Tonic.ai Product Updates: January 2026
Tonic.ai’s January 2026 release adds Guided Redaction in Textual, a beta human‑in‑the‑loop workflow that couples AI detection with manual review for high‑risk data. The platform also expands model‑based custom entity types, letting users train detectors for niche business vocabularies. A new white paper benchmarks Textual against major NER solutions, showing near‑perfect precision and recall. Structural now auto‑applies generators on schema changes, and Fabricate can export data in any text‑based format, while a suite of smaller enhancements round out the update.
Use of XMRig Cryptominer by Threat Actors Expanding: Expel
XMRig, an open‑source Monero miner, is increasingly weaponized by threat actors across Windows, Linux, Kubernetes and AWS environments. Recent campaigns have leveraged the high‑severity React2Shell exploit and UPX‑packed binaries to spread the miner via game torrents and commodity malware. Expel’s...
Hacker Behind Wired.com Leak Now Selling Full 40M Condé Nast Records
A hacker using the alias “Lovely” is now offering nearly 40 million Condé Nast user records for sale, expanding on a prior leak of 2.3 million Wired.com accounts. The alleged dataset spans dozens of Condé Nast‑owned sites, including high‑traffic titles such as Vanity Fair,...
Tim Kosiba Named NSA Deputy Director
Timothy Kosiba has been appointed the National Security Agency’s 21st Deputy Director, a role confirmed by President Donald J. Trump after designation by Secretary of War Pete Hegseth and DNI Tulsi Gabbard. Kosiba returns as the agency’s most senior civilian...
OWASP CRS Flaw Lets Encoded Attacks Slip Past WAFs
A critical vulnerability (CVE-2026-21876) in the OWASP Core Rule Set lets attackers bypass charset validation, enabling encoded XSS payloads to slip past web application firewalls. The flaw resides in rule 922110, which only inspects the final part of multipart requests,...
FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes
The FBI has warned that North Korean APT group Kimsuky is deploying a new spear‑phishing technique called quishing, which embeds malicious QR codes in email attachments. Scanning the QR code redirects victims to mobile‑optimized phishing pages that harvest device data...
INFORM 2026: MITRE’s Updated Threat-Informed Defense Maturity Model Explained
MITRE’s Center for Threat‑Informed Defense released a major update to its INFORM maturity model, incorporating two years of field feedback and new partner input. The revision introduces revamped assessment questions, a timeliness factor, and an impact‑vs‑complexity recommendation matrix. INFORM now...
Illinois Man Charged with Hacking Snapchat Accounts to Steal Nude Photos
Illinois prosecutors have charged 26‑year‑old Kyle Svara with a large‑scale phishing scheme that compromised roughly 570 Snapchat accounts, stealing private photos from nearly 600 women. Between May 2020 and February 2021 he impersonated Snap representatives, texting over 4,500 targets to obtain access...
European Commission Opens Consultation on EU Digital Ecosystems
The European Commission has launched a public consultation on open digital ecosystems, running from 6 January to 3 February 2026, to gather evidence for a forthcoming Communication due in Q1 2026. The call highlights that 70‑90 % of software code in EU digital systems relies...
Data Governance in Banking, Financial and Insurance Industry
The BFSI sector faces mounting regulatory pressure, prompting banks, insurers and financial firms to adopt rigorous data‑governance frameworks. Robust policies, access controls and quality standards protect customer data, reduce fraud risk, and enable faster, more accurate decision‑making. Vendors such as...
Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrested
Europol coordinated a multi‑national operation that led to the arrest of 34 members of the Black Axe cyber‑crime gang across Spain and Germany. Spanish police detained suspects in Seville, Madrid, Málaga and Barcelona, while German authorities assisted in the raids....
Fog Ransomware Targets U.S. Organizations via Compromised VPN Credentials
Arctic Wolf Labs identified a new ransomware variant called Fog targeting U.S. organizations, primarily in education (80%) and recreation (20%) sectors. The attackers gained entry through compromised VPN credentials from two vendors and quickly escalated privileges using pass‑the‑hash, PsExec, and credential‑stuffing...
World Economic Forum: Deepfake Face-Swapping Tools Are Creating Critical Security Risks
The World Economic Forum’s Cybercrime Atlas report warns that advanced deep‑fake face‑swapping tools are now capable of bypassing know‑your‑customer (KYC) and remote verification processes. Researchers examined 17 commercial face‑swap applications and eight camera‑injection tools, finding that low‑latency, high‑fidelity swaps can...
Illinois Man Charged in Snapchat Hacking Investigation
Illinois resident Kyle Svara was indicted in Boston federal court for phishing Snapchat access codes from roughly 570 women, accessing at least 59 accounts, and stealing nude images. He allegedly sold or traded the illicit content on internet forums. The...
XRAT Malware Targets Windows Users via Fake Adult Game
AhnLab Security Intelligence Center uncovered a campaign that disguises the open‑source xRAT (QuasarRAT) remote‑access trojan as a fake adult game on Korean web‑hard services. The ZIP archive contains a Game.exe launcher that first runs a legitimate game stub, then copies...
AI-Powered Truman Show Operation Industrializes Investment Fraud
Security firm Check Point uncovered an AI‑driven investment fraud that stages a "Truman Show"‑style reality for victims. The operation uses unsolicited SMS and ads to lure targets into WhatsApp groups populated by AI‑generated experts and fake members who showcase fabricated...
$15 Billion Pig Butchering Scam Boss Chen Zhi Extradited to China
Chinese authorities extradited billionaire Chen Zhi and two associates from Cambodia to face charges linked to the Prince Group’s $15 billion Bitcoin‑based pig‑butchering operation. The joint China‑Cambodia investigation uncovered forced‑labour scam compounds, seized the largest cryptocurrency haul in history, and triggered...
The Cyber Express Weekly Roundup: Schools, Hacktivists, and National Cyber Overhauls
The first week of 2026 saw a wave of cyber incidents spanning education, activism, corporate, and government sectors. Higham Lane School in England shut down after ransomware crippled systems for 1,500 students, while Australian insurer Prosura faced unauthorized access exposing...
50 Best Free Cyber Threat Intelligence Tools – 2026
The article curates a list of the 50 best free cyber‑threat‑intelligence (CTI) tools available in 2026, spanning data‑feeds, analysis platforms, automation frameworks, and IOC‑parsers. It highlights open‑source projects such as MISP, OpenCTI, and IntelMQ, as well as real‑time feeds like...
The Role of Initial Access Markets in Ransomware Campaigns Targeting Australia and New Zealand
The 2025 Threat Landscape Report shows a sharp rise in initial‑access sales targeting Australia and New Zealand, with 92 documented compromised‑access listings. Retail accounts for roughly one‑third of incidents, while BFSI and professional services together make up over half. The market...
![Sectigo New Public Roots and Issuing CAs Hierarchy [2025 Migration Guide]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://certera.com/blog/wp-content/plugins/wp-postratings/images/stars/rating_on.gif)
Sectigo New Public Roots and Issuing CAs Hierarchy [2025 Migration Guide]
Sectigo is retiring its legacy multi‑purpose root and intermediate CAs in favor of single‑purpose public roots, with a hard migration deadline of January 1 2026. Browsers will cease to trust certificates issued under the old chains, causing security warnings, broken HTTPS, and...
January 2026 Patch Tuesday Forecast: And so It Continues
The latest Patch Tuesday briefing highlights Microsoft’s December 2025 update problems, including MSMQ failures and a RemoteApp issue on Windows 11 Azure Virtual Desktop that can be mitigated with a registry key or KIR rollback. Apple released December security patches addressing...
How AI Agents Are Turning Security Inside-Out
AppSec teams now face a new threat from internally built no‑code AI agents that operate across enterprise systems. These agents execute business logic, call APIs, and move data in real time, behaving like always‑on applications with high privileges. Because they...
Security Teams Are Paying More Attention to the Energy Cost of Detection
Security teams are increasingly scrutinizing the energy footprint of detection models as cloud costs and sustainability pressures rise. A recent study measured common anomaly detection algorithms for both traditional performance metrics and their power consumption, introducing an Eco Efficiency Index...
Wi-Fi Evolution Tightens Focus on Access Control
The Wireless Broadband Alliance reports rapid enterprise adoption of Wi‑Fi 7, driven by higher throughput, lower latency, and the newly available 6 GHz spectrum. Mixed‑generation device environments are forcing operators to rethink policy, telemetry, and access control across all radios. Security concerns...
CISA Retires 10 Emergency Cyber Orders in Rare Bulk Closure
The Cybersecurity and Infrastructure Security Agency (CISA) retired ten Emergency Directives spanning 2019‑2024, the largest bulk closure in its history. All required mitigations are now covered by Binding Operational Directive 22‑01, which leverages the agency’s Known Exploited Vulnerabilities (KEV) catalog....
CCPA Compliance Checklist for 2026: What You Need to Know
The California Consumer Privacy Act (CCPA) is entering a pivotal phase in 2025‑26 as inflation‑adjusted thresholds raise applicability and new rules target automated decision‑making and cybersecurity governance. Organizations must continuously reassess scope, maintain precise data inventories, and embed repeatable rights‑fulfillment...
How Does Agentic AI Adapt to Changing Security Needs?
Organizations increasingly rely on machine identities, or non‑human identities (NHIs), to authenticate services in cloud environments. Effective NHI management—covering discovery, classification, threat detection, and remediation—delivers risk reduction, compliance, and operational efficiency. Agentic AI platforms enable dynamic policy adaptation, cross‑department collaboration,...
Cisco Switches Hit by Reboot Loops Due to DNS Client Bug
Cisco has identified a firmware bug in the DNS client service of several switch families that treats DNS lookup failures as fatal, causing affected devices to reboot repeatedly. The issue, first observed around 2 AM on July 18, 2024, impacts CBS250, CBS350,...
NDSS 2025 – ReThink: Reveal The Threat Of Electromagnetic Interference On Power Inverters
Researchers from Zhejiang University presented at NDSS 2025 a study exposing electromagnetic interference (EMI) threats to photovoltaic (PV) power inverters. They found that current and voltage sensors inside inverters are vulnerable to EMI at frequencies of 1 GHz or higher despite...
GenDigital Research Exposes AuraStealer Infostealer Tactics
GenDigital researchers detailed AuraStealer, a modular malware‑as‑a‑service infostealer targeting Windows 7‑11 systems. The threat spreads through “scam‑yourself” TikTok videos and cracked software, then harvests credentials, session tokens, and financial data. AuraStealer employs advanced evasion such as exception‑driven API hashing, Heaven’s...
135% Surge: Inside the Holiday Bot Attacks of December 2025
In December 2025, malicious bot traffic surged 135% year‑over‑year, turning the holiday season into a cyber‑fraud hotspot. AI‑enhanced bots mimicked human browsing, generated high‑fidelity synthetic identities, and performed adaptive reconnaissance, making detection harder. The spike spanned vulnerability scanning, credential stuffing,...
Securing MCP Servers at Scale: How to Govern AI Agents with an Enterprise Identity Fabric
Enterprises are witnessing a rapid, uncontrolled rollout of Model Context Protocol (MCP) servers, with research showing 15.28% of a 10,000‑person workforce running an average of two servers each. Most deployments use full‑privilege personal access tokens, store credentials in plaintext, and...
When the Vendor Becomes the Customer: Building Internal Tools on an Agentic IAM Platform
Aembit’s test automation team built an internal dashboard to aggregate nightly test results from Qase.io and Slack, using the Aembit Workload IAM platform for runtime credential injection. By centralizing access policies, the Flask‑Vue service never handled static API keys, eliminating...
US Man Jailed After FBI Traced 1,100 IP Addresses in Cyberstalking Case
A 25‑year‑old Montana man, Jeremiah Daniel Starr, received a 46‑month federal prison sentence for a three‑year cyberstalking campaign that escalated into a fake shooting inside the victim's apartment. Investigators uncovered his use of more than 50 phone numbers and NordVPN...
How to Protest Safely in the Age of Surveillance
Protests erupted after a federal officer killed Renee Nicole Good in Minneapolis, sparking nationwide unrest against the Trump administration's immigration policies. Activists warn that modern surveillance tools—from IMSI catchers to facial‑recognition cameras—are being deployed to monitor and suppress dissent. The...
Texas Court Blocks Samsung From Tracking TV Viewing, Then Vacates Order
A Texas district court issued a temporary restraining order (TRO) on Jan. 5 prohibiting Samsung from collecting audio and visual data from smart‑TVs using Automated Content Recognition (ACR). The order cited deceptive enrollment practices and alleged Chinese Communist Party access to...
Texas Court Blocks Samsung From Collecting Smart TV Viewing Data
Texas a district court issued a temporary restraining order prohibiting Samsung from collecting, selling, or transferring audio‑visual data from smart TVs owned by Texas residents. The order targets Samsung’s Automated Content Recognition (ACR) system, which captures screenshots every 500 milliseconds...
New Zero-Click Attack Lets ChatGPT User Steal Data
Researchers at Radware disclosed a new prompt‑injection method called ZombieAgent that lets ChatGPT exfiltrate data from integrated services such as Gmail, Outlook, Google Drive, and GitHub. The technique sidesteps OpenAI’s recent URL‑modification guardrails by using pre‑built static URLs, leaking information...
China-Linked UAT-7290 Targets Telecom Networks in South Asia
Cisco Talos has identified a long‑running cyber‑espionage campaign, designated UAT‑7290, targeting high‑value telecommunications infrastructure across South Asia since at least 2022. The group compromises public‑facing edge devices using one‑day vulnerabilities and SSH brute‑force techniques, deploying a suite of Linux‑based tools...
The Myth of Linux Invincibility: Why Automated Patch Management Is Key to Securing the Open Source Enterprise
The article debunks the myth that Linux’s inherent security makes it invulnerable, emphasizing that unpatched vulnerabilities are a growing risk for enterprises. Recent SANS and NVD data show rising ransomware, kernel exploits, and misconfigurations targeting Linux workloads. Automated, autonomous patch...
CISA Warns of Attacks on PowerPoint and HPE Vulnerabilities
CISA has added two high‑severity flaws to its 2026 Known Exploited Vulnerabilities (KEV) catalog: CVE‑2025‑37164, a code‑injection bug in Hewlett Packard Enterprise OneView rated 10.0, and CVE‑2009‑0556, a 9.3‑severity remote‑code‑execution issue in legacy Microsoft PowerPoint 2000‑2004. Rapid7 published a proof‑of‑concept...
Attackers Don’t Guess and Defenders Shouldn’t Either
Enterprises now juggle an average of 45 cybersecurity products, yet breach reductions remain modest. Organizations that adopt continuous threat exposure management see far better outcomes than those relying on larger toolsets. The article argues that security teams often base defenses...
Zero-Knowledge Compliance: How Privacy-Preserving Verification Is Transforming Regulatory Technology
Zero-knowledge proofs are emerging as a privacy-preserving alternative to traditional compliance reporting, allowing firms to demonstrate regulatory adherence without revealing sensitive data. The article highlights adoption in finance, healthcare, and cybersecurity, noting that ZK‑SNARKs and ZK‑STARKs each offer distinct trade‑offs...
Stop Leaking API Keys: The Backend for Frontend (BFF) Pattern Explained
The article warns that any API key embedded in a frontend—web, mobile, or desktop—can be extracted, citing studies where over half of Android apps and 71 % of iOS apps leaked credentials. It recommends the Backend for Frontend (BFF) pattern, which...
CrowdStrike to Buy Identity Security Firm SGNL for $740 Million in Cash
CrowdStrike announced a $740 million cash acquisition of identity‑security startup SGNL, aiming to embed real‑time, AI‑aware access controls into its platform. SGNL’s identity‑first solution eliminates static credentials and continuously grants or revokes permissions for human, non‑human and AI agents. The deal,...
The Boardroom Case for Penetration Testing
Cybersecurity has shifted from an IT concern to a material business risk, with 43% of UK firms reporting breaches in the past year and average losses of £3.29 million per incident. Boards now face pressure to demonstrate proactive risk management, and...
China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes
A China‑linked threat group identified as UAT‑7290 has been conducting espionage‑focused intrusions against telecom providers in South Asia and, more recently, organizations in southeastern Europe. The actor performs extensive reconnaissance before exploiting one‑day vulnerabilities and SSH brute‑force to compromise edge...
Upwind Choppy AI Simplifies Cloud Security Exploration and Investigation
Upwind has launched Choppy AI, an add‑on that embeds generative‑AI capabilities throughout its Cloud‑Native Application Protection Platform (CNAPP). The tool converts natural‑language commands into visible, editable queries and security rules, letting teams investigate inventories, policies, and vulnerabilities without opaque black‑box...
Cybersecurity at the Edge: Securing Rugged IoT in Mission-Critical Environments
Edge computing is now integral to defense, utilities and public safety, relying on rugged IoT devices that operate in extreme, disconnected environments. These deployments break traditional cybersecurity assumptions such as continuous connectivity and frequent patching, exposing critical infrastructure to heightened...
