Developers Build Secure Software
The Center for Internet Security and SAFECode have published "Secure by Design: A Guide to Assessing Software Security Practices," a risk‑based manual that integrates security into every stage of the software development lifecycle. The guide aligns the NIST Secure Software...
One Identity Appoints Gihan Munasinghe as Chief Technology Officer
One Identity announced the appointment of Gihan Munasinghe as Chief Technology Officer. Munasinghe brings more than 15 years of experience leading global engineering organizations and modernising legacy platforms. He will steer the engineering team, accelerate the company’s SaaS delivery model...
Why Incident Response Breaks Down when It Matters Most
In a Help Net Security video, Jon David, Managing Director at NR Labs, explains why incident response often collapses during active breaches. He highlights that hesitation, poor escalation, and weak communication let attackers outpace defenders. The discussion emphasizes that trust,...
BGEANX and Scam: How Impersonation Confuses Crypto Users
Impersonators are hijacking the BGEANX brand to create fake platforms and phishing campaigns, misleading crypto users who mistake these copies for the legitimate service. The fraudulent sites copy visual elements, request private keys, and use urgency to exploit market emotions....
Why Network Detection and Response Is the Missing Link in Financial Services Security
Financial services firms boast mature security stacks, yet breaches persist because attackers exploit blind spots in network visibility. Traditional defenses—firewalls, endpoint tools, and SIEMs—focus on perimeter and device events, missing lateral movement and encrypted traffic anomalies. Network Detection and Response...
Auto Finance Fraud Is Costing Dealers up to $20,000 per Incident
Auto dealers are facing a growing fraud problem that can cost up to $20,000 per incident, according to Experian research. The most common schemes involve income and employment misrepresentation, followed closely by synthetic and third‑party identity fraud. Fraud often surfaces...
Stablecoin ‘Dust’ Txs on Ethereum Triple Post-Fusaka: Coin Metrics
Coin Metrics reports that stablecoin dusting attacks now make up 11% of Ethereum transactions and 26% of active addresses, a sharp rise after the December Fusaka upgrade lowered gas costs. Daily transaction volume has surpassed 2 million, peaking near 2.9 million in...
AU10TIX, Microsoft Partnership Reduces Reduces Fake Account Openings By 90%
AU10TIX and Microsoft unveiled OneVet, a joint solution that blends Azure Verifiable Credentials with AU10TIX’s AI‑driven identity intelligence. The platform automates partner account validation, delivering a 90% drop in fake account openings and cutting impersonation attempts. By issuing reusable, cryptographically...
Wave of Citrix NetScaler Scans Use Thousands of Residential Proxies
GreyNoise observed a coordinated reconnaissance campaign against Citrix NetScaler from Jan 28 to Feb 2, leveraging over 63,000 residential proxy IPs and a single Azure address. The scans generated 111,834 sessions, with 79% targeting Citrix Gateway honeypots and 64% originating from residential...
Socure Unveils Unified Risk Platform for Government Agencies
Socure announced SocureGov RiskOS, a unified risk platform for government agencies to modernize digital identity verification. The solution merges Socure’s existing public‑sector offerings with new AI‑powered analytics, replacing fragmented legacy systems with a single ecosystem. It leverages behavioral analytics, device...
Adversarial Exposure Validation for Modern Environments
Adversarial Exposure Validation (AEV) is a continuous, attacker‑style testing framework that proves whether identified exposures can actually be exploited in modern cloud and CI/CD environments. By combining automated PTaaS and BAS with human‑driven red‑team exercises and pipeline‑level validation, organizations receive...
DataDome Integrates Bot Protection with Varnish Software’s New Sovereign CDN
Varnish Software launched Varnish CDN, a fully sovereign European content delivery network that keeps all traffic, data, and metadata within EU jurisdiction. DataDome integrated its AI‑powered bot and agent trust management directly into the CDN, delivering real‑time protection against scraping,...
Mastering Enterprise IAM: Naveen Rudraradhya on Leading Global Identity and Access Transformation
Naveen Rudraradhya, an IAM veteran with an MBA in IT Business Management, led a global identity and access transformation that unified standards across regions while respecting local regulations. He replaced manual request channels with a single, automated portal linking HR...
Deno Sandbox
Over the past year Deno Deploy customers have increasingly generated code with large language models that runs instantly, exposing API keys and network access. Deno now offers Sandbox, lightweight Linux microVMs that isolate untrusted code, enforce network‑egress policies, and keep...
Iron Mountain: Data Breach Mostly Limited to Marketing Materials
Iron Mountain disclosed that the recent breach claimed by the Everest extortion gang was confined to a single folder of marketing materials on a public‑facing file‑sharing server. Attackers used a compromised login credential but did not deploy ransomware or access...
SQL Injection Flaw Affects 40,000 WordPress Sites
A SQL injection vulnerability (CVE‑2025‑67987) was found in the Quiz and Survey Master (QSM) WordPress plugin affecting versions up to 10.3.1. The flaw allowed any logged‑in user with Subscriber‑level access to inject arbitrary SQL via the `_is_linking_` REST API parameter,...
