Your Data Lake Is Turning Into a Junk Drawer? Here’s How to Clean It Up
Data lakes often start as simple repositories but evolve into unmanaged dumping grounds as teams drop files without documentation or ownership. N‑iX consulting recommends a focused refresh that begins with the most‑used datasets, assigns clear owners, separates raw and curated zones, and adds concise metadata and basic quality checks. Implementing these practices restores trust, reduces analytics rework, and prevents costly data‑governance failures without rebuilding the entire lake.
Cal AI, New Owner of MyFitnessPal, Hit by Alleged Breach of 3 Million Users
Cal AI, the new owner of MyFitnessPal, is accused of a data breach affecting more than 3 million users, according to a post on BreachForums. The alleged leak comprises 12 GB of personal information, including names, dates of birth, email addresses—many using...
China-Linked Hackers Hit Qatar with Backdoor Disguised as War News
Check Point Research uncovered a wave of China‑linked cyber attacks on Qatar that began on 1 March 2026, using war‑news files as lures. The campaign employed DLL hijacking in Baidu NetDisk to deliver the PlugX backdoor and later targeted the oil‑and‑gas...
Fake LinkedIn Interview Used by Lazarus Hackers to Target AllSecure CEO
North Korean Lazarus Group attempted a high‑profile theft by posing as a recruiter on LinkedIn and conducting a fake interview with AllSecure CEO Chris Papathanasiou. The scammers used a deep‑fake avatar and delivered a malicious code package containing the BeaverTail...
Leading Myanmar Fleet Management Company Yoma Fleet Selects AccuKnox SIEM to Replace Legacy Tools
Yoma Fleet, Myanmar's leading fleet management firm, has selected AccuKnox SIEM to replace its legacy security tools. After a November 2025 evaluation and a successful proof‑of‑concept, the company migrated to the cloud‑native platform via AWS Marketplace in January 2026. AccuKnox...
Security Risk Advisors Releases “The Purple Perspective 2026” Report
Security Risk Advisors (SRA) unveiled its inaugural “Purple Perspective 2026” report, drawing on more than 160 purple‑team exercises that tested over 8,300 MITRE ATT&CK techniques. The study reveals that organizations conducting two to four exercises annually achieve markedly better detection and...
New Social Security Scam Emails Use Fake Tax Documents to Hijack PCs
A new phishing campaign impersonating the Social Security Administration is flooding U.S. inboxes ahead of tax season. The emails feature urgent “Important Disclosures” language and a fake PDF titled like a Social Security statement. When recipients click the link, a...
900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks
GitGuardian and Google uncovered over one million private TLS keys leaked on public code repositories, mapping them to 140,000 certificates. As of September 2025, 2,622 of those certificates remained active, including more than 900 protecting Fortune 500 firms, healthcare providers, and...
The Hidden Cyber Risks of Remote Work Infrastructure
Remote work’s productivity gains are shadowed by rising cyber threats, especially weak home Wi‑Fi, sophisticated phishing, and data exposure through BYOD practices. Employees lack security expertise, making self‑policing impossible and corporate controls hard to enforce outside the office. The article...
How to Avoid Confidentiality Gaps in Early-Stage Startups
Early‑stage startups often sacrifice confidentiality for speed, leaving critical data exposed during pitches, hiring, and partnership talks. Two recurring gaps—lack of security protocols and delayed legal safeguards—lead to breaches that cost billions annually. A lightweight, repeatable NDA workflow—dual pitch decks,...
Fake Zoom, Teams Meeting Invites Use Compromised Certificates to Drop Malware
Researchers at Microsoft Defender uncovered a new phishing campaign that disguises malicious updates for Zoom, Microsoft Teams and Adobe Reader as legitimate meeting invites. The attackers leverage stolen Extended Validation certificates from TrustConnect Software to make the payloads appear trusted,...
The Most Common Swap Scams in 2026, and How to Avoid Them
Crypto swap scams have become more sophisticated in 2026, targeting users across DEXs and centralized exchanges. Scammers use fake interfaces, phishing URLs, unlimited approval requests, and MEV sandwich attacks to drain funds. The guide outlines common vectors—approval and permit scams,...
Archipelo and Checkmarx Announce Partnership Connecting AppSec Detection with DevSPM
Archipelo and Checkmarx announced a technical partnership that links application vulnerability findings with development‑origin context. The integration combines Archipelo’s Developer Security Posture Management (DevSPM) with Checkmarx’s Application Security Posture Management (ASPM) to surface who, how, and whether AI tools contributed...
Criminal IP to Present Decision-Ready Threat Intelligence at RSAC™ 2026
Criminal IP, an AI‑driven attack‑surface management and cyber‑threat intelligence platform, will exhibit at RSAC 2026 in San Francisco from March 23‑26. The company will host visitors at Booth N‑6555, offering live demos, one‑on‑one consultations, and hands‑on guidance. Serving more than 150 countries, Criminal IP combines large‑scale...
Pakistan’s Top News Channels Hacked and Hijacked With Anti-Military Messages
On March 1, 2026, Pakistan’s leading news channels Geo News, ARY News and Samaa TV were hijacked during the Ramadan Iftar slot, with hackers inserting anti‑military messages into the live feed. The intrusion was achieved by commandeering the PakSat satellite...
Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat
Link11’s European Cyber Report 2026 shows DDoS attacks surged 75% in 2025, reaching a record 12,388 minutes of continuous assault and 509 TB of traffic. Three attacks topped 1 Tbit/s, with the strongest at 1.33 Tbit/s, indicating terabit‑scale threats are now routine. The data...
How to Cut MTTR by Improving Threat Visibility in Your SOC
Mean Time to Respond (MTTR) is a critical KPI linking security speed to business risk. The article explains that poor threat visibility—stale data, alert overload, fragmented tools—drives MTTR higher, while high‑quality, execution‑verified threat intelligence can compress response times. ANY.RUN’s sandbox‑derived...
$300 a Month Android Malware ‘Oblivion’ Uses Fake Updates to Hijack Phones
A new Android Remote Access Trojan called Oblivion is being sold on the public web for $300 a month, with longer‑term plans up to $2,200. The malware disguises itself as a legitimate Google Play update, hijacking the Accessibility Service to...
Sendmarc Releases DMARCbis Fireside Chat Featuring Co-Editor Todd Herr
Sendmarc has published a fireside chat with DMARCbis co‑editor Todd Herr, outlining the draft’s progress toward Proposed Standard status. The discussion details upcoming tag revisions, clearer reporting expectations, and a DNS tree‑walk method for receiver‑side domain discovery. Herr emphasizes that...
How to Maximize DDoS Readiness with Proactive Protection Strategies
Cyber Security Intelligence reports a surge in DDoS attacks in 2025, with assaults escalating from gigabyte to terabyte volumes. The article outlines proactive protection steps, starting with comprehensive risk assessments that inventory public‑facing assets and establish traffic baselines. It then...
Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks
Researchers at Novee Security uncovered 13 vulnerability categories and 16 zero‑day flaws across Foxit and Apryse PDF platforms, including critical XSS and OS command injection bugs. Using a human‑agent AI swarm, they rapidly identified high‑impact issues such as one‑click attacks...
Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack
Security researchers at Veracode uncovered a malicious NPM package named buildrunner-dev that exploits a typosquatting trick to mimic the legitimate buildrunner tool. The package drops a massive batch script that conceals its true commands among random text and then downloads...
Cybersecurity Excellence Awards Reveal Nomination Shift From AI Hype to Governance Execution
Cybersecurity Insiders' 2026 Excellence Awards reveal a notable shift in vendor nominations from AI hype toward concrete governance, identity, and data security solutions. While agentic AI categories are growing rapidly, nominations now emphasize oversight mechanisms, ISO‑42001‑aligned frameworks, and human‑in‑the‑loop controls....
How to Securely Edit and Redact Sensitive PDFs: A Cybersecurity Guide
PDFs remain the go‑to format for confidential data, yet hidden metadata, annotations, and embedded objects often leak information despite password protection. In 2023, over 400 breach incidents were traced to incomplete redactions or metadata exposure. The guide outlines a six‑step...
Hackers Abuse ScreenConnect to Hijack PCs via Fake Social Security Emails
Forcepoint X‑labs uncovered a new phishing campaign that spoofs the US Social Security Administration to deliver a malicious .cmd script. The script auto‑elevates, disables Windows SmartScreen and Mark‑of‑Web, and leverages Alternate Data Streams to hide before silently installing a compromised...
Google Ads and Claude AI Abused to Spread MacSync Malware via ClickFix
Researchers at Moonlock Lab discovered that hackers hijacked verified Google Ads accounts belonging to a children’s charity and a Colombian retailer to promote malicious “ClickFix” links. The ads direct users searching for macOS commands to a counterfeit Claude AI page...
What Interoperability in Healthcare Really Means for Security and Privacy
Healthcare interoperability is accelerating data exchange among hospitals, labs, insurers and pharmacies, but each connection expands the sector's attack surface. Misconfigured integrations, outdated protocols and weak identity controls can leak sensitive patient records, turning routine sharing into a security liability....
The $17 Billion Wake-Up Call: Securing Crypto in the Age of AI Scams
The 2026 Chainalysis report estimates crypto‑related scams cost $17 billion, driven by a 1,400% surge in impersonation attacks and a 456% jump in AI‑enabled fraud. Machine‑learning tools have turned scams into factory‑scale operations, making them 4.5 times more profitable than traditional...
Best Tools for Test Data Management to Accelerate QA Teams in 2026
Test Data Management (TDM) tools are becoming essential for QA and DevOps teams as CI/CD pipelines demand rapid, compliant data provisioning. In 2026, vendors such as K2view, Delphix, Datprof, IBM Optim, Informatica, and Broadcom lead the market, each emphasizing self‑service,...
Most Engagement Data Is Compromised and That’s a Major Security Problem
Most digital engagement metrics are being polluted by bots, synthetic traffic, and identity spoofing, turning them from reliable signals into attack surfaces. Datavault AI is addressing this by building a verification‑first platform that authenticates human actions at the point of...
Pride Month Phishing Targets Employees via Trusted Email Services
Scammers have launched a Pride‑themed phishing campaign weeks before June, exploiting diversity messaging to steal employee credentials. The operation leverages compromised SendGrid accounts to send seemingly internal emails that either promise Pride branding or an opt‑out link, driving engagement regardless...
Navigating MiCA: A Practical Compliance Guide for European CASPs
The EU’s Markets in Crypto‑Assets Regulation (MiCA) replaces disparate national rules with a single, EU‑wide framework for Crypto‑Asset Service Providers (CASPs). It mandates incorporation in an EU member state, a national licence, and capital thresholds ranging from €50,000 to €150,000...
UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server
A UK construction company discovered the Russian‑linked Prometei botnet hidden on its Windows Server in January 2026. The malware entered via weak RDP credentials, installed persistent services, and used Mimikatz to steal network passwords while mining Monero cryptocurrency. Researchers from eSentire’s...
Sanctioned Bulletproof Host Linked to Hijacking of Old Home Routers
Researchers at Infoblox uncovered a global DNS hijacking campaign that compromised outdated home routers in more than 30 countries. Attackers altered router DNS settings, redirecting traffic through servers owned by Aeza International, a U.S.-sanctioned Russian bulletproof hosting provider. The rerouted...
Chinese Mustang Panda Used Fake Diplomatic Briefings to Spy on Officials
Chinese‑linked hacking group Mustang Panda launched a covert espionage campaign in late 2025, distributing counterfeit US diplomatic briefings to government officials across Asia and Eastern Europe. The malicious PDFs triggered infection simply by being opened, deploying the PlugX DOPLUGS downloader...
MomentProof Deploys Patented Digital Asset Protection
MomentProof, Inc. has deployed its patented MomentProof Enterprise platform for AXA, enabling cryptographically sealed, AI‑resilient digital assets in the insurer's claims process. The technology certifies images, video, audio and metadata at capture, providing deterministic authenticity verification. AXA reports eliminated probabilistic...
One Identity Appoints Gihan Munasinghe as Chief Technology Officer
One Identity announced the appointment of Gihan Munasinghe as Chief Technology Officer. Munasinghe brings more than 15 years of experience leading global engineering organizations and modernising legacy platforms. He will steer the engineering team, accelerate the company’s SaaS delivery model...
Everest Ransomware Claims 90GB Data Theft Involving Legacy Polycom Systems
The Everest ransomware group alleges it stole roughly 90 GB of data from legacy Polycom engineering environments, which were acquired by HP in 2022 and now operate under the HP Poly brand. Screenshots released by the gang show file directories, source‑code trees...
Phishing Scam Uses Clean Emails and PDFs to Steal Dropbox Logins
A multi‑stage phishing campaign is targeting business users by sending clean‑looking procurement emails that contain PDFs with hidden clickable buttons. The PDFs exploit AcroForms and FlateDecode to redirect victims to a second file hosted on legitimate Vercel Blob storage, bypassing...
Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries
Researchers at Zimperium’s zLabs have uncovered Arsink, an Android remote‑access trojan that masquerades as over 50 popular apps, including WhatsApp and TikTok. The campaign has infected roughly 45,000 devices in 143 countries, using Telegram, Discord and MediaFire links to distribute...
Common Cloud Migration Security Mistakes (and How to Avoid Them)
Enterprises rushing to the cloud often overlook security, leading to costly gaps. Common pitfalls include naïve lift‑and‑shift migrations, weak identity controls, and inadequate data protection. The article outlines ten frequent mistakes and provides concrete steps—such as workload‑by‑workload assessment, least‑privilege access,...
This Startup Aims to Solve Crypto’s Broken Key Management Problem
Sodot unveiled its Exchange API Vault, a self‑hosted solution that secures cryptocurrency exchange API keys while keeping them instantly available for trading. The vault combines multi‑party computation and trusted execution environments to split keys, preventing plaintext exposure even during high‑frequency...
Russian Cybercrime Platform RAMP Forum Seized by FBI
U.S. FBI seized the clearnet and dark‑web domains of the Russian‑language cybercrime forum RAMP, known for ransomware and access‑broker services. The operation, coordinated with the DOJ’s Computer Crime and Intellectual Property Section and the Southern District of Florida, redirected both...
GoTo Resolve Tool’s Background Activities Compared to Ransomware Tactics
Point Wild’s Lat61 Threat Intelligence team has identified the GoTo Resolve remote‑administration tool, specifically the HEURRemoteAdmin.GoToResolve.gen component, as a Potentially Unwanted Application that can install silently and maintain a hidden, persistent presence on Windows machines. The tool bundles a hidden “32000~”...
Best IT Managed Services for Large Enterprises
Large enterprises are shifting IT from a support function to a strategic growth engine, and the article outlines the criteria that define the best managed services for this scale. It highlights five enterprise‑tier attributes—strategic partnership, transparent governance, proactive operations, comprehensive...
New Fake CAPTCHA Scam Abuses Microsoft Tools to Install Amatera Stealer
Blackpoint Cyber uncovered a new fake CAPTCHA campaign that tricks users into executing a signed Microsoft script, SyncAppvPublishingServer.vbs, to install the Amatera Stealer malware. The attack directs victims to press Windows Key + R, paste a code, and run a command, while fetching...
$6,000 “Stanley” Toolkit Sold on Russian Forums Fakes Secure URLs in Chrome
A new crime‑ware toolkit called Stanley is being sold on Russian‑language forums for $2,000 to $6,000. The kit disguises itself as the Notely note‑taking extension and guarantees that its malicious Chrome extension will pass Google’s Web Store review. Once installed,...
Venezuelan Nationals Face Deportation After Multi State ATM Jackpotting Scheme
Two Venezuelan nationals were convicted of a multi‑state ATM jackpotting scheme that hit banks in South Carolina, Georgia, North Carolina and Virginia. Using laptops and custom malware, they opened older ATMs at night, forcing the machines to dispense cash until...
ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment
ShinyHunters announced a dark‑web leak of alleged databases from SoundCloud, Crunchbase and Betterment after their extortion attempts were rejected. The group posted .onion links on 22 January 2026, offering free access to the dumps. The claimed SoundCloud breach aligns with a December 2025...
Google to Pay $8.25M Settlement Over Child Data Tracking in Play Store
Google agreed to pay $8.25 million to resolve a class‑action lawsuit alleging that its Play Store “Designed for Families” program allowed developers to collect personal data from children under 13 without parental consent. The case centered on the AdMob advertising SDK,...
