Inside Microsoft’s Veteran-to-Tech Workforce Pipeline
Microsoft’s Military Affairs team has expanded the Software and Systems Academy (MSSA) into a nationwide veteran‑to‑tech pipeline, graduating more than 4,000 service members since its 2013 pilot. The program now offers three core learning paths—cloud development, cloud administration, and cybersecurity operations—and partners with over 1,200 employers and numerous universities. Amid a cybersecurity talent crunch, 96% of MSSA graduates seeking work secure positions, many through Microsoft’s talent portal. Curriculum updates reflect AI‑driven security tools and real‑world hiring data, ensuring veterans acquire skills that map directly to current industry needs.
Firewalla Outlines a Zero Trust Approach to Fixing Flat Home Networks
Firewalla introduced a zero‑trust, microsegmentation approach that lets homeowners modernize large, flat Wi‑Fi networks without renumbering IP addresses or reconfiguring devices. Using the AP7 and Orange appliances, users can keep existing SSIDs while automatically isolating legacy IoT, newer smart devices,...
Brakeman: Open-Source Vulnerability Scanner for Ruby on Rails Applications
Brakeman is an open‑source static analysis scanner that inspects Ruby on Rails codebases for security flaws without executing the application. It evaluates controllers, models, views, templates, and dependency versions, flagging injection, XSS, unsafe redirects, and authentication weaknesses. The tool integrates...
Incident Response Lessons Learned the Hard Way
Ryan Seymour, VP of Consulting and Education at ConnectSecure, draws on over twenty years of incident‑response work to explain why many failures begin before an attack even starts. He shows that teams often hesitate when alerts appear, not because of...
AWS Releases Updated PCI PIN Compliance Report for Payment Cryptography
Amazon Web Services has released an updated PCI PIN compliance package for its Payment Cryptography service, confirming a recent third‑party audit with zero findings. The package includes a PCI PIN Attestation of Compliance and a Responsibility Summary that outlines customer obligations. The...
Elastic Agent Builder Expands How Developers Build Production-Ready AI Agents
Elastic has launched the general availability of Agent Builder, a platform that lets developers create secure, context‑driven AI agents in minutes by leveraging Elasticsearch’s unified search and analytics capabilities. The offering includes native data preparation, retrieval, ranking, custom tools, conversational...
Ring Now Lets Users Verify Whether Videos Have Been Altered
Ring has launched Ring Verify, a built‑in authenticity feature that embeds a digital security seal in every video recorded after December 2025. The seal automatically breaks if the footage is trimmed, re‑encoded, or otherwise altered, and users can check verification status...
Iboss Unveils AI-Powered SSPM Capability to Reduce SaaS Risk
iboss introduced an AI‑powered SaaS Security Posture Management (SSPM) capability within its Zero Trust SASE platform. The solution connects to SaaS apps via native APIs, continuously scanning configurations, permissions and data exposure. AI analysis prioritizes misconfigurations and risky sharing, presenting...
Microsoft Introduces Winapp, an Open-Source CLI for Building Windows Apps
Microsoft has launched winapp, an open‑source command‑line interface designed to simplify Windows application development. The tool consolidates SDK management, manifest editing, certificate generation, and packaging into unified commands, supporting project scaffolding, dependency handling, and build/run operations. Winapp integrates with Visual...
Energy Sector Orgs Targeted with AiTM Phishing Campaign
Microsoft has identified a sophisticated AiTM phishing campaign targeting energy‑sector organizations. Attackers use compromised trusted email accounts to send “NEW PROPOSAL – NDA” messages containing a malicious SharePoint link that leads to a fake login page. The page captures credentials...
Claroty Raises $150 Million to Advance Global CPS Protection Platform
Claroty announced a $150 million Series F round led by Golub Growth, with existing investors contributing up to an additional $50 million. The capital will fund both organic and inorganic expansion of its cyber‑physical systems (CPS) protection platform. Claroty positions the funding as...
OpenWrt One Gains Support for Running Debian
Debian now runs on the OpenWrt One router hardware. Engineers added low‑level platform support, bootloader tweaks, and system initialization scripts to enable Debian to boot directly without abstraction layers. The OpenWrt One serves as a reference device for the OpenWrt...
EaseUS Disk Copy 7.0.0 Enables Backup, Restore, and Migration without Multiple Drives Connected
EaseUS released Disk Copy 7.0.0, adding full disk‑imaging capabilities to its previously cloning‑only tool. Users can now create compressed image files, store them independently, and restore them to physical or virtual disks without needing both drives connected. The update also...
Unbounded AI Use Can Break Your Systems
James Wickett, CEO of DryRun Security, warns that organizations are rapidly embedding large‑language‑model (LLM) features into live products without adequate safeguards. He highlights the danger of AI‑generated code being trusted for critical business logic and access control. The video stresses...
MacOS Tahoe Improves Privacy and Communication Safety
Apple’s macOS Tahoe introduces a suite of privacy‑focused features that screen unwanted calls, messages, and online tracking. Native Phone, Messages and FaceTime now offer system‑level unknown‑contact controls, while Safari extends Advanced Fingerprinting Protection to every browsing session. Parental tools let...
Microsoft Updates the Security Baseline for Microsoft 365 Apps for Enterprise
Microsoft has released security baseline version 2512 for Microsoft 365 Apps for enterprise, providing recommended policy settings across Word, Excel, PowerPoint, Outlook, and Access. The baseline addresses macros, add‑ins, ActiveX, Protected View, and update behavior, and is delivered as Group Policy objects...
Check Point Exposure Management Unifies Threat Intelligence, Context, and Remediation
Check Point unveiled Exposure Management, a platform that fuses threat intelligence, vulnerability prioritization, and automated remediation into a single workflow. The solution offers real‑time situational awareness by correlating dark‑web insights, exploitability context, and attack‑surface visibility. It integrates with more than...
Cohesity Enhances Identity Resilience with ITDR Capabilities
Cohesity has introduced Identity Threat Detection and Response (ITDR) capabilities, extending its Identity Resilience suite to protect Active Directory and Microsoft Entra ID. The solution continuously monitors identity posture, flags risky changes, and detects attack patterns before an incident. During...
Vectra AI Helps Organizations Prevent AI-Powered Cyberattacks
Vectra AI unveiled a next‑generation platform designed to safeguard the emerging AI enterprise, where machine‑speed workloads span on‑premises, multi‑cloud, SaaS, IoT and edge environments. The solution delivers unified observability, automatically discovers AI agents as first‑class identities, and uses behavior‑driven AI...
Rust Package Registry Adds Security Tools and Metrics to crates.io
The Rust package registry crates.io has introduced a Security tab that surfaces RustSec advisories and flags vulnerable versions on each crate page. Publishing workflows were enhanced with Trusted Publishing support for GitLab CI/CD, enabling OIDC‑based authentication without long‑lived tokens. New...
Linux Users Targeted by Crypto Thieves via Hijacked Apps on Snap Store
Security researcher Alan Pope revealed that crypto thieves are hijacking expired domains linked to Snap Store publishers to gain Snapcraft account access and push malicious updates. The attackers replace benign snaps with crypto‑wallet malware that steals recovery phrases via automatic...
Cside Targets Hidden Website Privacy Violations with Privacy Watch
cside unveiled Privacy Watch, an AI‑driven platform that continuously monitors client‑side third‑party scripts for hidden data collection and privacy violations. The tool automatically generates evidence logs and regulation‑specific reports to help organizations meet GDPR, CPRA, HIPAA and emerging state‑level requirements. With...
Cybercriminals Speak the Language Young People Trust
Criminal networks are systematically recruiting minors through familiar platforms such as TikTok, Instagram, Snapchat and Discord, using encrypted messaging and crypto payments to mask their activities. They speak in coded, game‑like language that makes illegal tasks appear low‑risk and rewarding,...
Bandit: Open-Source Tool Designed to Find Security Issues in Python Code
Bandit is an open‑source Python security scanner maintained by the PyCQA community. It parses source files and flags risky patterns such as unsafe eval calls, weak cryptography, hard‑coded credentials, and insecure temporary file handling. Each finding is annotated with severity...
The 2026 State of Pentesting: Why Delivery and Follow-Through Matter More than Ever
Penetration testing has shifted from static, point‑in‑time reports to continuous, outcome‑driven programs. Modern teams now demand real‑time delivery, automated routing of findings, and closed‑loop validation to reduce risk. Platforms like PlexTrac enable centralized visibility, integration with ticketing tools, and automated...
Security Leaders Push for Continuous Controls as Audits Stay Manual
Security and risk teams still rely heavily on manual GRC processes, spending thousands of person‑hours each year collecting evidence and preparing audits. While organizations adopt automation for policy management and evidence gathering, deeper workflow automation and continuous controls monitoring remain...
Ping Identity Launches Universal Services for Ongoing Identity Assurance
Ping Identity introduced Universal Services, a continuous identity assurance suite that extends trust beyond the login event to every digital interaction. The offering integrates with any existing identity provider via standard APIs, allowing enterprises to validate, re‑verify, and adapt protections...
Endace Pushes Packet Capture Into Real-Time Security Workflows
Endace released OSm 7.3, a major update that dramatically speeds packet‑capture search and adds a Vault REST API for automated forensic data access. The new search engine delivers up to 50‑fold performance gains, cutting typical query times from nearly a minute...
Radware Targets API Blind Spots with Real-Time Lifecycle Protection
Radware announced its API Security Service, an end‑to‑end platform that safeguards APIs throughout their entire lifecycle using live production traffic. The solution tackles OWASP Top 10 API risks, including sophisticated Layer 7 DDoS attacks, by delivering continuous discovery, runtime posture management, and...
Confusion and Fear Send People to Reddit for Cybersecurity Advice
Researchers from Google and University College London examined 1.1 billion Reddit posts from 2021‑2024 to map how users seek cybersecurity help. Help‑seeking activity remained steady until a sharp 66 % jump in 2024, topping 100 000 questions per month by August. Scams, account‑access...
Keepnet Bets on Agentic AI Behavioral Training to Curb Security Mistakes
Keepnet introduced Agentic AI for Behavioral Microlearning, shifting training success metrics from completion rates to measurable behavior change and incident reduction. The autonomous platform plans, creates, delivers, and optimizes short, contextual lessons using real‑time risk data, cutting content‑creation time from...
British Army to Spend £279 Million on Permanent Cyber Regiment Base
The British Army will invest £279 million to build a permanent base for its 13 Signal Regiment at Duke of Gloucester Barracks in Gloucestershire. The new facility will house cyber training, operations, and the Army’s Cyber, Information and Security Operations Centre, enhancing...
SEON Identity Verification Combines KYC Checks with Real-Time Fraud Intelligence
SEON introduced an AI‑powered Identity Verification solution that combines document validation, biometric liveness detection, proof‑of‑address checks, and optional government database queries within its unified risk platform. The service draws on more than 900 real‑time fraud signals to evaluate both the...
Global Tensions Are Pushing Cyber Activity Toward Dangerous Territory
Geopolitical rivalries are increasingly manifesting as cyber operations that target critical infrastructure, disinformation networks, and supply‑chain dependencies. Recent incidents—from the Ukrainian power‑grid outage to a Norwegian dam breach—illustrate how state actors can weaponize digital tools against civilian services. AI‑generated disinformation...
Rubrik Introduces Security Cloud Sovereign for Data Sovereignty and Regulatory Compliance
Rubrik unveiled Security Cloud Sovereign, a data‑protection platform that keeps all data, metadata, and control planes inside a customer‑chosen jurisdiction. The solution offers immutable safeguards that prevent encryption, deletion, or alteration even if attackers gain elevated access. Integrated threat‑detection analytics...
Review: AI Strategy and Security
AI Strategy and Security, authored by Dr. Donnie W. Wendt, is a practical guide for technology leaders and security professionals designing enterprise AI programs. The book maps AI adoption to business objectives, outlines readiness assessments, and defines a comprehensive team...
Bytebase: Open-Source Database DevOps Tool
Bytebase is an open‑source DevOps platform that streamlines database schema and data changes through a structured change‑request workflow. It lets teams submit SQL changes, run automated reviews, and track executions across development, staging, and production environments. The tool includes built‑in...
New Intelligence Is Moving Faster than Enterprise Controls
A new NTT global study finds AI integration outpaces enterprise security and governance. Companies expand AI deployments but many lack infrastructure readiness, data integrity controls, and mature governance. Only a small share can support AI at scale; performance drives design,...
Who’s on the Other End? Rented Accounts Are Stress-Testing Trust in Gig Platforms
A TransUnion study of U.S. gig workers reveals that 34% have been defrauded by customers, while nearly half admit to renting or selling their accounts. Victims demand stronger identity checks, yet confidence in existing safety tools remains low. The research...
Bitwarden Advances Passkeys and Credential Risk Controls
Bitwarden unveiled Access Intelligence, delivering application‑level visibility into weak, reused or exposed credentials and guiding remediation, cutting average resolution time from nine days. The company also expanded passkey support, adding native Windows 11 integration, cross‑platform portability via the FIDO Credential Exchange...
F5 Targets AI Runtime Risk with New Guardrails and Adversarial Testing Tools
F5 announced the general availability of two AI‑runtime security products—F5 AI Guardrails and F5 AI Red Team. The Guardrails solution provides model‑agnostic, real‑time protection for AI agents, while the Red Team offers automated adversarial testing using a continuously updated threat...
Asimily Extends Cisco ISE Integration to Turn Device Risk Into Segmentation Policy
Asimily announced new microsegmentation capabilities that add Security Group Access Control List (SGACL) support to Cisco Identity Services Engine (ISE). The integration lets organizations automatically translate device classification, behavior analysis, and risk scores into enforceable segmentation policies. By extending its...
Microsoft Shuts Down RedVDS Cybercrime Subscription Service Tied to Millions in Fraud Losses
Microsoft announced a coordinated legal operation in the United States and United Kingdom, backed by Europol and German authorities, to dismantle RedVDS, a subscription‑based cybercrime platform. Since March 2025, RedVDS has enabled fraudsters to rent disposable virtual machines for $24...
LinkedIn Wants to Make Verification a Portable Trust Signal
LinkedIn is launching a self‑serve API that lets its Verified on LinkedIn badge be displayed on third‑party platforms, turning the verification badge into a portable trust signal. The company reports that 75 members verify each minute, now exceeding 100 million verified...
QR Codes Are Getting Colorful, Fancy, and Dangerous
QR codes have evolved from plain black‑and‑white squares to colorful, logo‑embedded designs, making them a popular yet risky communication channel. Researchers at Deakin University identified a surge in "quishing" attacks that exploit these stylized codes to bypass traditional URL‑based security...
Cybersecurity Spending Keeps Rising, so Why Is Business Impact Still Hard to Explain?
Cybersecurity budgets are set to increase again, yet security leaders still struggle to demonstrate clear business value. Finance executives express uneven trust in security teams’ ability to translate risk mitigation into financial outcomes, creating friction in budget approvals. Divergent definitions...
The NSA Lays Out the First Steps for Zero Trust Adoption
The National Security Agency has published the first two documents in its Zero Trust Implementation Guidelines series—a Primer and a Discovery Phase guide. The Primer explains the structure and principles of the series, while the Discovery Phase directs organizations to...
Webinar: Beyond the Quadrant: An Analyst’s Guide to Evaluating Email Security in 2026
Former Gartner analyst Ravisha Chugh and Abnormal’s Director of Product Marketing Lane Billings will host a webinar on January 20 2026, revealing how email‑security vendors will be evaluated in 2026. The session outlines Gartner’s evaluation criteria, essential vendor questions, red‑flags, and a proven shortlisting...
Airia Adds AI Governance for Compliance, Accountability, and Control
Airia has launched an AI Governance product, completing its three‑pillar enterprise AI management ecosystem alongside AI Security and Agent Orchestration. The new suite offers a governance dashboard, model and agent registries, compliance automation, and risk assessment tools to provide end‑to‑end...
One Identity Manager 10.0 Introduces Risk-Based Governance and ITDR Capabilities
One Identity launched Manager 10.0, adding risk‑based governance, identity threat detection and response (ITDR) playbooks, and AI‑assisted natural‑language reporting. The upgrade integrates third‑party UEBA risk scores, automates remediation actions, and introduces a browser‑based admin console. Enhanced Syslog CEF formatting improves SIEM...