Abusers Using AI and Digital Tech to Attack and Control Women, Charity Warns
Domestic‑abuse charity Refuge reports a sharp rise in technology‑enabled abuse, with a 62% increase in complex cases amounting to 829 women in Q4 2025. Referrals of victims under 30 grew 24%, highlighting younger women’s vulnerability to smart‑device stalking. Perpetrators are exploiting wearables, smart‑home systems and AI‑spoofing tools to track, harass, and fabricate evidence against survivors. Refuge urges regulators and tech firms to embed safety into device design and strengthen digital‑investigation resources.
Human Risk Management: CISOs’ Solution to the Security Awareness Training Paradox
Human risk management (HRM) is emerging as a solution to the security awareness training (SAT) paradox, where 70‑90% of breaches originate from employee actions despite billions spent on training. While SAT spending is projected to grow 15% annually, its efficacy...
Black Duck Expands Federal Cloud Offerings with FedRAMP Push
Black Duck announced it has begun the FedRAMP Moderate authorization process for its Polaris Platform, aiming to secure a federal‑grade cloud offering. The company partnered with stackArmor, a FedRAMP engineering specialist, to fast‑track the Authorization to Operate (ATO). Black Duck...
Attackers Weaponize Microsoft 365 Outlook Add-Ins to Quietly Exfiltrate Email Data
Researchers have uncovered a stealthy data‑theft method called “Exfil Out&Look” that abuses Microsoft 365 Outlook Web add‑ins to siphon email content. The technique leverages minimal‑permission manifests that execute on the OnMessageSend event, silently fetching email bodies and forwarding them via a fetch()...
Helpdesk Impersonation: A High-Risk Social Engineering Attack
Helpdesk impersonation is a social‑engineering technique where attackers pose as employees or partners to trick IT support staff into granting unauthorized access. By leveraging publicly available information and urgency cues, they can obtain password resets, MFA device changes, and privileged...
The Future of Digital Asset Security: Institutional-Grade Strategies for Private Investors in 2026
Digital investors face escalating cyber threats, making traditional passwords obsolete. Bexalon’s guide advocates institutional‑grade defenses, including AES‑256 encryption, segregated accounts, and a blend of cold storage with limited hot wallets. It also recommends abandoning SMS‑2FA in favor of hardware keys,...
Wearable Tech Adoption Continues as Privacy Worries Grow
Over one billion people now wear fitness trackers that continuously collect health metrics, creating a massive stream of sensitive personal data. A recent Clutch survey shows 74% of users are worried about how this data is handled, while only 58%...
Securing Trust: Why Crisis Communication Is Your First Line of Defense
The article argues that crisis communication is a core security control, not merely a public‑relations task. It shows how timely, accurate messaging curbs panic, protects brand reputation, and satisfies strict regulatory timelines such as the SEC’s four‑day rule and GDPR’s...
Trump Sues IRS and the Treasury for $10 Billion Because His Tax Returns Were Leaked
The 2023 leak orchestrated by former Booz Allen consultant Charles Littlejohn exposed tax returns for an estimated 400,000 affluent Americans, a cache that quickly landed on the desks of the New York Times and ProPublica. Littlejohn’s guilty plea in 2023 and subsequent...
Bybit Made ‘Slow but Steady Comeback’ in 2025 After Massive Hack: CoinGecko
Bybit posted the second‑largest trading volume among crypto exchanges in 2025, reaching $1.5 trillion and capturing an 8.1% market share despite a $1.5 billion hack earlier in the year. The exchange kept withdrawals open, honored all user transactions, and secured external liquidity,...
Top 5 PCI Compliant Hosting Providers
The article outlines the five leading PCI‑compliant hosting providers—AWS, Microsoft Azure, Google Cloud Platform, Rackspace, and specialized PCI hosts—explaining how each aligns its infrastructure with PCI DSS requirements. It emphasizes the shared‑responsibility model, where providers manage the underlying hardware while...
Cisco Foundation AI Debuts Agentic Security Tools to Protect Autonomous AI Systems
Cisco Foundation AI unveiled a suite of agentic security tools aimed at safeguarding increasingly autonomous AI systems in enterprise environments. The flagship offering, Foundation‑sec‑8B‑Reasoning, is an open‑weight model optimized for multistep cybersecurity analysis and produces explicit reasoning traces. Complementary releases...
PwC Expands Google Cloud Alliance with $400M Push Into AI-Driven Security Operations
PwC announced an expanded alliance with Google Cloud, committing $400 million over three years to accelerate AI‑driven security operations. The partnership blends Google Cloud’s AI‑powered security platforms with PwC’s transformation, risk, and managed‑service expertise to modernize security across hybrid and multicloud...
Hugging Face Abused to Spread Thousands of Android Malware Variants
Researchers at Bitdefender uncovered a new Android malware campaign that exploits the Hugging Face platform as a distribution hub for thousands of polymorphic APK variants. The dropper app, TrustBastion, masquerades as a security tool, redirects victims to a Hugging Face...
Ivanti Warns of Two EPMM Flaws Exploited in Zero-Day Attacks
Ivanti disclosed two critical code‑injection flaws (CVE‑2026‑1281 and CVE‑2026‑1340) in its Endpoint Manager Mobile (EPMM) platform, each scoring 9.8 on the CVSS scale and already leveraged in limited zero‑day attacks. The company issued immediate RPM‑based mitigations that require no downtime,...
Measuring Agentic AI Posture: A New Metric for CISOs
The episode introduces a new metric—Agentic AI Posture—to help CISOs assess readiness against fast‑moving AI‑driven threats, arguing that traditional security metrics like MTTR are insufficient. It outlines three pillars for measuring AI readiness: Visibility Ratio (tracking shadow agents and API...
Quantum-Ready Security Drives Keyfactor to 2025 Inc. 5000 List
Keyfactor earned a spot on the 2025 Inc. 5000 list for the sixth year in a row, driven by surging demand for quantum‑ready security solutions. The Cleveland‑based firm launched the AI‑powered Keyfactor Command MCP Server to streamline PKI and certificate...
Quantum Cybersecurity Policy: ITI’s Guide for Secure Innovation
On World Quantum Day 2025 the Information Technology Industry Council (ITI) published a Quantum Technology Policy Guide that frames quantum cybersecurity as a dual‑track challenge. The guide urges immediate deployment of post‑quantum cryptography (PQC) while promoting quantum communications such as...
Still Trying to Reduce Technical Debt Manually?
In this episode, Azul discusses the growing challenge of technical debt in Java applications, especially as Java versions approach end‑of‑support windows. It outlines manual best practices—such as educating product owners, modular architecture, automated testing, and maintaining a debt register—alongside governance...
Ex-Google Engineer Guilty of Stealing AI Tech for Chinese Firm
A federal jury in Northern California found former Google engineer Linwei Ding guilty of 14 counts of economic espionage and trade‑secret theft. Ding allegedly exfiltrated 1,255 internal documents—about 14,000 pages—related to Google’s AI chip technology between May 2022 and January 2024. He...
Common Cloud Migration Security Mistakes (and How to Avoid Them)
Enterprises rushing to the cloud often overlook security, leading to costly gaps. Common pitfalls include naïve lift‑and‑shift migrations, weak identity controls, and inadequate data protection. The article outlines ten frequent mistakes and provides concrete steps—such as workload‑by‑workload assessment, least‑privilege access,...
Marquis Blames Ransomware Breach on SonicWall Cloud Backup Hack
Marquis Software Solutions, a Texas‑based provider to over 700 banks and credit unions, attributes its August 2025 ransomware incident to a breach of SonicWall’s MySonicWall cloud backup service. The attackers allegedly used firewall configuration files stolen from SonicWall to bypass Marquis’s...
Massive AI Chat App Leaked Millions of Users Private Conversations
Chat & Ask AI, a popular AI chatbot with over 50 million installs, suffered a massive data exposure due to a Firebase misconfiguration. An independent researcher accessed roughly 300 million messages belonging to more than 25 million users, revealing full conversation histories, timestamps,...
An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account
Security researchers discovered that Bondu, an AI‑enabled stuffed‑dinosaur toy, left over 50,000 child chat transcripts accessible to anyone with a Gmail account through its parent portal. The flaw required no hacking—simply logging in with a Google ID revealed names, birthdates,...
Moltbot Personal Assistant Goes Viral—And So Do Your Secrets
The episode dives into Moltbot, an open‑source, self‑hosted AI personal assistant that surged in popularity in January 2026, amassing tens of thousands of GitHub stars and forks. While its powerful automation capabilities are praised, the hosts reveal a wave of...
Operation Winter SHIELD: FBI Issues Call to Arms for Organizations to Improve Cybersecurity
The FBI has launched Operation Winter SHIELD, a cyber‑resilience campaign that outlines ten concrete actions for organizations to harden both IT and OT environments. The initiative aligns with the U.S. National Cyber Strategy and draws on recent investigations of cyber‑criminal and...
Top Web Development Trends to Watch in 2026
Web development in 2026 is dominated by AI‑first tools, meta‑frameworks, and pervasive TypeScript, reshaping how code is written and deployed. AI agents now scaffold full‑stack applications from natural language prompts, while platforms like Next.js and Nuxt merge front‑end and back‑end...
NDSS 2025 – TrajDeleter: Enabling Trajectory Forgetting In Offline Reinforcement Learning Agents
The episode discusses TrajDeleter, a novel method for trajectory unlearning in offline reinforcement learning (RL) agents, presented by researchers from the University of Virginia and the Chinese Academy of Sciences. TrajDeleter trains agents to degrade performance on states from specific,...
New CISA Guidance Targets Insider Threat Risks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a new infographic aimed at helping critical‑infrastructure operators and state, local, tribal and territorial (SLTT) governments manage insider threats. The guidance outlines a four‑stage model—plan, organize, execute, maintain—and stresses building multidisciplinary...
Fiserv Sued over Alleged Lax Security
Payment processor Fiserv faces a lawsuit from FiCare Federal Credit Union alleging that its Virtual Branch Next platform lacked basic cybersecurity controls, allowing hackers to hijack customer accounts and steal hundreds of thousands of dollars. The complaint claims Fiserv failed...
This Startup Aims to Solve Crypto’s Broken Key Management Problem
Sodot unveiled its Exchange API Vault, a self‑hosted solution that secures cryptocurrency exchange API keys while keeping them instantly available for trading. The vault combines multi‑party computation and trusted execution environments to split keys, preventing plaintext exposure even during high‑frequency...
Aisuru Botnet Sets New Record with 31.4 Tbps DDoS Attack
The Aisuru/Kimwolf botnet launched a hyper‑volumetric DDoS assault that peaked at 31.4 Tbps and 200 million requests per second, eclipsing its own 29.7 Tbps record. Cloudflare detected and automatically mitigated the attack on December 19, 2024, without triggering internal alerts. The campaign primarily hit...
Virtue AI AgentSuite Enables Enterprises to Test and Secure AI Agents
Virtue AI has launched AgentSuite, a multi‑layer security and compliance platform designed for enterprise AI agents. The solution lets organizations test agents, enforce real‑time guardrails, and control tool access while providing full audit trails. IBM research shows 79% of enterprises...
Employment Fraud & Hiring Risk: When Access Becomes Risk
The episode explores how employment fraud transforms hiring into a security risk, highlighting that in today’s remote, AI‑driven workforce, malicious actors can fabricate identities and gain trusted access before any internal controls engage. It explains that static background checks are...
Atos Named Best-in-Class for IT/OT Cybersecurity by PAC France
Atos has been named Best‑in‑Class for IT/OT Cybersecurity Services in France for 2025 by PAC Innovation Radar. The award highlights Atos’ extensive portfolio, including auditing, consulting, field operations, and managed services, backed by dedicated OT Security Operations Centers and a...
You’re Not Paranoid: Lawyers ARE Coming to Get You.
Comstar LLC, an ambulance billing vendor, suffered a March 2022 ransomware attack that exposed the protected health information of roughly 585,621 individuals. Federal regulators settled for $75,000, while Connecticut and Massachusetts AGs imposed a combined $515,000 penalty and a detailed...
Druva Threat Watch Offers Continuous Threat Monitoring of Backup Data
Druva launches Threat Watch, a zero‑touch, cloud‑native solution that continuously scans backup snapshots for dormant threats and indicators of compromise. The service runs inside Druva’s Data Security Cloud, eliminating the need for extra hardware or agents and delivering near‑real‑time detection...
The Best ChatGPT Settings to Get Answers That Fit Your Needs
ChatGPT now sees over 5.6 billion monthly visits, making its configuration a critical productivity lever. The platform offers a suite of settings—personalization, memory, tone, model choice, security, and app integrations—that shape how the AI responds and protects user data. Adjusting these...
Mesh Security Raises $12 Million Series A
Mesh Security announced a $12 million Series A round led by Lobby Capital, with participation from S Ventures and Bright Pixel Capital. The Palo Alto‑based startup claims to deliver the world’s first Cybersecurity Mesh Architecture (CSMA) platform, an execution layer that unifies...
France Fines Unemployment Agency €5 Million over Data Breach
France's data protection authority (CNIL) has imposed a €5 million fine on the national employment agency, France Travail, for a massive data breach. The breach, discovered in early 2024, exposed personal details of up to 43 million job seekers, including names, birth...
Open Directory Exposure Leaks BYOB Framework Across Windows, Linux, and macOS
The Hunt.io team uncovered an openly accessible directory on IP 38.255.43.60 that hosts the complete BYOB (Build Your Own Botnet) framework, a sophisticated post‑exploitation tool targeting Windows, Linux and macOS. The infrastructure includes five C2 nodes across the United States, Singapore...
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories
The FBI’s seizure of the RAMP cybercrime forum underscores law‑enforcement pressure on underground marketplaces, while Meta confronts a U.S. lawsuit alleging unauthorized access to WhatsApp messages. CISA published its first list of post‑quantum cryptography‑compatible products, urging organizations to prepare for...
The Fraud Visibility Gap Created by Agentic Shopping
Agentic shopping leverages AI‑driven assistants to automate the checkout process, eliminating the manual steps that traditionally generate rich behavioral data. By bypassing page‑level interactions, these autonomous flows erase signals such as mouse movement, dwell time, and device fingerprinting that fraud...
US Data Breaches Hit Record High but Victim Numbers Decline
The Identity Theft Resource Center recorded a record 3,332 data compromises in the United States for 2025, a 5 % rise over the previous year. Despite more incidents, victim notices fell sharply to 279 million, the lowest level since 2014, as the...
Banks Remain Most Breached Sector as Attacks Hit Record
The Identity Theft Resource Center’s 2025 breach report shows financial services endured 739 data compromises, the highest of any sector for a second straight year. Physical card‑skimming attacks resurfaced as “Skimming 2.0,” with Bluetooth‑enabled overlay devices driving incidents from four to...
BlackIce Introduced as Container-Based Red Teaming Toolkit for AI Security Testing
Databricks unveiled BlackIce, an open‑source Docker‑based toolkit that bundles 14 leading AI security utilities into a single, reproducible environment. By containerizing both static command‑line tools and dynamic Python‑driven frameworks, BlackIce removes the setup friction and dependency clashes that have long...
Conditional Access Enforcement Change Coming to Microsoft Entra
Microsoft announced that starting March 27 2026, Conditional Access policies in Microsoft Entra will be enforced during sign‑ins even when resource exclusions are configured, with a phased rollout through June 2026. The change specifically targets sign‑ins from client applications that request only OIDC...
N-Able Brings AI to Endpoint, Security, and Recovery
N‑able unveiled AI‑enhanced capabilities across its endpoint management, security operations, and data‑protection suite. Leveraging telemetry from over 11 million managed devices and a network of 25,000+ service providers, the company now offers agentic AI that automates scripting, threat detection, and recovery...
Fake “Mac Cleaner” Campaign Uses Google Ads to Redirect Users to Malware
Cybercriminals are leveraging Google Search Ads to distribute macOS malware by directing users searching for “mac cleaner” to counterfeit Apple‑styled landing pages. The ads, hosted on compromised Google Ads accounts, redirect to Google Apps Script pages that decode Base64 payloads...
Tosi Platform Delivers Unified Connectivity, Visibility, and Security for OT at Scale
Tosi has launched a purpose‑built OT platform that consolidates connectivity, visibility, and security into a single console. The offering includes Tosi Control for fleet management and real‑time status, with Tosi Insight adding traffic analytics and anomaly detection, and a full...
