AI Models Spot Deepfake Images, but People Catch Fake Videos
Researchers compared humans and AI in spotting synthetic media, finding AI excels at detecting deepfake images while humans outperform machines on deepfake videos. In tests, AI models achieved up to 97% accuracy on static faces, whereas participants identified only about 50% of fakes. Conversely, humans correctly judged 63% of video forgeries, with algorithms hovering near chance. The study of 2,200 image raters and 1,900 video viewers suggests a complementary role for humans and AI in future deepfake defenses.
Enclaive Secures €4.1m to Scale Confidential Computing Across Multi-Cloud
Berlin‑based enclaive closed a €4.1 million seed round led by Join Capital and the Amadeus APEX Technology Fund to accelerate its Multi‑Cloud Platform (eMCP). The funding will boost sales, marketing, product functionality and international expansion. eMCP lets organisations run workloads in...
DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon
A critical security flaw named DockerDash was disclosed in Docker's Ask Gordon AI assistant, allowing unverified Docker image metadata to become executable instructions. The vulnerability, identified by Noma Labs, enables remote code execution in cloud and CLI environments and data...
Orion Security Raises $32M in Series A Funding
Orion Security, a New York‑based AI‑driven contextual data protection firm, announced a $32 million Series A round. The financing was led by Norwest and included strategic participation from IBM alongside existing backers such as PICO Venture Partners and Lama Partners. The new...
From Credentials to Cloud Admin in 8 Minutes: AI Supercharges AWS Attack Chain
Threat actors used a publicly exposed AWS credential to launch an AI‑assisted attack that achieved full administrative control in under eight minutes. Large language models generated malicious Lambda code, enabling rapid privilege escalation, lateral movement across 19 principals, and costly...
Umanitek Launches Guardian Agent to Tackle AI Hallucinations, Deepfakes and Identity Abuse
Umanitek AG unveiled Guardian Agent, a decentralized AI identity protection platform that combats large language model hallucinations, deepfakes, impersonation, and IP infringement. The service monitors hundreds of millions of accounts, delivering real‑time risk scores and generating verifiable evidence packs to...
OpenClaw Is a Major Leap Forward for AI—And a Cybersecurity Nightmare
Cybersecurity researchers uncovered roughly 1,000 unprotected gateways to OpenClaw, an open‑source proactive AI agent accessed through WhatsApp and Telegram. The exposed endpoints let anyone read or write files, hijack connected accounts, and exploit a plugin‑ranking system that a white‑hat hacker...
Xeris Revolutionizes AI Agentic Cybersecurity With Patent Pending Super AI Agent Technology
Xeris unveiled a patent‑pending Super AI Agent platform designed to secure autonomous AI agents, multi‑cloud pipelines (MCP) and self‑evolving AI systems in enterprises. The technology acts as an autonomous supervisory AI that continuously observes, understands, and enforces policies on other...
Download: Tines Voice of Security 2026 Report
Tines has released its Voice of Security 2026 report, based on a survey of more than 1,800 security leaders and practitioners worldwide. The study reveals that while AI adoption is accelerating across security teams, manual work, rising workloads and burnout remain...
Researchers Warn of New “Vect” RaaS Variant
Researchers have identified a new ransomware‑as‑a‑service (RaaS) group called Vect, which has already hit organizations in Brazil and South Africa. The group markets a custom‑built C++ ransomware that uses ChaCha20‑Poly1305 encryption, claiming speeds 2.5 times faster than AES‑256‑GCM. Vect advertises...
Hackers Exploit Critical React Native Metro Bug to Breach Dev Systems
Hackers are exploiting the critical CVE‑2025‑11953 flaw in the React Native Metro bundler to gain unauthenticated command execution on development machines. The vulnerability resides in the /open‑url HTTP endpoint, which accepts unsanitized POST data and can run arbitrary OS commands...
Spanish Red Cross Launches Privacy-First Blockchain Aid Platform
The Spanish Red Cross has launched RedChain, a blockchain‑based platform that issues ERC‑20 aid credits on Ethereum and tracks donations in real time. Beneficiary personal data remains off‑chain, while cryptographic hashes on the public ledger provide verifiable proof of disbursement....
Critical React Native Vulnerability Exploited in the Wild
A critical‑severity flaw (CVE‑2025‑11953, CVSS 9.8) in the React Native Community CLI’s Metro bundler has been actively exploited since late December. The vulnerability allows unauthenticated remote OS command execution via simple POST requests to development servers that bind to external interfaces....
ShareVault Achieves ISO 42001 Certification, Setting a New Global Standard for Responsible AI in Virtual Data Rooms
ShareVault announced it has earned ISO/IEC 42001:2023 certification, the first international standard for responsible AI management systems. The certification covers all AI‑powered capabilities in its virtual data room platform, including OCR, AI redaction, document chat, and automated translation, and validates...
India’s Supreme Court to WhatsApp: ‘You Cannot Play with the Right to Privacy’
India’s Supreme Court delivered a stern rebuke to Meta, warning it cannot compromise Indian users’ right to privacy. The court questioned how WhatsApp, with over 500 million Indian users, obtains meaningful consent for data‑sharing and monetization of metadata. A ₹2.13 billion penalty...
Everest Ransomware Claims 90GB Data Theft Involving Legacy Polycom Systems
The Everest ransomware group alleges it stole roughly 90 GB of data from legacy Polycom engineering environments, which were acquired by HP in 2022 and now operate under the HP Poly brand. Screenshots released by the gang show file directories, source‑code trees...
Sandisk Brings SPRandom to Open Source for Large SSD Testing
SanDisk unveiled SPRandom, an open‑source preconditioning utility for large‑capacity enterprise SSDs. The tool, contributed to the fio benchmark suite, can shrink the time required to bring a 128 TB drive to steady state from over 144 hours to roughly six hours—a reduction...
RapidFort Raises $42M to Push Continuous Remediation for Software Supply Chain Security
RapidFort Inc. announced a $42 million Series A round to accelerate its continuous remediation platform for software supply chain security. The funding, led by Blue Cloud Ventures and Forgepoint Capital, will expand go‑to‑market efforts, enhance automated container hardening, and deepen adoption in...
Kasada Raises US$20M in Funding
Kasada, a New York cybersecurity startup, raised $20 million in a funding round led by EQT and backed by existing investors including Ten Eleven Ventures and Main Sequence Ventures. The capital will fund product scaling, cloud infrastructure expansion, and entry into...
When Cloud Outages Ripple Across the Internet
Recent high‑profile outages at AWS, Azure and Cloudflare have shown that cloud failures ripple far beyond compute, crippling the identity layer that underpins authentication and authorization. When shared services such as DNS, load balancers or managed databases go down, even...
How Data Brokers Can Fuel Violence Against Public Servants
A new Public Service Alliance report finds that state consumer‑privacy statutes fail to shield public employees from data‑broker exploitation, creating a "data‑to‑violence pipeline." The analysis of 19 laws shows no right for officials to compel redaction of personal details from...
Jan Recap: New AWS Privileged Permissions and Services
In January 2026 AWS introduced a suite of privileged permissions focused on networking, traffic control, and collaboration services. New actions for Network Firewall, Route 53 Global Resolver, EC2 VPC encryption controls, and Clean Rooms enable administrators to modify routing, firewall rules, and cross‑account...
Self-Healing AI for Security as Code: A Deep Dive Into Autonomy and Reliability
Self‑healing AI is reshaping cybersecurity by automatically detecting and fixing vulnerabilities within DevSecOps pipelines. Microsoft’s large‑scale deployments illustrate how autonomous, AI‑powered “immune systems” can protect millions of users in real time. The article stresses that pure automation risks over‑reliance, so...
Chollima APT Hackers Weaponize LNK Files to Deploy Sophisticated Malware
In March 2025, North Korean‑linked APT37 (Ricochet Chollima) launched “Operation: ToyBox Story,” a spear‑phishing campaign targeting activists focused on North Korean affairs. The emails delivered Dropbox links to ZIP archives containing malicious LNK shortcut files that execute hidden PowerShell commands, creating...
SimSpace Unveils Major Upgrades to Its AI-Empowered Cyber Range Platform
SimSpace launched an Early Access Program for its upgraded AI‑empowered cyber range platform, aiming to close the training‑testing gap for cybersecurity teams. The new platform combines AI‑assisted self‑service range design, a visual workbench, comprehensive security benchmarking, and API‑first integration capabilities....
Lt Gen (Dr) Rajesh Pant to Lead Webinar on AI-Driven Cyber Threats — Register Free Now
Cyble and The Cyber Express are hosting a free Zoom webinar on Feb 24, 2026 titled “AI, Ransomware & Hacktivism: The Cyber Risk Shift Most Leaders Are Failing to See.” The session will be led by Lt Gen (Dr) Rajesh...
Shai-Hulud & Co.: The Software Supply Chain as Achilles’ Heel
Supply‑chain attacks have evolved from passive typosquatting to active worms, exemplified by the Shai‑Hulud malware. Shai‑Hulud steals developer credentials, republishes infected npm packages, and can trigger a dead‑man switch that erases evidence. The worm’s ability to move across languages and...
Malicious Google Play App With 50K+ Downloads Spreads Anatsa Banking Trojan
A malicious Android app posing as a document reader amassed over 50,000 downloads on Google Play before being removed. The app functioned as a dropper for the Anatsa banking trojan, which can harvest credentials and execute unauthorized transactions. ThreatLabz identified...
Berchem School Hit by Cyberattack as Hackers Target Parents With €50 Ransom Demand
A ransomware group breached the servers of secondary school Onze‑Lieve‑Vrouwinstituut Pulhof in Berchem, forcing a shutdown of internal systems. The school refused to pay the initial ransom and the attackers escalated by demanding €50 per child from parents, threatening to...
Q&A with Ashley Burkle, Director of Business Development at Identiv
In a February 2026 interview, Ashley Burkle, Director of Business Development at Identiv, outlined the company’s push to embed secure digital identities into consumer packaging through NFC, BLE and UHF RFID technologies. Identiv’s solutions turn everyday products into connected data sources,...
Why Identity Threat Detection & Response Matters in 2026?
Identity Threat Detection & Response (ITDR) has become a core security pillar in 2026 as enterprises shift to cloud, remote work, and SaaS ecosystems, making compromised credentials the primary breach vector. Traditional defenses miss malicious activity that occurs after successful...
Leveraging ISACA for Your CMMC Career
The Cybersecurity Maturity Model Certification (CMMC) is becoming the mandatory standard for Department of Defense contractors to demonstrate protection of Federal Contract Information and Controlled Unclassified Information. CMMC 2.0 streamlines requirements into three levels, with Level 1 covering basic cyber hygiene,...
Notepad++ Attack Breakdown Reveals Sophisticated Malware and Actionable IoCs
The Chinese APT group Lotus Blossom has been linked to a sophisticated supply‑chain attack on the Notepad++ distribution platform. Attackers delivered a custom backdoor dubbed Chrysalis via a malicious NSIS‑based update.exe that sideloaded a forged Bitdefender Submission Wizard DLL into...
What Verified Breach Data Changes About Exposure Monitoring
Exposure monitoring relies on unverified breach feeds, leading to duplicate, fabricated, and stale alerts. Without validation, teams waste time triaging false positives and lose confidence in their programs. Verified breach data, as offered by Constella, provides source confirmation, de‑duplication, timestamps...
NDSS 2025 – VeriBin: Adaptive Verification Of Patches At The Binary Level
VeriBin is a novel system that automatically verifies whether a binary‑level patch is safe to apply by checking functional equivalence between the original and patched executables. It leverages symbolic execution to isolate patch‑introduced changes and validates them against properties that...
The Cost of Poor Cloud Resilience Is Often Paid in Ransom, Rubrik Warns
Rubrik warned that inadequate cloud resilience is turning ransomware attacks into costly ransom payments. The company showcased a tabletop exercise, “Zero Hour Horizon Retail,” which simulated a breach that escalated because backups were compromised and identity misconfigurations granted attackers full...
NjRAT Runs MassLogger
The long‑standing njRAT remote‑access trojan was observed delivering the credential‑stealing malware MassLogger via its C2 traffic. Using NetworkMiner Professional, analysts decoded PCAP data, extracting screenshots, command parameters and gzip‑compressed executables. The “CloudServices.exe” payload, identified as MassLogger, exfiltrates credentials by emailing...
Phishing Scam Uses Clean Emails and PDFs to Steal Dropbox Logins
A multi‑stage phishing campaign is targeting business users by sending clean‑looking procurement emails that contain PDFs with hidden clickable buttons. The PDFs exploit AcroForms and FlateDecode to redirect victims to a second file hosted on legitimate Vercel Blob storage, bypassing...
Top Cybersecurity Companies
Cybersecurity vendors are shifting from point products to AI‑driven unified platforms that combine SIEM, XDR, SOAR and threat intelligence. Companies like Seceon illustrate this trend by offering a fully integrated, machine‑learning‑based solution that scales across cloud, on‑prem and MSSP environments....
Notepad++ Says Chinese Government Hackers Hijacked Its Software Updates for Months
The Notepad++ developer confirmed that state‑linked Chinese hackers hijacked the editor’s update mechanism from June to December 2025, delivering malicious payloads to a limited set of users. The attackers exploited a vulnerability on a shared‑hosting server to redirect update requests...
Mozilla Announces Switch to Disable All Firefox AI Features
Mozilla announced that Firefox 148, releasing on February 24, will include a global “Block AI enhancements” toggle, letting users disable all generative AI features or manage them individually. The AI controls panel covers five specific tools—browser translations, PDF alt‑text generation, AI‑enhanced tab...
How DataDome Stopped Millions of Ticket Scalping Bots Targeting a Global Sports Organization
Between Jan 8‑13 2026 a global sports organization faced a coordinated ticket‑scalping attack that generated over 16 million malicious requests from 3.9 million unique IPs. DataDome’s Galileo Threat Research team identified the threat in real time and deployed AI‑driven detection that blocked every request...
Microsoft: January Update Shutdown Bug Affects More Windows PCs
Microsoft confirmed that a shutdown bug introduced by the January 15 cumulative update affects Windows 11 23H2 devices with System Guard Secure Launch and extends to Windows 10 22H2, Enterprise LTSC 2021 and 2019 when Virtual Secure Mode (VSM) is enabled. Emergency...
Outtake Closes $40M Series B Led by ICONIQ to Build the Unified Platform for Digital Trust in the AI Era
Outtake announced a $40 million Series B round led by ICONIQ, with participation from CRV, S32 and a slate of high‑profile tech executives. The funding will accelerate its unified digital‑trust platform that protects enterprises from AI‑driven impersonation and identity abuse. Outtake reported...
CTM360 Report Warns of Global Surge in Fake High-Yield Investment Scams
CTM360’s new report reveals a sharp global rise in fraudulent high‑yield investment programs, or HYIPs, promising unrealistic returns such as 40 % in 72 hours. Over 4,200 scam sites were cataloged in the past year, with December 2025 alone seeing 485 incidents—about 15...
Ransomware Attack Compromised 377,000 People’s Social Security and Driver’s License Numbers From Texas Gas Station and Convenience Store Chain
A ransomware group infiltrated Gulshan Management Services, the operator of about 150 Handi Plus and Handi Stop gas stations across Texas, exposing personal data of 377,082 individuals. The attackers accessed the network through a phishing email and remained undetected for several days,...
Crypto Crime Is Getting Violent: ‘Wrench Attacks’ Jumped 75% in 2026
Crypto‑related “wrench attacks” surged 75 % in 2026, reaching 72 confirmed incidents worldwide, while physical assaults tied to cryptocurrency theft rose 250 %. Europe now accounts for over 40 % of these violent crimes, with France leading at 19 reported cases—more than double...
Malwarebytes in ChatGPT Delivers AI-Powered Protection Against Scams
Malwarebytes has launched Malwarebytes in ChatGPT, embedding its threat‑intelligence engine into OpenAI’s chatbot to let users instantly assess scams, phishing links, and suspicious domains. The service draws on a continuously updated database that protects millions of devices, offering point‑by‑point analysis...
Panera Bread Breach Impacts 5.1 Million Accounts, Not 14 Million Customers
A recent data breach at Panera Bread compromised roughly 5.1 million unique user accounts, far fewer than the 14 million records initially reported. The breach was carried out by the ShinyHunters extortion gang, which accessed Panera's systems through a Microsoft Entra single...
Blockchain Security Firm CertiK Remains Focused on Enhancing Web3 Infrastructure
CertiK, a blockchain security leader valued at over $2 billion, is positioning itself as the trust backbone for the rapidly maturing Web3 ecosystem. Highlighted at the 2026 World Economic Forum, the firm is adopting public‑company practices to boost accountability and durability....
