%20(1).webp?ssl=1)
OPNsense 25.7.11 Enhances Network Visibility With Host Discovery Feature
OPNsense 25.7.11 introduces a native host discovery service that automatically resolves and stores MAC addresses for IPv4 and IPv6 hosts. The feature feeds live data to MAC‑based firewall aliases and captive‑portal client tracking, improving policy accuracy and device visibility. IPv6 receives a suite of kernel‑level fixes, including address‑lifetime handling and router‑advertisement validation. Additional updates remove ISC‑DHCP from the core, upgrade Suricata to 8.0.3, and add numerous usability and security enhancements.
Sophos Introduces Workspace Protection to Simplify Hybrid and Remote Work Security
Sophos Group launched Workspace Protection, a browser‑centric security service designed for hybrid and remote work. The offering combines a purpose‑built protected browser with Sophos ZTNA, DNS Protection and an email monitoring add‑on, all managed through the Sophos Central console. By...
Why Secrets in JavaScript Bundles Are Still Being Missed
Intruder scanned 5 million web applications and uncovered over 42,000 exposed tokens hidden in JavaScript bundles. The secrets spanned 334 types, including active GitHub, GitLab, and Linear API keys, as well as Slack, Zapier, and CAD service credentials. Existing scanners—traditional regex‑based...
Major Firms Leave Critical Cyber Risks Unpatched for Months
A KYND study of over 2,000 firms, including FTSE 350 and S&P 500 members, found that 11% were exposed to vulnerabilities actively exploited by attackers. Of those, 88% remained unpatched for six months or longer, highlighting chronic remediation delays. Remote...
Intuitive.ai Partners with Matilda Cloud to Accelerate Secure, Compliant AI and Cloud Modernization for Life Sciences
Intuitive.ai has teamed up with Matilda Cloud to help life‑science firms accelerate AI and cloud modernization while meeting strict GxP and CSA regulations. The joint solution offers rapid, compliance‑ready visibility into cost drivers, security posture, and modernization pathways, promising 20‑40%...
Digital Fraud Prevention: 8 Steps to Protect Your Identity
Digital fraud losses surged to $12.5 billion in 2024, a 25% rise from the prior year, as criminals leverage AI, automation, and social engineering. The article outlines eight practical steps—from slowing down on suspicious messages to deploying multi‑factor authentication and secure...
Rubrik Introduces CXO Visionaries
Rubrik announced the launch of CXO Visionaries, an exclusive community for Fortune 500 and enterprise 2000 CIOs, CISOs and CTOs. The group aims to help leaders tackle rising cyber‑risk and AI‑driven attacks, offering peer insights and brand‑building opportunities. Rubrik Zero...
Old Habits Die Hard: 2025’s Most Common Passwords Were as Predictable as Ever
In 2025, the password "123456" again topped global lists, accounting for a quarter of the 1,000 most‑used passwords and appearing across all age cohorts. NordPass and Comparitech data show numeric‑only passwords dominate, while the US and UK see "admin" and...
Fraud Vs. Conversion: How Payments Can Reduce Risk without Adding Friction
Digital payments must balance speed with security. Consumers abandon 88% of checkout flows due to friction, while e‑commerce fraud costs $44 billion in 2024. The article outlines a multi‑layered strategy—strong authentication, merchant risk scoring, AI‑driven network detection, tokenization, and collaborative data...
The Post-Breach Narrative: Winning Back Trust After the Headlines Fade
When a cybersecurity breach dominates headlines, the real challenge begins after the news cycle fades: restoring stakeholder trust. Marketing and public‑relations teams must move beyond immediate statements to a sustained, authentic narrative that demonstrates accountability and transparency. Aligning internal messages...
.webp?ssl=1)
TP-Link Router Flaw Enables Authentication Bypass Through Password Recovery Mechanism
TP‑Link disclosed a high‑severity authentication bypass (CVE‑2026‑0629) affecting its VIGI security‑camera line. The flaw exploits the password‑recovery feature, allowing any LAN‑connected attacker to reset admin credentials without verification. With a CVSS v4.0 score of 8.7, the vulnerability grants full control over...
How to Configure KeyLocker for JarSigner Using the DigiCert KSP Library?
Developers can now sign Java .jar files using DigiCert’s cloud‑based KeyLocker, which keeps private keys inside FIPS‑compliant HSMs. By installing the DigiCert KeyLocker Tools and configuring environment variables, the smctl command registers the DigiCert KSP library and synchronizes the desired...
Discord Exploited to Spread Clipboard Hijacker Stealing Cryptocurrency Funds
Security firm CloudSEK’s STRIKE team uncovered a new cryptocurrency‑theft campaign that leverages Discord communities to distribute a clipboard‑hijacking trojan dubbed Pro.exe. The malware, attributed to the RedLineCyber group, monitors Windows clipboard for wallet addresses and silently replaces them with attacker‑controlled...
Atradius Updates Credit-IQ Software to Boost Accounts Receivable Services Automation, Tighten Data Security for SMEs
Atradius Collections has released a major update to its Credit‑IQ.com accounts‑receivable platform, adding real‑time dashboards, plug‑and‑play ERP integration and support for eight languages. The upgrade also tightens data‑security with GDPR‑aligned EU data‑centers and ISO 27001 certification. Pricing stays at a flat...
Confusion and Fear Send People to Reddit for Cybersecurity Advice
Researchers from Google and University College London examined 1.1 billion Reddit posts from 2021‑2024 to map how users seek cybersecurity help. Help‑seeking activity remained steady until a sharp 66 % jump in 2024, topping 100 000 questions per month by August. Scams, account‑access...
UK Finance Report Examines Fraud Prevention and AML Efforts
UK Finance’s latest report warns that 2023 fraud losses reached £25.2 billion, exposing the flaws of siloed fraud and AML systems. It promotes a unified FRAML framework that blends machine‑learning‑driven fraud detection with anti‑money‑laundering compliance to cut alerts and accelerate investigations....
Cloudflare Zero-Day Flaw Allows Attackers to Bypass Security and Access Any Host
A critical zero‑day in Cloudflare’s Web Application Firewall allowed attackers to bypass all WAF rules by targeting the ACME certificate‑validation path. Researchers from FearsOff demonstrated that arbitrary requests to /.well-known/acme-challenge/ could reach origin servers, exposing sensitive endpoints in Spring Boot,...
This Intune Update Isn’t Optional — It’s a Kill Switch for Outdated Apps
Microsoft Intune MAM will enforce a mandatory update by January 19, requiring all iOS‑wrapped, SDK‑integrated apps and the Android Company Portal to run the latest versions. Outdated apps—including Outlook and Teams—will be blocked from launching. Administrators must push the new SDK...
Ethereum Posts Record Onchain Activity as Research Points to Possible Spam-Driven Growth: Asia Morning Briefing
Ethereum recorded an all‑time high of nearly 2.9 million daily transactions, yet Ether’s price stayed flat around $3,180, suggesting the activity may not stem from genuine user demand. On‑chain researcher Andrey Sergeenkov attributes the surge to a large‑scale address‑poisoning campaign that...
Just-in-Time (JIT) Provisioning: How Automated User Provisioning Works in SSO
Just‑in‑Time (JIT) provisioning automates user account creation the moment a worker logs in via SSO, using SAML or OIDC claims. The approach eliminates manual onboarding steps, cuts admin time, and reduces typo‑related security gaps. However, JIT only creates accounts; it...
Payments Connectivity in the ISO 20022 Era: A Case Study in Future-Proofing
The payments industry is midway through its ISO 20022 transition, with banks leveraging richer data to launch new services while many still depend on legacy translation layers. Real‑time and cross‑border payments are accelerating, pushing institutions to balance cost, liquidity, and resilience....
Top 10 HIPAA Compliance Software Solutions
The article ranks the ten leading HIPAA compliance software platforms, emphasizing a shift from periodic checklists to continuous, automated compliance operations. It highlights that 2025 healthcare breaches averaged $7.42 million per incident, prompting regulators to add MFA, full‑encryption, and annual audits....
How Pointing Errors Impact Quantum Key Distribution Systems
A new IEEE study introduces an analytical framework that quantifies how pointing errors degrade quantum key distribution (QKD) performance in optical wireless links. By applying Rayleigh and Hoyt statistical models to beam misalignment, the researchers derived closed‑form expressions for error...
SAP and Fresenius to Build Sovereign AI Backbone for Healthcare
SAP and Fresenius announced a joint venture to create a sovereign AI backbone for European healthcare, leveraging SAP Business AI and Business Data Cloud. The platform will provide a controlled, secure environment for AI models, ensuring data sovereignty and compliance...
Bao Xiong Linked to Cambodia Properties Allegedly Used for Online Fraud Operations
Chinese‑born businessman Bao Xiong, now a naturalized Cambodian, is alleged to control a network of casino‑linked properties that have been repurposed as online fraud and human‑trafficking hubs. U.S. sanctions against related entities such as the Prince Group have intensified scrutiny,...
Inside SearchGuard: How Google Detects Bots and What the SerpAPI Lawsuit Reveals
Google sued SerpAPI for allegedly circumventing its newly deployed SearchGuard anti‑bot system, which monitors mouse, keyboard, scroll and timing signals to distinguish humans from automated scrapers. The lawsuit, filed under DMCA Section 1201, highlights Google’s effort to protect its search...
Resecurity Leads Cybersecurity Innovation at ITCN Asia 2026
Resecurity has been appointed the Cybersecurity Innovation Partner for ITCN Asia 2026, the region’s largest ICT exhibition held in Lahore, Pakistan. The company will demonstrate its intelligence‑driven platform, featuring cyber‑threat intelligence, digital‑risk monitoring, AI‑powered fraud prevention, investigation tools, and supply‑chain...
Real-Time Threat Intelligence: Empowering Proactive Cybersecurity with Seceon
Seceon Inc. unveiled an AI‑driven real‑time threat intelligence platform that continuously monitors networks, endpoints, cloud services, and user identities. By fusing machine‑learning, behavioral analytics, and global threat feeds, the solution identifies zero‑day attacks, insider threats, and fileless malware as they...
Visual Studio Code Abused in Sophisticated Multistage Malware Attacks
A new campaign dubbed Evelyn Stealer leverages compromised Visual Studio Code extensions, such as the Bitcoin Black theme and Codo AI assistant, to deliver a multi‑stage malware chain. The first‑stage payload uses DLL hijacking of the Lightshot utility to execute PowerShell scripts that...
Indirect Prompt Injection in Google Gemini Enabled Unauthorized Access to Meeting Data
Miggo Security uncovered an indirect prompt‑injection flaw in Google Gemini that leveraged calendar invite descriptions to bypass privacy controls and exfiltrate meeting data. By embedding a benign‑looking instruction, attackers could trigger Gemini to create a new event containing summaries of...
AtData Launches Gibberish Detection to Strengthen Fraud Intelligence and Block Bot-Generated Identities
AtData introduced Gibberish Detection, a machine‑learning model that flags synthetic, random or AI‑generated email addresses at the point of capture. The real‑time signal identifies roughly 5% of incoming emails as gibberish, rising to nearly 10% for a global on‑demand services...
Token Security Sees Rapid 2025 Growth as Enterprises Secure Agentic AI
Token Security reported triple‑digit growth in 2025 as enterprises grapple with a surge of non‑human identities (NHIs) that now outnumber human users. The company closed a $20 million Series A round and introduced AI‑driven discovery, lifecycle management, and least‑privilege enforcement for autonomous...
‘SolyxImmortal’ Information Stealer Emerges
Cyfirma has uncovered a new Python‑based information stealer dubbed SolyxImmortal, targeting Windows machines. The malware runs silently, establishes persistence in the user’s AppData folder, and exfiltrates credentials, keystrokes, and screenshots through hard‑coded Discord webhooks over HTTPS. It harvests Chrome master...
Cyber Insights 2026: Information Sharing
Cybersecurity information sharing remains essential but faces structural challenges. The Cybersecurity Information Sharing Act of 2015, set to lapse on Jan 30 2026, threatens to curtail the legal protections that encourage voluntary threat‑intel exchange, while the CISA agency confronts funding cuts and...
How to Remove Saved Passwords From Google Chrome (And Why You Should)
Google Chrome’s built‑in password manager offers convenience but accumulates credentials across devices, creating a hidden security liability. The article details how to delete individual, multiple, or all saved passwords on desktop, Android, and iOS, and explains how Chrome sync propagates...
Cybercriminals Impersonate Malwarebytes to Steal User Credentials
A short‑lived campaign from January 11‑15 2026 masqueraded as Malwarebytes installers to deliver infostealers. Attackers distributed ZIP archives named like “malwarebytes‑windows‑github‑io‑X.X.X.zip” that contain a legitimate EXE loader, a malicious CoreMessaging.dll, and a benign‑looking TXT pivot file. The DLL is sideloaded, granting code...
Mastang Panda Uses Venezuela News to Spread LOTUSLITE Malware
Acronis Threat Research Unit uncovered a new espionage campaign that uses a Venezuela‑related news lure to target U.S. government officials. The attack distributes a malicious DLL through DLL sideloading, hidden inside a renamed Tencent music player called “Maduro to be...
Keepnet Bets on Agentic AI Behavioral Training to Curb Security Mistakes
Keepnet introduced Agentic AI for Behavioral Microlearning, shifting training success metrics from completion rates to measurable behavior change and incident reduction. The autonomous platform plans, creates, delivers, and optimizes short, contextual lessons using real‑time risk data, cutting content‑creation time from...
Attackers Rerouted Employee Pay Without Breaching IT Systems
An attacker bypassed technical defenses by socially engineering help‑desk staff to reset passwords and re‑enroll MFA, gaining legitimate access to payroll accounts. Using the compromised credentials, the fraudster altered direct‑deposit details and diverted salaries from three employees without triggering alerts....
CertiK Links $63M in Tornado Cash Deposits to $282M Wallet Compromise
Blockchain security firm CertiK traced roughly $63 million of Tornado Cash deposits to the $282 million wallet hack on Jan. 10. Their analysis shows 686 BTC were bridged to Ethereum, converted into about 19,600 ETH, and then broken into ~400‑ETH chunks before entering the mixer....
British Army to Spend £279 Million on Permanent Cyber Regiment Base
The British Army will invest £279 million to build a permanent base for its 13 Signal Regiment at Duke of Gloucester Barracks in Gloucestershire. The new facility will house cyber training, operations, and the Army’s Cyber, Information and Security Operations Centre, enhancing...
Why FinCrime Detection Is Delayed and How to Fix It
FinCrime detection latency occurs when the signal arrives late or lacks context, not because analysts are slow. Opoint outlines four timestamps—event, first public mention, internal awareness, and decision—to expose where delays happen. Early‑stage OSINT, especially from non‑English sources, can close...
TMT Expands Digital Trust and Safety with Microsoft Publishers
The Media Trust (TMT) announced a partnership to bolster digital trust and safety within Microsoft’s advertising ecosystem. Leveraging TMT’s proprietary AI detection, global infrastructure, and malware‑analysis teams, the collaboration will deliver real‑time threat detection and mitigation for malware, redirects, and...
Threat Hunting in 2026: Why Proactive Defence Is the Only Way Forward
Threat hunting is shifting from reactive incident response to proactive, pattern‑based defense as attackers repeatedly exploit known vulnerabilities. Experts at Qualys argue that focusing on adversary telemetry—such as weaponization, ransomware links, and dark‑web chatter—enables teams to anticipate exploitation cycles. Automation...
Oligo Appoints Shira Bendkowski as VP of Product
Oligo Security announced Shira Bendkowski as its new Vice President of Product. Bendkowski, formerly VP of Product at Aqua Security and head of product at XM Cyber, will steer Oligo’s product vision for runtime security across applications, cloud, workloads, and...
PDFSIDER Malware Actively Exploited to Evade Antivirus and EDR Defenses
Researchers have uncovered PDFSIDER, a backdoor malware that exploits DLL side‑loading in the legitimate PDF24 Creator application to evade endpoint detection and response tools. The malicious payload is delivered via spear‑phishing ZIP archives, signed with valid certificates, and replaces the...
Argus: Python-Based Recon Toolkit Aims to Boost Security Intelligence
Argus v2.0, a Python‑based reconnaissance toolkit, launches with 135 specialized modules unified under a professional command‑line interface. The overhaul adds multi‑threaded execution, over 25 CLI commands, and four deployment options—including pip, Docker, script, and direct Python. It integrates major threat‑intelligence...
SEON Identity Verification Combines KYC Checks with Real-Time Fraud Intelligence
SEON introduced an AI‑powered Identity Verification solution that combines document validation, biometric liveness detection, proof‑of‑address checks, and optional government database queries within its unified risk platform. The service draws on more than 900 real‑time fraud signals to evaluate both the...
SIOS Technology VP of CX Cassius Rhue Shares 2026 IT Predictions
SIOS Technology’s Vice President of Customer Experience, Cassius Rhue, outlined a forward‑looking vision for high‑availability (HA) and disaster‑recovery (DR) solutions through 2026. He predicts HA will evolve from pure uptime guarantees to a strategic pillar for hybrid‑cloud resilience, cybersecurity, AI...
Global Tensions Are Pushing Cyber Activity Toward Dangerous Territory
Geopolitical rivalries are increasingly manifesting as cyber operations that target critical infrastructure, disinformation networks, and supply‑chain dependencies. Recent incidents—from the Ukrainian power‑grid outage to a Norwegian dam breach—illustrate how state actors can weaponize digital tools against civilian services. AI‑generated disinformation...
