News•Feb 23, 2026
US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach
Healthcare diagnostics firm Vikor Scientific, now operating as Vanta Diagnostics, disclosed a data breach affecting nearly 140,000 individuals. The breach was traced to Catalyst RCM, a revenue-cycle‑management vendor, whose compromised credentials allowed the Everest ransomware group to exfiltrate roughly 12 GB of files containing personal, medical, and payment information. The U.S. Department of Health and Human Services added the incident to its breach tracker, though the final number of impacted records may be higher. The incident underscores supply‑chain vulnerabilities in the health‑tech ecosystem.
By SecurityWeek
News•Feb 23, 2026
OpenAI Aims for Stablecoin Market With New EVMbench
OpenAI unveiled EVMbench, an open‑source benchmark that tests AI agents' ability to spot and exploit smart‑contract flaws. The tool draws on 120 vulnerabilities from 40 audits, including scenarios from Stripe‑backed Tempo blockchain, and was released in partnership with crypto investor...
By AI Business
News•Feb 23, 2026
Liminal Expands To MSPs With Secure, Multi-Model AI Platform
Liminal, previously focused on enterprise customers, is extending its secure, multi‑model AI platform to managed service providers (MSPs) targeting small‑ and medium‑size businesses (SMBs). The platform consolidates access to leading large language models—including OpenAI, Anthropic, Google and Perplexity—while sanitizing sensitive...
By CRN (US)
News•Feb 23, 2026
Supply Chain Cyber Risk Strategies Shift Toward Resilience
Supply chain cyber risk is moving from a pure prevention mindset to a resilience‑first strategy. Third‑party exposure dominates, with 61% of firms reporting a supplier breach in the past year, prompting tighter transparency and governance. AI accelerates both attacks—often under...
By Supply Chain Management Review (SCMR)
News•Feb 23, 2026
Ransomware, Zero-Days, and Data Breaches Shape This Week’s Cybersecurity Landscape
This week’s cybersecurity briefing spotlights a Dell RecoverPoint zero‑day that’s actively delivering web shells in VMware environments, alongside critical Ivanti EPMM remote‑code‑execution flaws and an Apache NiFi RBAC bypass. Over 40% of OpenClaw AI skills were found vulnerable, highlighting supply‑chain...
By eSecurity Planet
News•Feb 23, 2026
Clark: Managing Third- and Fourth-Party Cyber Risk in Trucking Operations
Third‑party vendors are now a primary attack vector for trucking firms, with 35.5% of all data breaches in 2024 traced to external partners—a 6.5% rise year‑over‑year. The report also notes that 4.5% of breaches originated from fourth‑party suppliers, highlighting deep...
By FleetOwner
News•Feb 23, 2026
How Exposed Endpoints Increase Risk Across LLM Infrastructure
Enterprises deploying private Large Language Models are rapidly adding inference APIs, model‑management dashboards, and tool‑calling endpoints. Each new endpoint widens the attack surface, especially when permissions are excessive and credentials remain static. Exposed endpoints let attackers hijack non‑human identities, enabling...
By The Hacker News
News•Feb 23, 2026
Ukraine Says Cyberattacks on Energy Grid Now Used to Guide Missile Strikes
Russian cyber actors targeting Ukraine’s energy grid have shifted from causing immediate outages to gathering intelligence that guides missile strikes. By mapping facilities, tracking repair crews, and monitoring recovery rates, they provide real‑time data that improves strike accuracy. The number...
By The Record by Recorded Future
News•Feb 23, 2026
Ransomware Gangs Advancing Moscow’s Geopolitical Aims, Romanian Cyber Chief Warns
Romanian officials say recent ransomware attacks on the country’s water agency, oil pipeline operator and coal‑based power producer were part of a coordinated Russian hybrid operation. Groups such as Qilin and Gentlemen, which speak Russian, claimed responsibility, linking the attacks...
By The Record by Recorded Future
News•Feb 23, 2026
The EBA Publishes Follow-Up Report on ICT Risk Assessment Under the Supervisory Review and Evaluation Process
The European Banking Authority released a follow‑up to its 2022 peer‑review on ICT risk assessment under the Supervisory Review and Evaluation Process (SREP). The report finds that competent authorities have markedly strengthened ICT risk supervision, largely due to the Digital...
By EBA – News
News•Feb 23, 2026
Attackers Exploit Ivanti EPMM Zero-Days to Seize Control of MDM Servers
Attackers are actively exploiting two critical Ivanti Endpoint Manager Mobile (EPMM) zero‑days (CVE‑2026‑1281 and CVE‑2026‑1340) that allow unauthenticated remote code execution. More than 4,400 EPMM instances are exposed on the public internet, giving threat actors full control of enterprise mobile...
By CSO Online – Security
News•Feb 23, 2026
EscalaX Reinforces Its Privacy & Compliance With BidSafe One
EscalaX announced a strategic partnership with privacy‑focused consultancy BidSafe One to strengthen its data‑protection and regulatory compliance posture. The collaboration will help EscalaX optimise consent management and align its operations with GDPR, CCPA/CPRA, IAB TCF and GPP standards. By integrating...
By ExchangeWire
News•Feb 23, 2026
Simbian Launches Autonomous AI Pentest Agent
Simbian unveiled its AI Pentest Agent, the first autonomous penetration‑testing solution that embeds business context to prioritize real‑world risk. Developed with LRQA, the agent delivers on‑demand assessments in hours, replacing periodic manual tests and providing transparent reasoning traces. It operates...
By AI-TechPark
News•Feb 23, 2026
Humanity Unveils Proof of Trust to Tackle AI Fraud
Humanity, a startup building an internet trust layer, announced a shift from its Proof of Humanity model to a broader Proof of Trust framework. The new system lets users verify attributes such as age, residency, and employment without exposing raw...
By AI-TechPark
News•Feb 23, 2026
Google Bans Antigravity Users over OpenClaw Activity, Cites Surge in ‘Malicious Usage’
Google has disabled several Antigravity accounts, including paid Gemini Ultra subscribers, after detecting a sharp rise in malicious activity tied to the open‑source AI agent OpenClaw. The bans target only the Antigravity backend, leaving Gmail, Workspace and other Google services...
By Indian Express AI
News•Feb 23, 2026
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
Iranian APT group MuddyWater has launched Operation Olalampo, targeting organizations across the Middle East and North Africa. The campaign, first seen on Jan 26, 2026, deploys new malware families—GhostFetch, HTTP_VIP, the Rust backdoor CHAR, and the GhostBackDoor implant—delivered via macro‑laden Office...
By The Hacker News
News•Feb 23, 2026
Noted North Carolina Private Radiology Practice Experiences Data Breach
Triad Radiology Associates, a 50‑year‑old North Carolina imaging practice, disclosed a data breach affecting roughly 11,000 patients. The intrusion, detected in February, likely occurred between late July and September and exposed names, addresses, Social Security numbers and bank account details....
By Radiology Business
News•Feb 23, 2026
The Hidden Security Cost of Treating Labs Like Data Centers
In a Help Net Security interview, Rich Kellen, VP‑CISO of IFF, warns that treating operational technology (OT) labs like conventional IT data centers creates hidden security risks that can corrupt scientific results and endanger safety. He explains that OT environments...
By Help Net Security
News•Feb 23, 2026
WARNING: Manual ID Checks Leave Agents ‘Vulnerable to Scams’
Property agents are being warned that manual identity checks expose them to sophisticated scams. SmartSearch reports that 54% of verification checks remain manual, leaving gaps for AI‑generated IDs and deepfake documents. A recent survey of 1,000 decision‑makers shows fraud incidents...
By The Negotiator – Technology (UK)
News•Feb 23, 2026
Human-Related Security Risks Rose 90% in 2025
A KnowBe4 report reveals human‑related security incidents surged 90% in 2025, driven largely by social‑engineering attacks and employee error. Email‑based threats grew 57%, with 64% of organizations hit by external attacks exploiting staff inboxes. Human mistakes affected 90% of firms,...
By Security Magazine (Cybersecurity)
News•Feb 23, 2026
41% of Organizations Have Hired a Fake Candidate
A GetReal Security survey reveals that 41 % of IT, cybersecurity, risk and fraud leaders admit their firms have hired and onboarded a fraudulent candidate, underscoring AI‑driven identity attacks’ real‑world impact. The same study shows 88 % of organizations encounter deep‑fake or...
By Security Magazine (Cybersecurity)
News•Feb 23, 2026
Vitalik Buterin Floats Simulated Transactions to Enhance Crypto Security
Ethereum co‑founder Vitalik Buterin proposed using transaction simulations to boost wallet and smart‑contract security. He argues that showing users a preview of on‑chain consequences lets them confirm intent before execution. The approach pairs simulations with spending limits and multisig approvals...
By Cointelegraph
News•Feb 23, 2026
Regtech HYPR Introduces Context-Based Attestation, Enhancing Identity Verification Beyond Traditional Checks
HYPR has launched a context‑based attestation framework to strengthen identity verification across hiring, onboarding, and account recovery. The method layers traditional document, location, and biometric checks with internal role data, workflow cues, calendar events, and peer validations. By continuously cross‑referencing...
By Crowdfund Insider
News•Feb 23, 2026
AI & Data Security: Insights From IBM’s Chief Architect
IBM’s Chief Architect Devan Shah outlines how the company’s OnePipeline platform now supports over 450 developers by shifting from Travis CI to Tekton and Argo CD, trading longer build times for automated security scans. He details the internal AI coding assistant...
By Harness – Blog
News•Feb 22, 2026
North Korea’s Crypto Theft Machine Shows No Signs of Slowing After ByBit Hack : Analysis
Elliptic reports North Korea stole a record $2 billion in cryptocurrency in 2025, pushing its total illicit haul past $6 billion and financing the regime’s weapons programs. The ByBit breach, which yielded $1.46 billion, saw more than $1 billion laundered within six months via...
By Crowdfund Insider
News•Feb 22, 2026
What Can’t You Say on TikTok?
In this episode, host David Ruiz talks with Malwarebytes senior social media manager Zach Hinkle and content creator MinJi Pae about the sudden technical glitches on TikTok after its ownership transferred to American stewards, which many users interpreted as censorship of...
By Security Boulevard
News•Feb 22, 2026
Mississippi Healthcare System Shuts Down Clinics After Ransomware Attack
The University of Mississippi Medical Center (UMMC) suffered a ransomware attack on February 19 that crippled its Epic EHR, IT network, and phone systems, forcing the shutdown of nearly 30 clinics and a shift to paper‑based documentation. Vice Chancellor LouAnn...
By Security Boulevard
News•Feb 22, 2026
Cache Deception Flaw in SvelteKit And Vercel Stack Exposes User Data
A cache‑deception flaw was found in SvelteKit applications deployed on Vercel, where the `__pathname` query parameter can override request paths and cause private API responses to be cached as public assets. The vulnerability affects any route under `/_app/immutable/`, which Vercel...
By GBHackers On Security
News•Feb 22, 2026
NDSS 2025 – The Midas Touch: Triggering The Capability Of LLMs For RM-API Misuse Detection
The episode presents ChatDetector, a novel LLM‑empowered system for detecting misuse of resource‑management APIs (RM‑APIs) in open‑source software. By leveraging a ReAct‑inspired chain‑of‑thought prompting framework and cross‑validation techniques, ChatDetector overcomes LLM hallucinations to accurately extract allocation/release API pairs and constraints,...
By Security Boulevard
News•Feb 22, 2026
Top NATO Allies Believe Cyberattacks on Hospitals Are an Act of War. They’re Still Struggling to Fight Back.
A new POLITICO poll reveals that citizens in the United States, Canada and other key NATO allies overwhelmingly consider cyberattacks on hospitals to be acts of war. Despite this public sentiment, NATO’s official response remains measured, emphasizing diplomatic channels and...
By DataBreaches.net
News•Feb 22, 2026
The Hospitality Sector Continues to Be Lucrative Targets
The hospitality sector faced three data breaches this week. Choice Hotels International disclosed a social‑engineering attack that accessed franchisee and applicant records, including names and Social Security numbers, despite multi‑factor authentication. Wynn Resorts is alleged to have had 800,000 employee...
By DataBreaches.net
News•Feb 22, 2026
Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack
Security researchers at Veracode uncovered a malicious NPM package named buildrunner-dev that exploits a typosquatting trick to mimic the legitimate buildrunner tool. The package drops a massive batch script that conceals its true commands among random text and then downloads...
By HackRead
News•Feb 21, 2026
Is Your Travel Data Safe with Agentic AI
Agentic AI is rapidly entering the travel sector, automating itinerary management and personalizing experiences. However, its ability to process massive volumes of sensitive travel data introduces new security vulnerabilities. Experts stress encryption, strict access controls, continuous behavior monitoring, and compliance...
By Security Boulevard
News•Feb 21, 2026
Figure Technology Faces Major Data Breach Impacting Nearly One Million Customers
Figure Technology Solutions, the largest non‑bank home‑equity lender, disclosed a data breach affecting roughly 967,000 customer accounts. The breach resulted from a social‑engineering (vishing) attack on a single employee, allowing the ShinyHunters group to exfiltrate personal identifiers such as names,...
By Crowdfund Insider
News•Feb 21, 2026
Predator Spyware Hooks iOS SpringBoard to Hide Mic, Camera Activity
Intellexa’s Predator spyware can silently record iPhone camera and microphone feeds by hijacking iOS 14’s SpringBoard UI layer. Using a kernel‑level hook called HiddenDot::setupHook, the malware nullifies the SBSensorActivityDataProvider, preventing the green and orange privacy dots from ever lighting up. Jamf’s...
By BleepingComputer
News•Feb 21, 2026
NDSS 2025 -DUMPLING: Fine-Grained Differential JavaScript Engine Fuzzing
Researchers at EPFL and KIT introduced DUMPLING, a fine‑grained differential fuzzer that instruments JavaScript engines rather than the input code. By extracting detailed execution state dumps from both interpreted and JIT‑compiled paths, DUMPLING can spot subtle divergences that traditional fuzzers...
By Security Boulevard
News•Feb 21, 2026
Amazon: AI-Assisted Hacker Breached 600 Fortinet Firewalls in 5 Weeks
Amazon’s Integrated Security team warned that a Russian‑speaking threat actor leveraged generative AI services to automate a campaign that compromised more than 600 FortiGate firewalls in 55 countries between Jan 11 and Feb 18, 2026. The attackers scanned for internet‑exposed management ports,...
By BleepingComputer
News•Feb 21, 2026
This Is How You Do It: Dentist Speaks Out After Practice Hit by Cyber Attack
Grange Dental Care in Northern Ireland suffered a cyber attack on Thursday morning, resulting in fraudulent invoice emails being sent from its system. The breach was identified at 9:50 am, and the dentist immediately alerted his IT provider, who halted the...
By DataBreaches.net
News•Feb 21, 2026
Discord’s Age Verification Data Has a Frontend Leak — Now What?
Discord’s new age‑verification system, powered by identity vendor Persona, has a critical frontend exposure. Security researchers discovered that verification components are reachable on the public web, potentially revealing users’ age‑related data. The flaw adds urgency to Discord’s 2026 compliance roadmap,...
By DataBreaches.net
News•Feb 21, 2026
IoTeX Confirms ‘Suspicious Activity’ Involving Token Safe, Says Losses Contained
Decentralized identity platform IoTeX confirmed a breach of one of its token safes, with on‑chain analyst Specter estimating losses around $4.3 million across USDC, USDT, IOTX and WBTC. The project’s team is working with major exchanges and security partners to trace...
By Cointelegraph
News•Feb 21, 2026
Can Microsoft Teams Chat Be Monitored?
Microsoft Teams chat can be monitored using native Microsoft 365 compliance features and third‑party solutions. Monitoring requires an E5 license or an E3 plan with the E5 Compliance add‑on, after which admins enable communication‑compliance, assign roles, and create policies. Tools such...
By TechTarget SearchERP
News•Feb 21, 2026
Anthropic Debuts Claude Code Security – AI Now Scan Vulnerabilities in Your Entire Codebase
Anthropic launched Claude Code Security, an AI‑driven tool that scans entire codebases for vulnerabilities and suggests patches. Powered by Claude Opus 4.6, it uses frontier reasoning to map data flows and identify complex bugs that traditional SAST tools miss. Internal tests...
By GBHackers On Security
News•Feb 21, 2026
Best Cyber Security Consulting Companies
The explosion of IoT and IIoT devices—projected at 200 billion—has dramatically widened the cyber‑attack surface, prompting organizations to treat security as a core priority. A recent Gartner study shows cybersecurity now eclipses AI and cloud as the top CIO spend, fueling...
By Security Boulevard
News•Feb 21, 2026
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
EC‑Council announced its Enterprise AI Credential Suite, adding four role‑based AI certifications and an updated Certified CISO v4 program. The launch targets the estimated $5.5 trillion global AI risk exposure and a U.S. reskilling gap of 700,000 workers. It aligns with recent...
By The Hacker News
News•Feb 20, 2026
Resource: Privacy Law Directory — Codamail
Codamail has launched a Privacy Law Directory that maps data‑protection, surveillance and intelligence frameworks across 21 jurisdictions, including the United States, the European Union and key international partners. The resource is organized around the Five, Nine and Fourteen Eyes intelligence...
By DataBreaches.net
News•Feb 20, 2026
The White House Scrapped SBOMs in Favor of Agency-Managed Cyber Risk. Flexibility, Meet Accountability.
The Office of Management and Budget has withdrawn the mandatory software bill of materials (SBOM) requirement, replacing it with a risk‑based menu of options for federal agencies. This shift moves compliance from a prescriptive checklist to agency‑driven risk assessment, granting...
By Federal News Network
News•Feb 20, 2026
AI Apps On The Google Play Store Are Leaking Customer Data And Photos
AdGuard is offering its Family Plan as a lifetime subscription for $15.97 through February 22, covering up to nine devices. The deal bundles enterprise‑grade ad blocking, tracker suppression, malware and phishing protection, and built‑in parental controls. Users receive continuous updates without...
By Mashable AI
News•Feb 20, 2026
HID Reports Delicate Opportunity for Biometrics Adoption in Shaky Trust Environment
HID’s 2026 State of Security and Identity Report, based on a survey of over 1,500 security and IT leaders, shows digital identity management is a top priority for 73% of respondents. Three‑quarters of organizations have already deployed or are evaluating...
By Biometric Update
News•Feb 20, 2026
Romanian Hacker Faces up to 7 Years for Breaching Oregon Emergency Management Department
A 45‑year‑old Romanian national, Catalin Dragomir, pleaded guilty to breaching Oregon’s Department of Emergency Management in June 2021 and selling the compromised access for roughly $3,000 in Bitcoin. The hacker also infiltrated ten additional U.S. companies, generating at least $250,000...
By DataBreaches.net
News•Feb 20, 2026
Media Authentication an Emerging Front in Battle Against Deepfakes: Microsoft Report
Microsoft released a report on media integrity and authentication (MIA), detailing techniques such as C2PA provenance, imperceptible watermarking, and soft‑hash fingerprinting to verify digital content origins. The study concludes that no single method can stop deepfakes, urging a layered approach...
By Biometric Update