75% of Visitors Will Switch to a Competitor When a Website Feels Unsafe, Liferay Survey Finds
Liferay’s 2026 Broken Trust Report, based on a survey of 1,000 U.S. adults, finds that 75% of users will abandon a website they perceive as unsafe and often turn to a competitor. A single “off” moment erodes trust for 61% of respondents, while 71% cite reliability as a major trust driver. The study also reveals that 28% of users leave immediately after noticing visual inconsistencies, and even well‑known brands are not immune. Liferay recommends clear communication, design consistency, visible security signals, and rapid glitch remediation to preserve digital trust.
When Open Science Meets Real-World Cybersecurity
Fermilab CISO Matthew Kwiatkowski explains how open‑science environments create cybersecurity blind spots when scientists design infrastructure without early security input. He notes that collaboration between IT and researchers reduces risky implementations and that publicly releasable data is often mislabeled, prompting...
4 Issues Holding Back CISOs’ Security Agendas
CISOs increasingly view a breach as inevitable, with 76% expecting a material cyberattack within the next year and 58% deeming their organizations unprepared. Four core issues impede progress: insufficient training and empowerment of security teams, lagging AI governance, limited AI...
Critical CERT-In Advisories – January 2026: SAP, Microsoft, and Atlassian Vulnerabilities
January 2026 saw CERT‑In publish three critical advisories targeting SAP, Microsoft, and Atlassian products. The alerts disclose high‑severity flaws—including remote code execution, privilege escalation, and data exfiltration—affecting SAP S/4HANA, Windows, Azure, and on‑premise Atlassian tools such as Jira and Confluence. One...
Waiting for AI Superintelligence? Don’t Hold Your Breath
AI superintelligence remains a theoretical goal, yet artificial intelligence is already woven into the fabric of enterprise operations, accelerating decision‑making and threat detection. Companies report faster, more accurate alert investigations, but the same speed introduces novel vulnerabilities and operational risks....
How Financial Institutions Strengthen SAR Readiness With Smarter Risk Practices
Financial institutions are intensifying their suspicious activity reporting (SAR) programs as fraud cycles accelerate and regulators tighten oversight. Strong SAR readiness hinges on real‑time data signals, skilled analysts, clear processes, and modern AML platforms that automate monitoring and case management....
Data Privacy Week 2026: Why Secure Access Is the New Data Protection Perimeter
The CyberExpress article argues that the traditional network perimeter is no longer sufficient for data privacy, and that the true protection now lies at the moment of access. It highlights the rise of the “Identity‑Data Gap” and the shift toward...
Cybersecurity Jobs Available Right Now: January 27, 2026
A wave of cybersecurity openings posted on January 27, 2026 spans senior leadership, engineering, and analyst roles across the United States, Europe, Asia, and the Middle East. Companies such as micro1, Bringg, Oracle, and Snyk are hiring C‑level executives, incident‑response...
Ivanti Expands Neurons Platform with Agentic AI and Autonomous Endpoint Management
Ivanti announced a major upgrade to its Neurons platform, adding Agentic AI‑driven personas to the IT Service Management suite, autonomous endpoint management (AEM) that unifies DEX, UEM and security, and enhanced asset visibility through Discovery. The Agentic AI preview launches...
Clawdbot-Style Agentic Assistants: What Your SOC Should Monitor, Triage, and Contain
Agentic AI assistants such as Clawdbot are moving from simple chatbots to persistent, privileged entities that can act across Slack, Teams, Discord and other platforms. Their ability to retain context, execute commands, and use user‑provided API keys creates new attack...
Fresh Breach — Lena Health Breach Preview — Full Leak Coming Soon
Lena Health suffered a massive data breach exposing over 2,100 patients' protected health information, including full identifiers, medical records, and 19,542 audio recordings stored in an unencrypted public S3 bucket. The leak also revealed API keys, staff credentials, and discharge...
Single Sign-On Account Management in App Stores
App store identities remain fragmented, with developers often using personal emails that expose enterprises to lockout and breach risks. Managed Apple IDs and Enterprise Google accounts tether accounts to corporate domains, ensuring the organization retains control. The industry is moving...
The 7 Essential Elements of a Compliance Framework You Need to Know
The article outlines a seven‑element compliance framework that moves organizations from ad‑hoc checklists to a systematic operating model. It emphasizes leadership governance, risk assessment, policy translation, controls, training, monitoring, and issue management as interlocking components. By aligning these elements, firms...
Secret Service Foils Card Skimmers
The U.S. Secret Service’s fraud‑prevention unit partnered with local law‑enforcement to locate and deactivate 411 illegal point‑of‑sale card‑skimming devices in 2025. Across 22 coordinated operations, agents inspected roughly 9,000 businesses and examined about 60,000 terminals, potentially averting $428.1 million in fraudulent...
Zama’s Encrypted Ethereum Token Auction Draws $118M in Commitments
Zama, a fully homomorphic encryption startup, closed a $118.5 million encrypted token auction on Ethereum, marking the first such ICO on the network. The sealed‑bid Dutch auction attracted 11,103 unique bidders, oversubscribed by 218% and clearing at $0.05 per token. Zama’s...
How MSSPs Can Help Clients Mitigate Shadow IT and Data Sprawl with Cavelo
MSSPs face growing risk from shadow IT and data sprawl as hybrid work and SaaS adoption push data into unmanaged cloud locations. Unapproved applications and fragmented data increase attack surface, compliance exposure, and incident‑response delays. Cavelo offers an agent‑less, multi‑tenant...
Unseen Money 16—Synthetic Identity Fraud
In this episode, Paul Amery and guest Timur Yunusov dissect a bizarre DPD delivery of a non‑existent eBay purchase that led them to explore synthetic identity fraud—a scheme where criminals blend stolen personal data with fabricated details to create usable...
Genetec Outlines Data Privacy Best Practices Ahead of Data Protection Day
In this episode, Genetec highlights data‑privacy best practices for physical‑security systems ahead of International Data Protection Day. Principal Security Architect Mathieu Chevalier stresses the need for clear data‑use limits, privacy‑by‑design controls, and continuous protection throughout the data lifecycle. The company recommends...
NDSS 2025 – All Your (Data)base Are Belong to Us: Characterizing Database Ransom(ware) Attacks
Researchers at the IMDEA Software Institute delivered the first systematic analysis of database ransomware attacks, examining 23,736 ransom notes from 60,427 compromised servers over three years. Their honeypot experiments showed new infections rising 60% year‑over‑year, with 6,000 fresh victims in...
ShinyHunters, CL0P Return with New Claimed Victims
ShinyHunters has resurfaced with an onion‑based data leak site, claiming breaches of SoundCloud, Betterment and Crunchbase tied to a new vishing campaign targeting SSO credentials at Okta, Microsoft and Google. The group warns that more victims will follow. In parallel,...
EScan Antivirus Supply Chain Breach Delivers Signed Malware
On January 20 2026, MicroWorld Technologies’ eScan antivirus was compromised through its legitimate update infrastructure, delivering digitally signed malware to global endpoints. The multi‑stage payload installed a 64‑bit backdoor, persisted via disguised scheduled tasks, and altered hosts and registry settings to block...
Why MSPs Should Add Privileged Access Management (PAM) To Their Security Offerings
Managed service providers (MSPs) are urged to add Privileged Access Management (PAM) to their portfolios as identity‑based attacks surge, with data breaches up 72% since 2021. PAM dovetails with Zero Trust principles, securing administrative credentials that attackers most often target....
Why Digital Identity Systems Are Moving Away From Centralized Data Storage
Digital identity systems are transitioning from centralized databases to decentralized architectures. Centralized stores pose massive breach risks, prompting firms to seek models that limit data exposure. Decentralized solutions leverage cryptography and distributed ledgers, granting users control over their credentials. This...
Hungarian and Romanian Police Detain Young Hackers over Fake Threat Calls
Hungarian police, working with Romanian authorities, detained four young hackers suspected of orchestrating false and intimidating phone calls to law‑enforcement units. The investigation, launched in mid‑July 2025 after multiple police departments reported receiving threatening calls, uncovered a coordinated scheme that...
Saudi Satirist Hacked with Pegasus Spyware Wins Damages in Court Battle
A London High Court judge awarded Saudi satirist Ghanem Al‑Masarir more than £3 million in damages after finding compelling evidence that his iPhone was compromised with NSO Group’s Pegasus spyware. The ruling concluded the hacking was directed or authorised by the...
Google’s Universal Commerce Protocol: Why the Future of Agentic Commerce Depends on Security
The episode examines Google’s Universal Commerce Protocol (UCP), an open‑source standard designed to unify AI‑driven shopping across retailers and payment providers. It highlights UCP’s advantages—single‑point integration, leverage of Google Merchant Center, modular flexibility, and merchant‑first control—while noting the competitive landscape...
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Researchers at eSentire have uncovered a tax‑phishing campaign targeting Indian users by masquerading as the Income Tax Department. The campaign delivers a multi‑stage backdoor that first sideloads a malicious DLL, then escalates privileges and installs a Blackmoon trojan variant alongside...
Grid Protection in Severe Weather: What Security Leaders Need to Know
A historic winter storm on Jan. 24‑25 left over 820,000 energy customers without power and placed 200 million people under severe‑cold alerts. While utilities scramble to restore service, cyber adversaries target pre‑existing grid weaknesses such as unpatched systems and lax remote‑access controls....
CISA Releases List of Post-Quantum Cryptography Product Categories
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its first list of hardware and software product categories that support or are transitioning to post‑quantum cryptography (PQC) standards. The list, compiled with the NSA, follows Executive Order 14306 and targets cloud...
Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms
Security researchers at SEC Consult uncovered more than 20 vulnerabilities in Dormakaba’s Exos access‑control platform, affecting hardware managers, registration units, and central software. The flaws include hard‑coded credentials, weak passwords, privilege escalation, and command‑injection, which could let attackers remotely unlock doors...
NDSS 2025 – ERW-Radar
The episode delves into ERW‑Radar, a novel detection system designed to combat evasive ransomware by leveraging the unique repetitive I/O patterns ransomware exhibits during encryption and statistical analysis of encrypted byte streams. The authors—Lingbo Zhao, Yuhui Zhang, Zhilu Wang, Fengkai...
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1
In September 2025 Zscaler ThreatLabz uncovered two Pakistan-linked APT campaigns, Gopher Strike and Sheet Attack, targeting Indian government entities. Gopher Strike delivers malicious PDFs that trigger ISO downloads, employing a new Golang downloader called GOGITTER, a lightweight backdoor GITSHELLPAD that...
Hackers Are Using LLMs to Build the Next Generation of Phishing Attacks - Here's What to Look Out For
Security researchers at Palo Alto Networks’ Unit 42 have demonstrated a proof‑of‑concept where generative AI models produce on‑the‑fly JavaScript that creates personalized phishing pages. The technique sends prompts to a legitimate LLM API, receives unique code for each visitor, and executes...
Expereo: Enterprise Connectivity Amid AI Surge with ‘Visibility at the Speed of Life’
Expereo’s chief digital officer Julian Skeels warns that AI workloads turn networking into a system‑of‑record, requiring deterministic, observable, and resilient connectivity. Enterprises are tangled in hybrid clouds and multiple providers, leading to “connectivity everywhere but visibility nowhere.” The company’s expereoOne...
Microsoft Handed over BitLocker Keys to Law Enforcement, Raising Enterprise Data Control Concerns
Microsoft complied with an FBI search warrant in early 2025, providing BitLocker recovery keys stored on its cloud to law‑enforcement for three laptops linked to a Guam unemployment fraud case. The keys were automatically backed up to Microsoft Entra ID,...
6 Okta Security Settings You Might Have Overlooked
Okta is the backbone of many SaaS‑first enterprises, making its security settings critical. The article outlines six often‑overlooked configurations—password policies, phishing‑resistant MFA, ThreatInsight, admin session ASN binding, session lifetimes, and behavior rules—that strengthen identity protection. It also highlights how continuous...
Researchers Uncover “Haxor” SEO Poisoning Marketplace
Security researchers uncovered the HaxorSEO (HxSEO) marketplace, a Telegram and WhatsApp‑based service that sells over 1,000 malicious backlinks from compromised, decades‑old domains. Each listing includes trust scores such as domain authority and is priced at $6, allowing threat actors to...
Upwind Secures $250 Million to Expand Runtime-First Cloud Security for AI Workloads
Upwind announced a $250 million Series B round, bringing total capital to $430 million. The funding, led by Bessemer Venture Partners with participation from Salesforce Ventures and Picture Capital, will accelerate the company’s runtime‑first cloud security platform aimed at AI‑driven workloads. Upwind claims...
Booz Allen’s Vellox Reverser Accelerates Malware Analysis and Threat Intelligence
Booz Allen Hamilton has launched the general availability of Vellox Reverser, an AI‑driven malware reverse‑engineering platform. The solution leverages a resilient agentic AI architecture on AWS Lambda, Bedrock, and Step Functions to automate deep analysis of complex threats. New features...
Hackers Can Bypass Npm’s Shai-Hulud Defenses via Git Dependencies
The recent discovery by Koi Security reveals that NPM’s handling of Git‑based dependencies can circumvent the post‑Shai‑Hulud “PackageGate” defenses, allowing malicious code execution even with the `--ignore‑scripts` flag. The bypass exploits a crafted `.npmrc` file that overrides the Git binary...
Wiz Found It. Swimlane Fixed It. The Cloud Security Power Play
Cloud security teams face alert fatigue, drowning in critical notifications that outpace manual response. Wiz, a cloud risk visibility leader, has partnered with Swimlane’s Turbine agentic‑AI to turn detection into automated remediation. The integration pulls Wiz telemetry, enriches it with...
Stellar Cyber Expands Autonomous SOC Capabilities with Agentic AI
Stellar Cyber unveiled version 6.3, embedding agentic AI to push its Autonomous SOC vision forward. The update automates threat detection, investigation, triage and response across identity, network, endpoint, email and cloud layers, slashing alert fatigue and mean‑time‑to‑respond. New Model Context Protocol...
Law Firm Investigates Coupang Security Failures Ahead of Class Action Deadline
US law firm Hagens Berman is urging investors to join a class action against Coupang over a massive June 2025 cyber‑attack that exposed personal data of 33.7 million customers. The breach prompted a police raid, the resignation of CEO Park Dae‑Joon,...
Lazarus Hackers Target European Drone Manufacturers in Active Campaign
North Korean state‑sponsored Lazarus group launched a new Operation DreamJob campaign targeting European defense firms that build uncrewed aerial vehicles. The attackers used fake job offers to distribute trojanized PDFs that install the ScoringMathTea RAT and BinMergeLoader loader. Malware leverages...
GeoComply Uses Device and Location Data to Stop Fraud
GeoComply’s digital identity platform, integrated with Dabble, combines device integrity, precise location, behavioural and network signals to enhance KYC. The partnership delivered KYC pass rates above 90% and uncovered large fraud clusters, including 250+ accounts from a single address and...
New Fake CAPTCHA Scam Abuses Microsoft Tools to Install Amatera Stealer
Blackpoint Cyber uncovered a new fake CAPTCHA campaign that tricks users into executing a signed Microsoft script, SyncAppvPublishingServer.vbs, to install the Amatera Stealer malware. The attack directs victims to press Windows Key + R, paste a code, and run a command, while fetching...
Deepfake ‘Nudify’ Technology Is Getting Darker—And More Dangerous
Deep‑fake “nudify” services now turn a single photo into realistic, eight‑second explicit videos, offering dozens of sexual scenarios for a small fee. Platforms ranging from web sites to Telegram bots automate image‑to‑video generation, with AI models capable of adding audio...
Winning Against AI-Based Attacks Requires a Combined Defensive Approach
Offensive AI is reshaping cyber attacks, with large language models generating and morphing malware in real time. Recent incidents such as Anthropic’s AI‑orchestrated espionage campaign and ClickFix steganography attacks show adversaries bypassing traditional endpoint detection (EDR). Network Detection and Response...
Quantum Computing Firm IonQ Acquires US Semiconductor Firm SkyWater for $1.8 Billion
IonQ announced a definitive agreement to acquire SkyWater Technology for $35 per share, valuing the semiconductor foundry at roughly $1.8 billion in a cash‑and‑stock transaction. The deal creates a vertically integrated quantum platform that combines IonQ’s fault‑tolerant quantum processors with SkyWater’s...
$6,000 “Stanley” Toolkit Sold on Russian Forums Fakes Secure URLs in Chrome
A new crime‑ware toolkit called Stanley is being sold on Russian‑language forums for $2,000 to $6,000. The kit disguises itself as the Notely note‑taking extension and guarantees that its malicious Chrome extension will pass Google’s Web Store review. Once installed,...
