7 Tech Companies Worth Trillions Pledge $12.5m to Open Source Security
Seven trillion‑valued tech giants—including Google, Microsoft, Amazon, Meta, Apple, IBM, and Oracle—have jointly pledged $12.5 million to bolster open‑source security. The grant program will fund projects that help maintainers filter out low‑quality, AI‑generated bug reports and prioritize genuine vulnerabilities. By creating dedicated tooling and community resources, the initiative seeks to reduce the noise that slows patch cycles. The effort reflects a growing recognition that open‑source components are critical to enterprise risk management.
Firefox Is Getting a Free Built-In VPN
Mozilla announced that Firefox 149, releasing on March 24, will embed a free built‑in VPN. The service will route browser traffic through a proxy, masking users' IP addresses, and initially provides 50 GB of data per month to users in the United States,...
SpecterOps Adds Okta, GitHub and Mac Coverage to BloodHound Enterprise Platform
SpecterOps announced that its BloodHound Enterprise platform now includes coverage for Okta, GitHub and Mac (Jamf) environments, adding OpenGraph extensions to map identity‑based attack paths across hybrid systems. The release introduces privilege‑zone analysis for multi‑tier least‑privilege enforcement, bring‑your‑own‑key encryption support,...
Torq Unveils Agentic Builder to Automate Security Workflows From Natural Language Intent
Torq Ltd. introduced Agentic Builder, an AI‑driven add‑on to its SOC platform that converts plain‑language security intents into fully tested, production‑ready workflows and custom AI agents. The system leverages the Torq Socrates engine for validation and continuous performance monitoring, enabling...
Manifold Raises $8M to Secure Autonomous AI Agents on Enterprise Endpoints
Manifold, an AI detection and response startup, announced an $8 million seed round led by Costanoa Ventures to develop its endpoint security platform for autonomous AI agents. The solution monitors agent behavior on employee devices, capturing API calls, file access, and...
Researchers: Meta, TikTok Steal Personal & Financial Info When Users Click Ads
Researchers from Jscrambler allege that Meta and TikTok advertising pixels harvest extensive personal and financial data from users who click ads, even when users explicitly opt out. The pixels collect PII, credit‑card details, and granular shopping‑flow information, running before consent...
SideWinder Espionage Campaign Expands Across Southeast Asia
The India‑linked SideWinder APT group has broadened its espionage campaign into Southeast Asia, adding Indonesia and Thailand to its target list. Researchers note the group continues to use low‑complexity intrusion methods—government‑audit phishing, stolen credentials, and DLL hijacking—while rotating domains and...
This Free Privacy Tool Makes It Super Easy to See Which Sites Are Selling Your Data
Global Privacy Control (GPC) is a free, browser‑based signal that lets users automatically opt out of companies selling their personal data. Major browsers such as Brave, DuckDuckGo, and the Firefox Nightly build now include GPC natively, while extensions like OptMeowt...
Corelight’s Agentic Triage Turns SOC Alerts Into Evidence-Backed Investigations
Corelight unveiled Agentic AI capabilities for security operations centers, highlighted by Agentic Triage—a GenAI‑driven workflow that consolidates alerts into entity‑centric investigations and delivers evidence‑backed verdicts up to ten times faster. The solution exposes every playbook step, query, and data point,...
TrojAI Unveils New Capabilities to Secure Agentic AI Beyond the Prompt Layer
TrojAI introduced three major capabilities to protect enterprise‑grade agentic AI, extending security beyond the prompt layer. The new Agent‑Led AI Red Teaming automates multi‑turn attacks using coordinated autonomous agents and maps findings to OWASP, MITRE and NIST frameworks. Agent Runtime...
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
A critical vulnerability (CVE‑2026‑32746) in GNU InetUtils telnetd allows unauthenticated remote attackers to achieve root‑level code execution via a buffer overflow in the SLC sub‑option handler. The flaw affects all telnetd versions up to 2.7 and carries a CVSS score...
New .NET AOT Malware Hides Code as a Black Box to Evade Detection
Researchers at Howler Cell have identified a new .NET Ahead‑of‑Time (AOT) compiled malware that strips metadata, turning the malicious binary into a black‑box that evades traditional security scanners. The infection chain begins with a phishing ZIP, delivering a downloader that...
Polygraf AI Launches Desktop Overlay for Real-Time AI Behavior Control in Enterprise Operations
Polygraf AI unveiled Desktop Overlay, a real‑time compliance assistant that monitors user input at the desktop level. The edge‑deployed overlay flags sensitive information within 100 ms using on‑premise small language models, requiring only modest CPU and memory resources. Pilot results showed...
Fear of Surveillance Leads to Increased VPN Use
A new PasswordManager survey shows that 36% of U.S. adults now use virtual private networks, making VPNs mainstream. Privacy concerns dominate, with 35% of users seeking to hide activity from the government and 65% aiming to block advertiser tracking. A...
Reco Targets AI Agent Blind Spots with New Security Capability
Reco has launched a new capability called “Reco AI Agent Security” to give enterprises visibility and control over autonomous AI agents across their SaaS stack. The tool, available from March 18, expands Reco’s existing platform to cover agents such as Microsoft...
Mondoo Announced the Launch of Agentic Managed Vulnerability Service
Mondoo unveiled its Agentic Managed Vulnerability Service, pairing AI‑driven analytics with expert security teams to deliver a 60% reduction in vulnerabilities and a mean‑time‑to‑remediation (MTTR) under 16 days. The offering includes an optional Automated Remediation Setup Service that configures instant,...
£5 Million Innovate UK Funding Competition Seeks to Drive Growth of Secure and Resilient Software Supply Chains
Innovate UK has launched a £5 million competition to accelerate secure and resilient software supply chains through the government’s Software Security Code of Practice (SSCoP). Eligible projects must request between £250,000 and £750,000, begin by August 2026 and run for 12‑18 months,...
LeakNet Boosts Ransomware with ClickFix Lures, Stealthy Deno Loader
LeakNet is expanding its ransomware campaign by deploying mass‑market ClickFix lures on compromised legitimate websites and coupling them with a stealthy Deno‑based loader that runs malicious code almost entirely in memory. The ClickFix technique tricks users into executing an msiexec...
Cayosoft Debuts Agentic AI Identity Change Controls, IR Offering at RSA 2026
Cayosoft unveiled Guardian 7.2, adding change monitoring and automated rollback for AI‑agent identities across Microsoft Entra and hybrid AD environments. The update embeds non‑human identities into existing ITDR workflows without a new dashboard. Simultaneously, the company launched an Identity Forensics...
Malwarebytes Survey Finds 90% of People Don’t Trust AI with Their Data
Malwarebytes’ latest pulse survey of 1,235 respondents shows that 90% of people fear AI systems will use their personal data without consent, while 91% back national legislation to regulate data use. The study also reveals a sharp drop in confidence,...
Acalvio Launches 360 Deception to Break AI Attack Automation
Acalvio unveiled 360 Deception, a next‑generation cyber‑deception platform designed to break AI‑driven attack automation. The solution creates a high‑uncertainty environment by dynamically orchestrating decoys and making real assets appear deceptive, forcing attackers to reveal intent early. In a U.S. Navy...
NetLib Security Launches Winter 2026 Release with AI Enhancements
NetLib Security released Encryptionizer Winter 2026, adding support for Microsoft SQL Server 2025 and Windows Server 2025 while retaining legacy OS compatibility. The update introduces an Azure Key Vault integration via a new Key Delivery Plugin and upgrades the Encryptionizer...
How a Ukrainian Vishing Ring Stole €2M From EU Citizens — and Nearly Got Away
Latvian and Ukrainian police dismantled a vishing ring that stole about €2 million from EU citizens. The scheme used Ukrainian call‑center operators who impersonated police and bank staff, coerced victims into installing AnyDesk, and moved funds through over 170 money mules...
Hearing Targets Risks to U.S. Infrastructure From Chinese AI and Robotics Systems
On March 17, the House Subcommittee on Cybersecurity and Infrastructure Protection held a hearing to assess national‑security threats posed by Chinese artificial‑intelligence, robotics and autonomous‑sensing technologies. Lawmakers focused on firms such as DeepSeek and Unitree Robotics, warning that their systems...
NicSRS Launches sslTrus CaaS – A Powerful SSL Automation Tool for SMBs
NicSRS unveiled sslTrus CaaS, a Certificate‑as‑a‑Service platform that automates SSL lifecycle for SMBs. The service handles application, issuance, deployment, renewal and revocation for 1‑10 certificates, with optional cloud push or on‑premise clmBot agent. It includes three‑tier monitoring (CT log, OCSP,...
Exclusive: AI Cybersecurity Startup RunSybil, Founded by OpenAI’s First Security Hire, Raises $40 Million Led by Khosla Ventures
RunSybil, an AI‑driven cybersecurity startup founded by OpenAI’s first security hire, closed a $40 million funding round led by Khosla Ventures, with participation from Anthropic’s Anthology Fund, Menlo Ventures and notable angels. Its flagship AI agent, Sybil, conducts continuous autonomous penetration...
Object First to Showcase Absolutely Immutable Backup Storage at RSAC Conference 2026
Object First announced its participation at RSAC Conference 2026, where it will demonstrate its absolutely immutable on‑premises backup storage designed for Veeam environments. The solution promises lightning‑fast backups, instant recovery, and zero‑trust data resilience aimed at SMBs, ROBO sites, and...
Can You Prove the Person on the Other Side Is Real?
The article warns that by 2026 synthetic identities and deepfake technology will outpace traditional AI automation in the estate‑and‑identity space. Generative models can create fully fabricated personas that pass routine checks, allowing fraudsters to hijack legacy or deceased accounts and...
AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner
Gartner warns that custom‑built AI applications will consume at least half of enterprise incident‑response resources by 2028 unless security teams are involved early. The analyst urges a “shift‑left” approach to embed controls from the start and highlights a surge in...
Six Critical 5G Security Challenges as Connectivity Expands
5G’s rollout introduces unprecedented bandwidth and low latency, enabling applications from autonomous vehicles to remote surgery, but also expands the cyber attack surface dramatically. The architecture’s reliance on software‑defined networking, network slicing, and edge computing creates new vectors such as...
Researchers Expose Hack that Could Hand Attackers Full Control of Ship’s Engine, Navigation and Power
Maritime researchers uncovered four critical flaws in the SmartShipWeb IoT platform that let a remote attacker commandeer a vessel's propulsion, navigation, power, ballast, steering and fire safety systems directly from a web browser. The attack chain starts with a client‑side...
Apple Releases Its First-Ever Background Security Improvements Update: What Is It, How to Download and More
Apple has launched its first Background Security Improvement (BSI) update, a lightweight patching system for the latest iOS, iPadOS, and macOS releases. The initial rollout on March 17 addressed a critical WebKit vulnerability (CVE‑2026‑20643) affecting Safari’s navigation API. BSI updates...
Apple Pushes First Background Security Improvements Update to Fix WebKit Flaw
Apple has rolled out its first Background Security Improvements update to address WebKit vulnerability CVE‑2026‑20643 across iPhone, iPad, and Mac devices. The flaw allowed malicious web content to bypass the Same Origin Policy via the Navigation API, and was patched...
Cloud Storage Security Best Practices
The article outlines best‑practice controls for securing cloud storage, emphasizing enterprise‑wide identity governance, centralized telemetry, and hardened backup domains. It recommends federated authentication, automated credential rotation, and least‑privilege role mapping across providers. It also advises consolidating logs into SIEM/XDR platforms,...
Vietnam: Cybersecurity Enforcement Plan Enhances Digital Security
Vietnam's Prime Minister issued an action plan to enforce the country's Cybersecurity Law, outlining tasks, deadlines, and responsibilities for ministries and local authorities. The plan mandates a nationwide awareness campaign, specialized training for officials, and the creation of detailed guiding...
Top UEBA Use Cases in Enterprise Cybersecurity
User and Entity Behavior Analytics (UEBA) leverages machine‑learning to model normal activity across users, devices and applications, then flags deviations that indicate threats. By ingesting logs, configuration files and network telemetry, UEBA can spot lateral movement, compromised credentials, insider abuse,...
'Cybersecurity Vulnerability' Spurs FDA Recall of GE HealthCare Image Viewers
GE HealthCare has initiated a Class 2 FDA recall of its Centricity Universal Viewer after discovering a cybersecurity flaw that could expose user login credentials on local workstations. The vulnerability threatens system availability and data integrity, prompting an Urgent Medical Device...
/file/attachments/orphans/BMGPcyberbreach_929706.jpg)
CYBERSECURITY: Gauteng Was Lucky with Latest 3.8TB Data Breach, but the Luck Will Run Out
A ransomware‑as‑a‑service group called XP95 exfiltrated roughly 3.8 TB of data from the Gauteng Provincial Government, exposing over 3.6 million files of IDs, passports and résumés. The breach originated from an unsecured, internet‑facing scanner server rather than a phishing error. More than...
CBA Builds Two AI Agents to Boost Cyber Defences
Commonwealth Bank of Australia has deployed two custom AI agents to augment its cyber‑defence operations. The threat‑hunt agent automates up to 70% of routine investigations, shrinking a multi‑day analysis to roughly 30 minutes and even launching hunts overnight. A second...
Chainguard Thinks Most DevOps Teams Are Solving Container Security the Hard Way
Chainguard unveiled OS Packages, a beta service that lets DevOps teams assemble custom container images from zero‑CVE, source‑built packages. The offering leverages Chainguard’s Factory 2.0 pipeline to continuously rebuild over 30,000 enterprise‑grade packages and generate SBOMs automatically. Teams can use...
Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot
Researchers at Permiso discovered that attacker‑controlled text embedded in emails can manipulate Microsoft Copilot’s summarization features through cross‑prompt injection attacks. The technique can inject deceptive security alerts or malicious prompts directly into the AI‑generated summary UI, especially in Teams and...
Is Your Clients’ Data Safe This Tax Season? Here’s What CPAs Need to Know
Tax season floods CPA firms with sensitive W‑2s, SSNs, and bank details, making it a prime target for cybercriminals. AI‑generated phishing emails now convincingly impersonate the IRS and tax‑software providers, raising the risk of credential theft and refund‑diversion scams. OpenText...
OpenClaw, the Fastest-Adopted Software Ever, Is Also a Security Blind Spot
OpenClaw, an open‑source AI agent that runs locally without admin rights, has become the fastest‑adopted software ever, surpassing Linux’s three‑decade adoption curve in just three weeks and becoming GitHub’s most downloaded project. The agent integrates with email, Slack, Teams, calendars,...
Surf Raises $57M to Automate Security With AI Agents
Surf, a New York‑based cybersecurity startup, announced a $57 million Series A round led by Accel to develop AI‑driven security agents. The funding underscores growing investor confidence in “agentic AI” that can autonomously detect and remediate threats. Surf’s platform continuously monitors cloud...
Ransomware’s Opening Play: Target Identity First
Ransomware groups are shifting focus from encrypting files to compromising identity infrastructure such as Active Directory, Entra ID, and Okta. Semperis research shows 83% of ransomware attacks involve identity compromise, and 56% of attacks succeed, causing widespread operational disruption. By...
Identity Is Quietly Becoming Enterprise IT's Control Plane
Enterprise IT is shifting from network‑centric security to identity‑centric governance. As employees access resources from personal devices, cloud apps, and AI tools, identity systems and policies now define the perimeter. Microsoft Intune’s app‑protection without enrollment shows how application access can...
Vulnerability Exploitability eXchange: Smarter Patching for State and Local IT Teams
The Vulnerability Exploitability eXchange (VEX) is a machine‑readable format that lets software vendors declare whether a CVE actually affects a product. By delivering exploitability data—affected, not affected, fixed, or under investigation—VEX enables state and local government IT teams to filter...
Surfshark vs NordVPN (2026): Which VPN Wins? Full Breakdown
The 2026 guide pits Surfshark against NordVPN, breaking down pricing, server coverage, connection limits, speed, and security tools. Surfshark’s One plan starts at $2.49 per month, offers unlimited simultaneous devices, and covers 3,200+ servers in 100 countries. NordVPN begins at $3.39 per...
Android OS-Level Attack Bypasses Mobile Payment Security
CloudSEK researchers uncovered an Android attack that leverages the LSPosed framework to manipulate the runtime environment rather than tampering with app code. By injecting malicious modules at the OS level, the technique hijacks legitimate payment applications while preserving their signatures,...
Our Latest Investment in Open Source Security for the AI Era
Google announced a $12.5 million pledge, alongside Amazon, Anthropic, Microsoft/GitHub and OpenAI, to the Linux Foundation’s Alpha‑Omega Project aimed at bolstering open‑source security in the AI era. The funding, managed by Alpha‑Omega and OpenSSF, will equip maintainers with AI‑driven tools to...