OpenAI CEO Altman Admits He Broke His Own AI Security Rule After Just Two Hours, Says We're All About to...
OpenAI CEO Sam Altman admitted he violated his own rule by granting the Codex model full access to his computer within two hours, citing the agent's reasonable behavior. He warned that the convenience of AI agents can lead users to over‑trust them before robust security systems exist. Altman highlighted the absence of a comprehensive security infrastructure for increasingly capable models, suggesting it as a potential startup opportunity. Meanwhile, OpenAI announced slower hiring and noted GPT‑5 emphasizes reasoning over literary quality.
Amid Trump Attacks and Weaponized Sanctions, Europeans Look to Rely Less on US Tech
European leaders are accelerating efforts to curb dependence on U.S. technology after a series of Trump‑era sanctions, including the placement of ICC judge Kimberly Prost on a sanctions list that crippled her daily life. The European Parliament’s recent report highlighted...
How Anti-Detect Browsers Change the Way We Work on the Web
Anti-detect browsers, originally privacy tools, now enable online professionals to compartmentalize digital identities across multiple client accounts and projects. By creating isolated browser instances, they prevent data cross‑contamination, reduce login overhead, and streamline workflow management. The technology enhances security by...
How Data Masking & Synthesis Support Zero Trust
Zero Trust demands continuous verification of every access request, extending the principle of least‑privilege to the data layer. Data masking swaps sensitive values with realistic stand‑ins, while synthetic data creates entirely fictitious records that retain statistical fidelity. Together they shrink...
Responding to Exposed Secrets – An SRE’s Incident Response Playbook
The article outlines an SRE‑focused incident‑response playbook for handling exposed secrets, starting with thorough preparation—defining goals, roles, and communication protocols. It details detection techniques such as API usage anomalies, IAM activity monitoring, and automated code‑scanning integrated into CI/CD pipelines. Once...
SoundCloud Data Breach Now on HaveIBeenPwned
In December 2025 SoundCloud disclosed unauthorized activity that exposed profile data for roughly 30 million users, about 20 % of its base. The breach revealed email addresses, usernames, avatars, follower counts and limited geographic information, which were later mapped to individual accounts. Attackers...
Calian to Kick-Start $100M Sovereign C5ISRT Strategic Initiative
Calian has launched a $100 million sovereign C5ISRT strategic initiative to accelerate Canada’s command, control, computing, communications, cyber, intelligence, surveillance, reconnaissance and targeting capabilities. The funding will flow through Calian VENTURES, a platform that partners with Canadian SMEs and draws on...
Critical Sandbox Escape Flaw Found in Popular Vm2 NodeJS Library
A critical‑severity vulnerability (CVE‑2026‑22709) has been discovered in the popular vm2 Node.js sandbox library, allowing attackers to bypass Promise sanitization and escape the sandbox. The flaw enables arbitrary code execution on the host system and affects versions prior to 3.10.3,...
FinovateEurope 2026 Sneak Peek Series: Part 4
FinovateEurope 2026 will showcase three innovative fintech solutions. Elephant, from Pipl, offers GDPR‑compliant identity intelligence and fraud signals to streamline onboarding and compliance. Opentech’s OpenPay for Merchants embeds Buy‑Now‑Pay‑Later into merchant checkout, creating a new credit distribution channel for banks....
1Kosmos Partners Hopae to Scale Portable Digital Identity
1Kosmos and Hopae have announced a global partnership to integrate Hopae Connect into the 1Kosmos platform, extending support to more than 60 government‑issued digital identity schemes. The joint solution enables organizations to verify eIDs securely without centralized databases, aiming to...
Top AI Technology & Cybersecurity Podcasts to Follow in 2026
The article curates a list of essential AI and cybersecurity podcasts for 2026, highlighting shows that deliver deep technical insight, business strategy, and security expertise. It emphasizes the rise of AI agents, the Model Context Protocol (MCP), and AI security...
How Kidas Adapts Fraud Protection In An AI World
Kidas, founded by gaming‑fraud veterans, now offers AI‑driven protection against multi‑channel scams that leverage deep‑fake audio, video and large‑language models. CEO Ron Kerbs says traditional filters miss sophisticated GenAI‑generated attacks, prompting the company to expand from Discord and gaming chat to...
Overcoming 26 Rigorous Tests: Why Is Bullbit’s App Rollup Architecture Highly Rated by Security Experts?
Bullbit’s App Rollup architecture passed a rigorous Hacken audit, clearing 26 security findings. The team resolved 19 issues, accepted five with mitigations, and mitigated two external risks, achieving 93.23% code coverage. A redesigned verifier contract with unique nonce tracking prevents...
Living Off the Web: How Fake Captcha Turned Trust Into a Malware Delivery Channel
Researchers at Censys have uncovered a growing ecosystem that weaponizes fake CAPTCHA pages to deliver malware. While the pages visually resemble legitimate verification challenges, they conceal more than 30 distinct payload types, including clipboard‑driven scripts, MSI installers, and server‑controlled, fileless...
From Cipher to Fear: The Psychology Behind Modern Ransomware Extortion
Modern ransomware has moved beyond file encryption to a pressure‑centric extortion model that weaponizes stolen data, regulatory threats, and reputation damage. 2025 saw ransomware groups fragment into affiliate networks, making attribution harder while scaling double‑extortion campaigns. Research shows SMBs in...
Meta Cleans up as ‘High Risk’ Dodgy Finance Ads Spread
Meta’s ad platform is exposing users to an estimated 15 billion high‑risk finance advertisements each day, generating roughly $7 billion in annual revenue. A study by BrokerChooser of over 1,200 active finance ads found that 43.36% of UK‑targeted ads are classified as...
Tenable One AI Exposure Delivers Unified Visibility and Governance Across AI, Cloud and SaaS
Tenable has made its Tenable One AI Exposure product generally available, extending the Tenable One Exposure Management Platform to provide unified visibility, discovery, and governance of AI assets across SaaS, cloud, APIs and on‑premises agents. The solution continuously identifies both...
Syncro and IRONSCALES Partner to Strengthen Email Security Offerings for MSPs
Syncro and IRONSCALES announced a partnership that places the AI‑driven email security platform in the Syncro Marketplace. MSPs can now provision IRONSCALES protection instantly and have all licensing fees consolidated through Syncro’s Universal Billing. The integration removes the need for...
Screening vs Monitoring: Stopping Fraud in Payments
Fraud losses surged to $12.5 billion in 2024, a 25% rise, as criminals embed illicit activity within everyday payments. The article distinguishes transaction screening—pre‑approval checks against sanctions, PEPs and watchlists—from transaction monitoring, which analyzes post‑payment behavior for anomalous patterns. Relying on...
NICE Actimize Insights Network Combats Fraudulent Transfers
NICE Actimize introduced the Actimize Insights Network, a real‑time intelligence platform that aggregates counterparty risk data across financial institutions. The network leverages the company’s fraud and financial‑crime expertise to deliver cross‑channel, millisecond‑level risk signals for authorized push‑payment scams, BEC and...
Swimlane Unleashes Agentic AI Fleet and Agent Builder for Cybersecurity
Swimlane unveiled its AI Agent workforce, branding the new Hero AI agents as native extensions of the Turbine platform. The agents claim to perform work equivalent to over 60,000 SOC analysts each day and can be dragged into low‑code playbooks via...
Over 80% of Ethical Hackers Now Use AI
Bugcrowd’s latest report shows that 82% of ethical hackers now rely on AI, up from 64% a year earlier. The adoption enables faster, broader assessments and higher‑quality vulnerability reports, with automation and deep code analysis cited as primary use cases....
You See an Email Ending in .eu.org. Must Be Legit, Right?
The article warns that email addresses ending in .eu.org, while appearing institutional, are increasingly used by disposable‑email services to evade reputation checks. .eu.org is a free sub‑domain service, not a conventional top‑level domain, and its open registration lets fraudsters host...
Attackers Hijack GitHub Desktop Repo to Spread Malware via Official Installer
Threat actors exploited a design flaw in GitHub’s fork architecture to distribute malware masquerading as the official GitHub Desktop installer. By forking the repository and altering the README download link, they created malicious commits that appear under the official namespace,...
HackerOne Brings Agentic PTaaS to Continuous, Expert-Validated Pentesting
HackerOne has launched Agentic Pentest as a Service (Agentic PTaaS), a hybrid AI‑human offering that delivers continuous, real‑world exploit validation at enterprise scale. The solution pairs proprietary AI agents with a vetted community of elite pentesters to automate reconnaissance, exploitation and...
G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload
Security researchers identified a malicious npm package, ansi-universal-ui, that houses the G_Wagon infostealer. The package pretends to be a UI component library but delivers a Python‑based payload that extracts browser passwords, cryptocurrency wallets, cloud credentials, and messaging tokens. Over ten...
Microsoft Brings AI-Powered Investigations to Security Teams
Microsoft has made its Purview Data Security Investigations tool generally available, embedding generative AI to streamline breach, fraud, and content investigations across Microsoft 365. The solution pulls data from emails, Teams, documents, and Copilot, allowing natural‑language searches that group related artifacts...
AWS Adds IPv6 Support to IAM Identity Center Through Dual-Stack Endpoints
Amazon Web Services announced IPv6 support for its IAM Identity Center by introducing dual‑stack endpoints that accept both IPv4 and IPv6 traffic. The new URLs apply to user access portals, administrative APIs, and managed applications, while existing IPv4‑only endpoints continue...
Teleport Launches Framework to Secure Identities of AI Agents
Teleport unveiled its Agentic Identity Framework, a zero‑trust solution that secures AI agents without relying on static passwords or secrets. The platform builds on Teleport’s existing IAM technology, using a hardware root of trust to create cryptographic identities that are...
Savannah Best Buy Employee Says ‘Hacker Group’ Blackmailed Him Into Theft Ring Scheme
Best Buy employee Dorian Allen, 20, was sentenced to jail after police say he helped a group of suspected shoplifters leave a Savannah store with over $40,000 in merchandise. Allen alleges an online hacker group blackmailed him, threatening to expose personal...
Fiddler AI Raises $30M in Series C Funding
Fiddler AI announced a $30 million Series C round led by RPS Ventures, bringing its total funding to $100 million. The Palo Alto‑based AI observability and security platform plans to use the capital to scale across regulated sectors such as healthcare, financial services,...
Chrome, Edge Extensions Caught Stealing ChatGPT Sessions
A threat actor published sixteen browser extensions on Chrome Web Store and Microsoft Edge Add‑ons, posing as ChatGPT productivity tools. The extensions inject main‑world JavaScript into chatgpt.com to harvest authentication tokens, chat history, telemetry, and other metadata. Over 900 combined...
From Legacy to Leading Edge: Modernizing Workforce Identity in BFSI
BFSI firms are rapidly acknowledging the need to modernize workforce Identity and Access Management, with 93% planning upgrades and budgets rising over 11% this year. Legacy IAM systems are seen as a major barrier to innovation, cited by 75% of...
DoControl Launches Adaptive AI Alerts to Continuously Pinpoint SaaS Risk
DoControl unveiled an AI‑powered, agentic alerting system that continuously learns a company’s SaaS usage to spot genuine risk. Unlike static rule‑based alerts, the new solution analyzes patterns, intent, and business context from HRIS and identity sources, dramatically cutting noise. It...
CTEM in Practice: Prioritization, Validation, and Outcomes That Matter
Continuous Threat Exposure Management (CTEM) is a Gartner‑defined, continuous cycle that links threats, vulnerabilities, and attack‑surface data to prioritize exploitable exposures. It moves security from isolated scans to an operational model of scoping, discovery, prioritization, validation, and mobilization. By integrating...
NETSCOUT Adds Wi-Fi 7 Observability and Real-Time SSL Certificate Monitoring
NETSCOUT unveiled new nGeniusONE enhancements that add Wi‑Fi 7 deep packet inspection to its Edge Sensors and introduce real‑time SSL/TLS certificate monitoring. The Wi‑Fi 7 support, backward compatible with Wi‑Fi 6E/6/5, closes observability gaps in remote sites as the market is projected to...
ShinyHunters Group Targets Over 100 Enterprises, Including Canva, Atlassian, and Epic Games
A newly identified threat supergroup called SLSH, formed by Scattered Spider, LAPSUS$ and ShinyHunters, is targeting more than 100 high‑profile enterprises through sophisticated human‑led vishing attacks on Single Sign‑On platforms, especially Okta. The attackers use a live phishing panel to...
He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive
A former employee of a crypto‑romance scam compound in Laos, calling himself Red Bull, leaked extensive internal documents exposing how pig‑butchering operations function. He described forced‑labor conditions, daily quotas, and a reward system that celebrates six‑figure fraud wins. After being captured...
Introduction to Fund Recovery: HonestGuardPrime.com
HonestGuardPrime.com offers a structured fund‑recovery service for victims of online scams, guiding clients through each legal and documentation step. The company’s transparent, step‑by‑step approach is repeatedly highlighted in Trustpilot and other reviews for reducing client stress. Reviewers praise the firm’s...
What It Doxxing? How It Happens, and How to Stay Safe?
The article defines doxxing as the public disclosure of private personal data without consent, highlighting that over 43 million Americans have been targeted and 90 % of cases reveal the victim’s address. It outlines how doxxers gather information from public records, data...
Drowning in Spam or Scam Emails? Here’s Probably Why
Inbox overload of spam and scam messages is often traced to multiple technical and human factors. Recent data breaches, botnet‑driven campaigns, and lax email authentication expose addresses to malicious actors. Compromised accounts and aggressive marketing lists amplify the volume. Experts...
What Is the Outlook for Regulation in 2026?
Star Compliance’s 2025 Quarterly Executive Brief highlights a surge in regulatory expectations, especially around digital assets and the UK’s Senior Managers and Certification Regime (SMCR). Market‑abuse supervision is tightening, with regulators expanding insider‑trading definitions to include shadow trading. The report...
Major Security Flaws Found in UK Retailer Websites
A recent Ethiack study of 1,722 European retailers uncovered that 19.7% of SSL certificates on UK retailer websites are invalid, expired, or misconfigured, exposing customer data to interception. Additionally, 19.6% of UK web servers reveal software type and version in...
Hackers Exploit SEO Poisoning to Target Users Seeking Legitimate Tools
Hackers are leveraging SEO poisoning to push malicious ZIP archives that contain BAT scripts masquerading as legitimate tools. The fraudulent pages rank highly in search results, directing users to fake repositories where the scripts contact command‑and‑control servers and download remote...
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Trend Micro researchers have uncovered a JScript‑based command‑and‑control framework called PeckBirdy, used by China‑aligned APT groups since 2023. The framework runs via living‑off‑the‑land binaries across browsers, MSHTA, WScript, Node JS and .NET, delivering modular backdoors such as HOLODONUT and MKDOOR. It powers...
Why Cyber Fusion Centers and Zero-Trust Work Better Together
The surge in zero‑trust adoption has not delivered expected protection, as static implementations struggle against zero‑day exploits and a rapidly evolving threat landscape. A leading bank that integrated a cyber fusion center (CFC) with zero‑trust achieved 65% automated incident responses...
Canada Marks Data Privacy Week 2026 as Commissioner Pushes for Privacy by Design
Canada’s Privacy Commissioner Philippe Dufresne launched Data Privacy Week 2026 (Jan 26‑30) with a focus on privacy‑by‑design, urging organizations to embed data protection from the outset. He highlighted recent high‑profile breaches—including Aylo, 23andMe, TikTok, and an investigation into X’s Grok chatbot—to...
Cymulate Joins the Wiz Integration Network (WIN)
Cymulate has joined the Wiz Integration Network, embedding its Continuous Threat Exposure Management platform into Wiz’s cloud‑security ecosystem. The partnership enables automated pre‑ and post‑exploitation simulations across Azure, AWS, and Google Cloud, delivering continuous validation of security controls. Joint customers...
How to Safeguard Executives Through Proactive Planning and Managing Online Presence
Recent high‑profile attacks, including the 2024 assassination of UnitedHealthcare CEO Brian Thompson, have highlighted severe gaps in executive protection, especially online. Organizations are reassessing security operations, investing in physical safeguards while recognizing that digital exposure often reveals executives' locations and...
Descope Introduces Dedicated Identity Infrastructure for AI Agents and MCP Ecosystems
Descope has launched an upgraded Agentic Identity Hub that treats AI agents as first‑class identities alongside human users. The platform adds OAuth 2.1, PKCE, DCR, CIMD and tool‑level scopes to MCP servers, letting developers secure agent access with enterprise‑grade policies. It...
