2025 - The Year of Quantum
Quantum computing is moving from theoretical research to commercial opportunity, with startups already delivering products in cybersecurity, networking, middleware, and sensing. Andy Leaver of Notion Capital argues that waiting for fault‑tolerant, cryptography‑breaking machines is unnecessary; viable markets exist today. He highlights Europe’s strong research base as a competitive edge and outlines Notion’s focus on early‑stage quantum ventures. The piece underscores that investors can capture returns now, even as fully error‑corrected quantum hardware remains years away.
Commvault Pitches Geo Shield for Sovereign Data Protection
Commvault has launched Geo Shield, a sovereign‑data protection suite that lets enterprises dictate where data resides, who controls access, and who holds encryption keys. The offering spans four deployment models—from local hyperscaler SaaS to private sovereign clouds—supporting both BYOK and HYOK...
Iconics SCADA Vulnerability Can Render Systems Unbootable
A newly disclosed flaw (CVE‑2025‑0921) in Iconics Suite’s Pager Agent lets a non‑admin attacker manipulate file‑system permissions to overwrite critical Windows driver files. By redirecting log output via symbolic links, the exploit can corrupt the cng.sys driver, causing the system...
Chrome Ad Blocker Caught Hijacking Amazon Affiliate Links
A Chrome extension called Amazon Ads Blocker, marketed as an ad‑hider, was found to silently replace creator affiliate tags on Amazon product links with its own identifier (10xprofit‑20). Socket researchers discovered the extension injects the tag on page load and...
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
Russian‑linked group Fancy Bear leveraged the high‑severity CVE‑2026‑21509 Office flaw days after Microsoft disclosed it, targeting Ukrainian ministries and EU bodies. The malicious Word document triggered a WebDAV call that installed a DLL via COM hijacking, ultimately launching the Covenant...
Span Cyber Security Arena 2026: Only 10 Days Left to Secure Early Bird Tickets
Span Cyber Security Arena 2026 will be held May 20‑22 in Poreč, Croatia, at the five‑star Pical Resort. The event features three days of conference sessions plus two pre‑conference masterclasses on May 18‑19 for engineers, architects, and consultants. Keynote speakers include...
This Stealthy Windows RAT Holds Live Conversations with Its Operators
Point Wild researchers uncovered a new Windows campaign deploying the Pulsar RAT, a .NET‑based remote access trojan that lives entirely in memory. The infection chain starts with a per‑user Registry Run key that launches a PowerShell loader, which decodes Donut‑generated...
Shift Left Is Dead for Cloud PAM
In this episode, Cole Horsman, Field CTO at Sonrai Security, recounts his three‑year journey trying to apply shift‑left and just‑in‑time (JIT) models to cloud identity, ultimately concluding that both approaches failed because they target the wrong layer. He explains how...
Threats: Results of a Pilot Survey on Threats, and a New Category on DataBreaches.net
A pilot survey of 112 security researchers and journalists was conducted from December 20 2025 to January 18 2026 to gauge legal and criminal threats they face. The study reveals that many respondents encounter litigation warnings, criminal investigations, and intimidation from cyber‑criminals. Findings are...
Securing the Mid-Market Across the Complete Threat Lifecycle
Mid‑market firms face tight budgets and lean security teams, making traditional, siloed tools costly and inefficient. The article advocates a full‑lifecycle approach—prevention, protection, detection, and response—delivered through integrated platforms such as Bitdefender GravityZone. By unifying endpoint, cloud, identity, and network...
Microsoft Fixes Bug Causing Password Sign-In Option to Disappear
Microsoft has resolved a lock‑screen bug that hid the password sign‑in icon after Windows 11 updates released since August 2025. The issue primarily affected users with multiple authentication methods and was linked to the KB5064081 preview update and subsequent 24H2/25H2 builds. Microsoft...
Is Data Center Colocation Secure? What CIOs and CISOs Need to Know
Colocation is emerging as a pragmatic alternative to building private data centers, offering enterprises robust physical safeguards while offloading power and cooling overhead. Providers secure the facility with layered access controls, surveillance, and environmental protections, but customers retain responsibility for...
Britain and Japan Join Forces on Cybersecurity and Strategic Minerals
Britain and Japan announced a new cyber strategic partnership during Prime Minister Keir Starmer's Tokyo visit, following his stop in Beijing. The agreement pairs cybersecurity cooperation with joint efforts to secure critical mineral supply chains essential for advanced manufacturing and...
NationStates Confirms Data Breach, Shuts Down Game Site
NationStates, a browser‑based government simulation game, confirmed a data breach after a player exploited a critical Remote Code Execution flaw in its new Dispatch Search feature. The attacker accessed production servers, copying email addresses, MD5‑hashed passwords, IP logs, and possibly...
A Slippery Slope: Beware of Winter Olympics Scams and Other Cyberthreats
Cybercriminals are gearing up for the Milano‑Cortina 2026 Winter Olympics, exploiting the event’s global visibility with a surge of phishing, fake ticket sites, malicious streaming platforms, and counterfeit apps. Past Games have seen state‑aligned actors deploy wiper malware and hacktivists...
BreachForums Breach Exposes Names of 324K Cybercriminals, Upends the Threat Intel Game
The episode examines the recent breach of the BreachForums marketplace, which exposed the real identities, emails, IPs, and registration data of roughly 324,000 cyber‑criminals. Experts from Keeper Security, ColorTokens, and Fenix24 explain how the leak provides a rare intelligence goldmine,...
Flaw in Broadcom Wi-Fi Chipsets Illuminates Importance of Wireless Dependability and Business Continuity
The episode examines a critical vulnerability in Broadcom Wi‑Fi chipsets that lets an attacker disrupt 5 GHz networks with a single unauthenticated frame, forcing a router reboot and potentially enabling evil‑twin phishing attacks. Experts from Black Duck, BeyondTrust, Qualys, and Cequence...
ACTFORE Secures Patent for Template Identification and Matching Technology
ACTFORE announced the USPTO has granted its second patent for a Template Identification and Matching technology that fingerprints documents at the pixel level. The solution converts each page into image‑based signatures, enabling detection of structural similarities across massive, unstructured breach...
StrongestLayer: Top ‘Trusted’ Platforms Are Key Attack Surfaces
In this episode Adrian Bridgwater discusses StrongestLayer’s new threat‑intelligence report, which analyzed 2,042 advanced email attacks that slipped past Microsoft Defender E3/E5 and leading secure email gateways. The findings reveal a shift toward attackers exploiting trusted platforms such as DocuSign,...
When Responsible Disclosure Becomes Unpaid Labor
Responsible disclosure is increasingly failing as organizations delay acknowledgment, dispute severity, and provide little compensation, turning ethical research into unpaid labor. The recent React2Shell (CVE-2025-55182) case shows coordinated response can work, yet exploitation still spread quickly. In contrast, unbacked open‑source...
Open-Source AI Pentesting Tools Are Getting Uncomfortably Good
Open‑source AI pentesting tools are reaching production‑grade performance, with BugTrace‑AI, Shannon, and the Cybersecurity AI Framework (CAI) each demonstrating distinct strengths in a lab test. BugTrace‑AI acts as a low‑noise reconnaissance assistant, flagging likely flaws without launching exploits. Shannon takes...
Where NSA Zero Trust Guidance Aligns with Enterprise Reality
The NSA released Phase One and Phase Two of its Zero Trust Implementation Guidelines, outlining 36 and 41 activities respectively to achieve 30 and 34 distinct capabilities. The guidance builds on earlier Primer and Discovery Phase documents and aligns with...
Pompelmi: Open-Source Secure File Upload Scanning for Node.js
Pompelmi is an open‑source toolkit that adds inline malware scanning to Node.js file‑upload handlers. It inspects files in memory, applying configurable policies on extensions, size, MIME types, and archive contents before any data reaches storage. The library offers pluggable scanning...
Crypto Stolen Hit $370M in January, Quadrupling Year on Year: CertiK
Crypto theft surged to $370.3 million in January 2026, a near‑four‑fold rise from a year earlier, according to security firm CertiK. A single phishing scam accounted for $284 million of the loss, while phishing overall stole $311.3 million. The month’s biggest individual hacks...
What Boards Need to Hear About Cyber Risk, and What They Don’t
Entrust CIO Rishi Kaushal explains how security leaders should brief corporate boards on cyber risk, linking cryptography, certificates, and authentication to tangible business outcomes such as revenue loss, outages, fraud, and regulatory exposure. He demystifies the digital‑trust layer, arguing that...
Online Safety and Fraud Prevention: Protecting Yourself in the Digital Finance Era
Digital finance’s rapid expansion has amplified convenience while exposing users to sophisticated online scams. Fraudsters now deploy phishing, fake investment sites, and cloned e‑commerce stores that closely resemble legitimate brands. Verifying a website before any financial transaction—checking domain age, security...
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Researchers uncovered a supply‑chain breach of the Open VSX Registry where a legitimate developer’s credentials were hijacked to publish malicious updates of four popular extensions. The poisoned versions, released on Jan 30 2026, embedded the GlassWorm loader and were downloaded over 22,000...
AI Is Flooding IAM Systems with New Identities
The Cloud Security Alliance reports that AI‑generated identities are being treated like traditional non‑human accounts, exposing them to the same IAM weaknesses such as credential sprawl and unclear ownership. AI systems create and retire identities at unprecedented speed, overwhelming legacy...
Tech Dependencies Undermine UK National Security
The UK’s push to curb illegal deep‑fake content on X exposed a broader vulnerability: dependence on US‑based platforms for national‑security enforcement. Recent clashes with Elon Musk and a fine against Cloudflare illustrate how American firms can resist or complicate European...
Crypto Protocol CrossCurve Under Attack, $3M Reportedly Exploited
CrossCurve, a cross‑chain bridge protocol, confirmed a security breach that resulted in roughly $3 million being stolen across several blockchain networks. The exploit targeted a smart‑contract vulnerability that allowed attackers to spoof cross‑chain messages and unlock tokens without proper validation. CrossCurve...
Are Cloud Secrets Safe with Automatic Rotation Systems
Enterprises are increasingly relying on automated rotation systems to protect cloud secrets tied to Non‑Human Identities (NHIs). By continuously updating credentials, these solutions shrink the window of exposure for machine‑identity attacks, a threat that 68% of organizations have already faced....
How Powerful Is AI in Managing Non-Human Identities
Non‑human identities (machine identities) now account for roughly 68% of IT security incidents, making their management a top priority for organizations undergoing digital transformation. A lifecycle‑focused NHI management platform offers discovery, classification, monitoring, and remediation, surpassing point solutions like secret...
What New Technologies Are Boosting Agentic AI Capabilities
Non‑Human Identities (NHIs), also called machine identities, are becoming essential for securing cloud‑based environments as organizations scale. Effective NHI management couples encrypted secrets with granular permissions, providing a passport‑visa model for automated services. Integrating Agentic AI enables autonomous secret rotation,...
Can Agentic AI Handle Complex Cloud-Native Security Tasks
The article explains that non‑human identities (NHIs)—machine credentials such as passwords, tokens and keys—are critical for securing cloud‑native environments. It argues that comprehensive NHI management platforms provide visibility, automated secret rotation, and threat detection across the identity lifecycle, delivering cost...
Shock Report Claims Android Apps Have Leaked over 730TB of User Data and Google Secrets - Here Are some of...
A recent security study uncovered that Android AI applications have collectively leaked nearly 730 terabytes of user data, alongside hard‑coded secrets that expose cloud infrastructure and payment systems. The research examined dozens of popular AI‑driven apps on Google Play, finding API...
NDSS 2025 – Alba: The Dawn Of Scalable Bridges For Blockchains
Researchers at TU Wien and Princeton introduced Alba, a Pay2Chain bridge that leverages off‑chain payment channels to trigger conditional payments on target blockchains. Unlike traditional light‑client or zk‑based bridges, Alba avoids costly on‑chain inclusion proofs, cutting communication overhead and on‑chain...
Netbird a German Tailscale Alternative (P2P WireGuard-Based Overlay Network)
NetBird is a German open‑source zero‑trust networking platform that uses WireGuard to create a peer‑to‑peer overlay, positioning itself as a Tailscale‑style alternative to legacy VPNs. It delivers instant deployment, SSO/MFA integration, dynamic posture checks, and centralized policy management across Linux,...
Global Trustnet Strengthens Client Intake and Review Framework to Support Secure Platform Operations
Global Trustnet announced enhancements to its client intake and internal case review frameworks, emphasizing security, verification discipline, and structured governance. The new standardized onboarding workflow aims to improve data accuracy, traceability, and consistency as digital‑asset trading volumes rise. Parallel upgrades...
Ondas’ American Robotics Optimus Drone Approved for Rapid Federal Procurement via DCMA Blue UAS Cleared List
Ondas Inc.’s Optimus drone, built by American Robotics, has earned Blue List status from the Defense Contract Management Agency, placing it on the Department of War’s approved UAS directory. The designation confirms compliance with stringent cybersecurity, supply‑chain and operational standards,...
Blockchain Penetration Testing: Definition, Process, and Tools
Blockchain penetration testing simulates real‑world attacks on decentralized ledgers to expose flaws in smart contracts, consensus mechanisms, nodes, and wallets before they can be exploited. Recent incidents such as the $2.17 billion crypto thefts in 2025 and the 17‑hour Solana outage...
AI-Powered Penetration Testing: Definition, Tools and Process
AI‑powered penetration testing combines machine‑learning models, autonomous agents, and traditional security tools to simulate real‑world attacks faster and more comprehensively than manual testing. Recent research shows AI agents achieved 82 % precision and outperformed nine out of ten human testers in...
IoT Penetration Testing: Definition, Process, Tools, and Benefits
IoT penetration testing evaluates the entire IoT ecosystem—from hardware and firmware to cloud services—by simulating multi‑stage attacks. The practice uncovered critical flaws in high‑profile incidents, such as Southern Water’s water‑monitoring hack and an NHS Trust breach, both caused by outdated...
RINA Accountants & Advisors Is Creating $400K Settlement Fund to Settle Lawsuit over 2022 Data Breach
RINA Accountants & Advisors, a U.S. accounting firm, has agreed to establish a $400,000 settlement fund to resolve a class‑action lawsuit stemming from a 2022 data breach. The breach exposed client‑sensitive information, prompting legal action from affected parties. The settlement...
Show HN: Minimal – Open-Source Community Driven Hardened Container Images
The Minimal project publishes a suite of open‑source, production‑ready container images built daily with Chainguard’s apko and Wolfi packages. By including only essential components, the images achieve near‑zero CVEs and are typically patched within 24‑48 hours of disclosure. Each image is...
Comcast Agrees to $117.5 Million Settlement to Resolve Lawsuits over 2023 Citrix Bleed Data Breach
Comcast has reached a $117.5 million settlement to resolve 24 class‑action lawsuits stemming from the 2023 Citrix Bleed data breach, which potentially exposed personal information of more than 30 million current and former customers. A federal judge in the Eastern District...
StopICE Hacked: Names And Locations of Over 100k Users Were Sent to the FBI, ICE and HSI
The anti‑ICE activist platform StopICE suffered a massive data breach, exposing personal details of over 100,000 registered users. Hackers accessed names, login credentials, phone numbers and precise GPS locations, then transmitted the information to the FBI, ICE and Homeland Security...
Solana DeFi Platform Step Finance Hit by $27 Million Treasury Hack as Token Price Craters
Step Finance, a Solana‑based DeFi portfolio tracker, disclosed a treasury breach that saw 261,854 SOL—about $27 million—unstaked and transferred. The hack triggered an over‑80% plunge in its governance token STEP within 24 hours. The platform has engaged cybersecurity firms but has not...
Crypto Hardware Wallet Maker Ledger Strengthens Wallet Security with New BIP32 Derivation Rules
Ledger announced new BIP32 derivation rules that require hardened prefixes for its Bitcoin, Dogecoin and Bitcoin Cash applications. The change isolates each app’s key subtree, preventing cross‑application key exposure even if a single app is compromised. Enforcement begins on February 26...
When the GDPR Is Weaponized to Shut Journalists up, Don’t Go Silently Into that Dark Night
Journalists across the US and Europe face escalating legal attacks, from arrests to super‑injunctions, aimed at silencing critical reporting. A new EU SLAPP report shows 167 lawsuits filed in 2024, with Italy, Germany and Serbia leading, and two‑thirds initiated by...
NDSS 2025 – PropertyGPT
PropertyGPT leverages large language models to automatically generate formal verification properties for smart contracts, using a retrieval‑augmented pipeline that pulls similar human‑written properties from a vector database. The system iteratively refines generated properties with compilation and static‑analysis feedback to ensure...
