EaseUS Disk Copy 7.0.0 Enables Backup, Restore, and Migration without Multiple Drives Connected
EaseUS released Disk Copy 7.0.0, adding full disk‑imaging capabilities to its previously cloning‑only tool. Users can now create compressed image files, store them independently, and restore them to physical or virtual disks without needing both drives connected. The update also supports selective partition recovery, multi‑OS cloning, and VHD/VHDX formats, expanding use cases for backup, migration, and deployment. Existing and new customers can upgrade or download the Windows version immediately.
Unbounded AI Use Can Break Your Systems
James Wickett, CEO of DryRun Security, warns that organizations are rapidly embedding large‑language‑model (LLM) features into live products without adequate safeguards. He highlights the danger of AI‑generated code being trusted for critical business logic and access control. The video stresses...
MacOS Tahoe Improves Privacy and Communication Safety
Apple’s macOS Tahoe introduces a suite of privacy‑focused features that screen unwanted calls, messages, and online tracking. Native Phone, Messages and FaceTime now offer system‑level unknown‑contact controls, while Safari extends Advanced Fingerprinting Protection to every browsing session. Parental tools let...
Microsoft Updates the Security Baseline for Microsoft 365 Apps for Enterprise
Microsoft has released security baseline version 2512 for Microsoft 365 Apps for enterprise, providing recommended policy settings across Word, Excel, PowerPoint, Outlook, and Access. The baseline addresses macros, add‑ins, ActiveX, Protected View, and update behavior, and is delivered as Group Policy objects...
Check Point Exposure Management Unifies Threat Intelligence, Context, and Remediation
Check Point unveiled Exposure Management, a platform that fuses threat intelligence, vulnerability prioritization, and automated remediation into a single workflow. The solution offers real‑time situational awareness by correlating dark‑web insights, exploitability context, and attack‑surface visibility. It integrates with more than...
Cohesity Enhances Identity Resilience with ITDR Capabilities
Cohesity has introduced Identity Threat Detection and Response (ITDR) capabilities, extending its Identity Resilience suite to protect Active Directory and Microsoft Entra ID. The solution continuously monitors identity posture, flags risky changes, and detects attack patterns before an incident. During...
Vectra AI Helps Organizations Prevent AI-Powered Cyberattacks
Vectra AI unveiled a next‑generation platform designed to safeguard the emerging AI enterprise, where machine‑speed workloads span on‑premises, multi‑cloud, SaaS, IoT and edge environments. The solution delivers unified observability, automatically discovers AI agents as first‑class identities, and uses behavior‑driven AI...
Rust Package Registry Adds Security Tools and Metrics to crates.io
The Rust package registry crates.io has introduced a Security tab that surfaces RustSec advisories and flags vulnerable versions on each crate page. Publishing workflows were enhanced with Trusted Publishing support for GitLab CI/CD, enabling OIDC‑based authentication without long‑lived tokens. New...
Linux Users Targeted by Crypto Thieves via Hijacked Apps on Snap Store
Security researcher Alan Pope revealed that crypto thieves are hijacking expired domains linked to Snap Store publishers to gain Snapcraft account access and push malicious updates. The attackers replace benign snaps with crypto‑wallet malware that steals recovery phrases via automatic...
Cside Targets Hidden Website Privacy Violations with Privacy Watch
cside unveiled Privacy Watch, an AI‑driven platform that continuously monitors client‑side third‑party scripts for hidden data collection and privacy violations. The tool automatically generates evidence logs and regulation‑specific reports to help organizations meet GDPR, CPRA, HIPAA and emerging state‑level requirements. With...
Cybercriminals Speak the Language Young People Trust
Criminal networks are systematically recruiting minors through familiar platforms such as TikTok, Instagram, Snapchat and Discord, using encrypted messaging and crypto payments to mask their activities. They speak in coded, game‑like language that makes illegal tasks appear low‑risk and rewarding,...
Bandit: Open-Source Tool Designed to Find Security Issues in Python Code
Bandit is an open‑source Python security scanner maintained by the PyCQA community. It parses source files and flags risky patterns such as unsafe eval calls, weak cryptography, hard‑coded credentials, and insecure temporary file handling. Each finding is annotated with severity...
The 2026 State of Pentesting: Why Delivery and Follow-Through Matter More than Ever
Penetration testing has shifted from static, point‑in‑time reports to continuous, outcome‑driven programs. Modern teams now demand real‑time delivery, automated routing of findings, and closed‑loop validation to reduce risk. Platforms like PlexTrac enable centralized visibility, integration with ticketing tools, and automated...
Security Leaders Push for Continuous Controls as Audits Stay Manual
Security and risk teams still rely heavily on manual GRC processes, spending thousands of person‑hours each year collecting evidence and preparing audits. While organizations adopt automation for policy management and evidence gathering, deeper workflow automation and continuous controls monitoring remain...
Ping Identity Launches Universal Services for Ongoing Identity Assurance
Ping Identity introduced Universal Services, a continuous identity assurance suite that extends trust beyond the login event to every digital interaction. The offering integrates with any existing identity provider via standard APIs, allowing enterprises to validate, re‑verify, and adapt protections...
Endace Pushes Packet Capture Into Real-Time Security Workflows
Endace released OSm 7.3, a major update that dramatically speeds packet‑capture search and adds a Vault REST API for automated forensic data access. The new search engine delivers up to 50‑fold performance gains, cutting typical query times from nearly a minute...
Radware Targets API Blind Spots with Real-Time Lifecycle Protection
Radware announced its API Security Service, an end‑to‑end platform that safeguards APIs throughout their entire lifecycle using live production traffic. The solution tackles OWASP Top 10 API risks, including sophisticated Layer 7 DDoS attacks, by delivering continuous discovery, runtime posture management, and...
Confusion and Fear Send People to Reddit for Cybersecurity Advice
Researchers from Google and University College London examined 1.1 billion Reddit posts from 2021‑2024 to map how users seek cybersecurity help. Help‑seeking activity remained steady until a sharp 66 % jump in 2024, topping 100 000 questions per month by August. Scams, account‑access...
Keepnet Bets on Agentic AI Behavioral Training to Curb Security Mistakes
Keepnet introduced Agentic AI for Behavioral Microlearning, shifting training success metrics from completion rates to measurable behavior change and incident reduction. The autonomous platform plans, creates, delivers, and optimizes short, contextual lessons using real‑time risk data, cutting content‑creation time from...
British Army to Spend £279 Million on Permanent Cyber Regiment Base
The British Army will invest £279 million to build a permanent base for its 13 Signal Regiment at Duke of Gloucester Barracks in Gloucestershire. The new facility will house cyber training, operations, and the Army’s Cyber, Information and Security Operations Centre, enhancing...
SEON Identity Verification Combines KYC Checks with Real-Time Fraud Intelligence
SEON introduced an AI‑powered Identity Verification solution that combines document validation, biometric liveness detection, proof‑of‑address checks, and optional government database queries within its unified risk platform. The service draws on more than 900 real‑time fraud signals to evaluate both the...
Global Tensions Are Pushing Cyber Activity Toward Dangerous Territory
Geopolitical rivalries are increasingly manifesting as cyber operations that target critical infrastructure, disinformation networks, and supply‑chain dependencies. Recent incidents—from the Ukrainian power‑grid outage to a Norwegian dam breach—illustrate how state actors can weaponize digital tools against civilian services. AI‑generated disinformation...
Rubrik Introduces Security Cloud Sovereign for Data Sovereignty and Regulatory Compliance
Rubrik unveiled Security Cloud Sovereign, a data‑protection platform that keeps all data, metadata, and control planes inside a customer‑chosen jurisdiction. The solution offers immutable safeguards that prevent encryption, deletion, or alteration even if attackers gain elevated access. Integrated threat‑detection analytics...
Review: AI Strategy and Security
AI Strategy and Security, authored by Dr. Donnie W. Wendt, is a practical guide for technology leaders and security professionals designing enterprise AI programs. The book maps AI adoption to business objectives, outlines readiness assessments, and defines a comprehensive team...
Bytebase: Open-Source Database DevOps Tool
Bytebase is an open‑source DevOps platform that streamlines database schema and data changes through a structured change‑request workflow. It lets teams submit SQL changes, run automated reviews, and track executions across development, staging, and production environments. The tool includes built‑in...
New Intelligence Is Moving Faster than Enterprise Controls
A new NTT global study finds AI integration outpaces enterprise security and governance. Companies expand AI deployments but many lack infrastructure readiness, data integrity controls, and mature governance. Only a small share can support AI at scale; performance drives design,...
Who’s on the Other End? Rented Accounts Are Stress-Testing Trust in Gig Platforms
A TransUnion study of U.S. gig workers reveals that 34% have been defrauded by customers, while nearly half admit to renting or selling their accounts. Victims demand stronger identity checks, yet confidence in existing safety tools remains low. The research...
Bitwarden Advances Passkeys and Credential Risk Controls
Bitwarden unveiled Access Intelligence, delivering application‑level visibility into weak, reused or exposed credentials and guiding remediation, cutting average resolution time from nine days. The company also expanded passkey support, adding native Windows 11 integration, cross‑platform portability via the FIDO Credential Exchange...
F5 Targets AI Runtime Risk with New Guardrails and Adversarial Testing Tools
F5 announced the general availability of two AI‑runtime security products—F5 AI Guardrails and F5 AI Red Team. The Guardrails solution provides model‑agnostic, real‑time protection for AI agents, while the Red Team offers automated adversarial testing using a continuously updated threat...
Asimily Extends Cisco ISE Integration to Turn Device Risk Into Segmentation Policy
Asimily announced new microsegmentation capabilities that add Security Group Access Control List (SGACL) support to Cisco Identity Services Engine (ISE). The integration lets organizations automatically translate device classification, behavior analysis, and risk scores into enforceable segmentation policies. By extending its...
Microsoft Shuts Down RedVDS Cybercrime Subscription Service Tied to Millions in Fraud Losses
Microsoft announced a coordinated legal operation in the United States and United Kingdom, backed by Europol and German authorities, to dismantle RedVDS, a subscription‑based cybercrime platform. Since March 2025, RedVDS has enabled fraudsters to rent disposable virtual machines for $24...
LinkedIn Wants to Make Verification a Portable Trust Signal
LinkedIn is launching a self‑serve API that lets its Verified on LinkedIn badge be displayed on third‑party platforms, turning the verification badge into a portable trust signal. The company reports that 75 members verify each minute, now exceeding 100 million verified...
QR Codes Are Getting Colorful, Fancy, and Dangerous
QR codes have evolved from plain black‑and‑white squares to colorful, logo‑embedded designs, making them a popular yet risky communication channel. Researchers at Deakin University identified a surge in "quishing" attacks that exploit these stylized codes to bypass traditional URL‑based security...
Cybersecurity Spending Keeps Rising, so Why Is Business Impact Still Hard to Explain?
Cybersecurity budgets are set to increase again, yet security leaders still struggle to demonstrate clear business value. Finance executives express uneven trust in security teams’ ability to translate risk mitigation into financial outcomes, creating friction in budget approvals. Divergent definitions...
The NSA Lays Out the First Steps for Zero Trust Adoption
The National Security Agency has published the first two documents in its Zero Trust Implementation Guidelines series—a Primer and a Discovery Phase guide. The Primer explains the structure and principles of the series, while the Discovery Phase directs organizations to...
Webinar: Beyond the Quadrant: An Analyst’s Guide to Evaluating Email Security in 2026
Former Gartner analyst Ravisha Chugh and Abnormal’s Director of Product Marketing Lane Billings will host a webinar on January 20 2026, revealing how email‑security vendors will be evaluated in 2026. The session outlines Gartner’s evaluation criteria, essential vendor questions, red‑flags, and a proven shortlisting...
Airia Adds AI Governance for Compliance, Accountability, and Control
Airia has launched an AI Governance product, completing its three‑pillar enterprise AI management ecosystem alongside AI Security and Agent Orchestration. The new suite offers a governance dashboard, model and agent registries, compliance automation, and risk assessment tools to provide end‑to‑end...
One Identity Manager 10.0 Introduces Risk-Based Governance and ITDR Capabilities
One Identity launched Manager 10.0, adding risk‑based governance, identity threat detection and response (ITDR) playbooks, and AI‑assisted natural‑language reporting. The upgrade integrates third‑party UEBA risk scores, automates remediation actions, and introduces a browser‑based admin console. Enhanced Syslog CEF formatting improves SIEM...
Scamnetic Delivers Fraud Protection Across All Payment Types
Scamnetic launched its patent‑pending IDeveryone Payment Protection solution, extending identity‑proofing to every payment channel—from push and digital payments to cryptocurrency, checks, wire transfers and ACH. The offering adds real‑time recipient verification and optional insurance, aiming to curb the $442 billion global...
CISO Assistant: Open-Source Cybersecurity Management and GRC
CISO Assistant’s community edition is an open‑source governance, risk, and compliance (GRC) platform that lets security teams document assets, risks, controls, and framework alignment in a single, self‑hosted system. The tool ships with built‑in mappings to ISO 27001, NIST CSF, and...
Firmware Scanning Time, Cost, and Where Teams Run EMBA
A new research paper compares the EMBA firmware analysis tool on a local workstation and an Azure virtual machine, measuring execution time, repeatability, and cost. Identical configurations and a common firmware set were used, revealing that scan duration depends more...
How AI Image Tools Can Be Tricked Into Making Political Propaganda
A new study shows that commercial text‑to‑image models can be coaxed into generating political propaganda by replacing explicit names with descriptive profiles and fragmenting prompts across multiple low‑risk languages. Researchers tested GPT‑4o, GPT‑5 and GPT‑5.1, achieving bypass rates up to...
F5 NGINXaaS for Google Cloud Protects Cloud-Native Applications
F5 has introduced F5 NGINXaaS for Google Cloud, a managed, cloud‑native application delivery‑as‑a‑service that unifies load balancing, security and observability. Developed with Google Cloud, the service is available through the Marketplace and targets containerized, AI‑enabled workloads. It offers programmable traffic...
Concentric AI Releases Private Scan Manager for AWS GovCloud (US)
Concentric AI has added Private Scan Manager support for AWS GovCloud (US), allowing federal agencies, contractors, and partners to run its Semantic Intelligence platform within isolated, U.S.-only cloud regions. The extension follows earlier 2025 announcements of private‑cloud scanning for Azure...
Noction Adds Automatic Anomaly Detection to IRP v4.3 for Faster DDoS Mitigation
Noction launched Intelligent Routing Platform (IRP) v4.3, adding Automatic Anomaly Detection (AAD) that spots abnormal traffic and triggers edge‑level DDoS mitigation. The system can automatically apply BGP FlowSpec filters or blackhole traffic, with optional operator review. IRP v4.3 also upgrades Commit Control...
Minimal Ubuntu Pro Expands Canonical’s Cloud Security Offerings
Canonical has launched Minimal Ubuntu Pro images for public cloud platforms, delivering a leaner base OS with only essential components. The images retain Ubuntu Pro’s extended security maintenance, covering core packages and critical cloud functionality. They are now available through...
AI EdgeLabs Launches Compliance Center and Linux Audit for NIS2 and CRA Readiness
AI EdgeLabs unveiled its Compliance Center and Linux Audit suite, targeting organizations bound by the EU NIS2 directive and the Cyber Resilience Act. The platform replaces manual reporting with continuous, AI‑driven visibility, delivering a unified risk score and real‑time posture...
Parrot OS Shares Its 2026 Plans for Security Tools and Platform Support
Parrot OS, the Debian‑based cybersecurity distribution, released version 7.0 in late 2025 and outlined its 2026 roadmap. The plan adds new security and AI‑focused tools, enhances lightweight, container and cloud deployment support, and expands documentation for repeatable labs. Development will...
Rakuten Viber CISO/CTO on Balancing Encryption, Abuse Prevention, and Platform Resilience
Rakuten Viber’s CISO/CTO Liad Shnell says the messenger is now critical infrastructure, so security priorities extend beyond confidentiality to availability, integrity and abuse resilience. The platform ships end‑to‑end encryption by default and relies on AI‑driven analysis of metadata, behavioral signals...
Turning Cyber Metrics Into Decisions Leaders Can Act On
In a Help Net Security video, Myriad360 Field CISO Bryan Sacks argues that cybersecurity metrics should inform executive decisions rather than serve merely as reporting tools. He emphasizes aligning security initiatives with business priorities set by CEOs and boards, using...
