Scamnetic Delivers Fraud Protection Across All Payment Types
Scamnetic launched its patent‑pending IDeveryone Payment Protection solution, extending identity‑proofing to every payment channel—from push and digital payments to cryptocurrency, checks, wire transfers and ACH. The offering adds real‑time recipient verification and optional insurance, aiming to curb the $442 billion global fraud losses recorded over the past year. By focusing on the actual fund recipient rather than just the account name, IDeveryone promises deeper security for financial institutions, fintechs and payment providers. The rollout comes amid rising fraud incidents, with 79% of U.S. firms hit by payment scams in 2024.
CISO Assistant: Open-Source Cybersecurity Management and GRC
CISO Assistant’s community edition is an open‑source governance, risk, and compliance (GRC) platform that lets security teams document assets, risks, controls, and framework alignment in a single, self‑hosted system. The tool ships with built‑in mappings to ISO 27001, NIST CSF, and...
Firmware Scanning Time, Cost, and Where Teams Run EMBA
A new research paper compares the EMBA firmware analysis tool on a local workstation and an Azure virtual machine, measuring execution time, repeatability, and cost. Identical configurations and a common firmware set were used, revealing that scan duration depends more...
How AI Image Tools Can Be Tricked Into Making Political Propaganda
A new study shows that commercial text‑to‑image models can be coaxed into generating political propaganda by replacing explicit names with descriptive profiles and fragmenting prompts across multiple low‑risk languages. Researchers tested GPT‑4o, GPT‑5 and GPT‑5.1, achieving bypass rates up to...
F5 NGINXaaS for Google Cloud Protects Cloud-Native Applications
F5 has introduced F5 NGINXaaS for Google Cloud, a managed, cloud‑native application delivery‑as‑a‑service that unifies load balancing, security and observability. Developed with Google Cloud, the service is available through the Marketplace and targets containerized, AI‑enabled workloads. It offers programmable traffic...
Concentric AI Releases Private Scan Manager for AWS GovCloud (US)
Concentric AI has added Private Scan Manager support for AWS GovCloud (US), allowing federal agencies, contractors, and partners to run its Semantic Intelligence platform within isolated, U.S.-only cloud regions. The extension follows earlier 2025 announcements of private‑cloud scanning for Azure...
Noction Adds Automatic Anomaly Detection to IRP v4.3 for Faster DDoS Mitigation
Noction launched Intelligent Routing Platform (IRP) v4.3, adding Automatic Anomaly Detection (AAD) that spots abnormal traffic and triggers edge‑level DDoS mitigation. The system can automatically apply BGP FlowSpec filters or blackhole traffic, with optional operator review. IRP v4.3 also upgrades Commit Control...
Minimal Ubuntu Pro Expands Canonical’s Cloud Security Offerings
Canonical has launched Minimal Ubuntu Pro images for public cloud platforms, delivering a leaner base OS with only essential components. The images retain Ubuntu Pro’s extended security maintenance, covering core packages and critical cloud functionality. They are now available through...
AI EdgeLabs Launches Compliance Center and Linux Audit for NIS2 and CRA Readiness
AI EdgeLabs unveiled its Compliance Center and Linux Audit suite, targeting organizations bound by the EU NIS2 directive and the Cyber Resilience Act. The platform replaces manual reporting with continuous, AI‑driven visibility, delivering a unified risk score and real‑time posture...
Parrot OS Shares Its 2026 Plans for Security Tools and Platform Support
Parrot OS, the Debian‑based cybersecurity distribution, released version 7.0 in late 2025 and outlined its 2026 roadmap. The plan adds new security and AI‑focused tools, enhances lightweight, container and cloud deployment support, and expands documentation for repeatable labs. Development will...
Rakuten Viber CISO/CTO on Balancing Encryption, Abuse Prevention, and Platform Resilience
Rakuten Viber’s CISO/CTO Liad Shnell says the messenger is now critical infrastructure, so security priorities extend beyond confidentiality to availability, integrity and abuse resilience. The platform ships end‑to‑end encryption by default and relies on AI‑driven analysis of metadata, behavioral signals...
Turning Cyber Metrics Into Decisions Leaders Can Act On
In a Help Net Security video, Myriad360 Field CISO Bryan Sacks argues that cybersecurity metrics should inform executive decisions rather than serve merely as reporting tools. He emphasizes aligning security initiatives with business priorities set by CEOs and boards, using...
Teaching Cybersecurity by Letting Students Break Things
Airbus Cybersecurity and Dauphine University found that embedding structured hacking, social engineering, and capture‑the‑flag exercises into curricula dramatically increases student engagement and confidence. The study tracked participants as they assumed attacker, analyst, and insider roles, culminating in a mixed‑reality CTF...
Cybersecurity Jobs Available Right Now: January 13, 2026
The January 2026 cybersecurity job roundup lists more than 30 senior‑level openings across continents, from CISO roles at Australia’s CSIRO to GenAI security specialists in Israel. Positions span core disciplines such as threat hunting, vulnerability management, IAM governance, and OT network...
Booz Allen Hamilton and Andreessen Horowitz Accelerate Commercial Tech for Government
Booz Allen Hamilton announced a partnership with Andreessen Horowitz, designating Booz Allen as the a16z Technology Acceleration Partner for Governments. The alliance will connect a16z’s portfolio startups with Booz Allen’s deep mission expertise, secure‑network capabilities, and engineering talent to fast‑track...
Debian 13.3 Is Now Available with Targeted Corrections, Updates
Debian 13.3, the third point release for the stable “trixie” branch, is now available. It bundles over one hundred package adjustments and multiple security patches, covering core services such as Apache HTTP Server, GNOME components, and container tools. Existing Debian...
Rethinking OT Security for Project Heavy Shipyards
Hans Quivooij, CISO of Damen Shipyards, explains how the project‑driven, contractor‑heavy nature of modern shipyards expands the OT threat surface and renders traditional perimeter security ineffective. He advocates passive network monitoring and strict segmentation to gain visibility into legacy PLCs...
PfSense: Open-Source Firewall and Routing Platform
pfSense Community Edition (CE) is a free, open‑source firewall and routing platform that runs on standard x86 hardware, virtual machines, and select embedded devices. It offers stateful firewalling, IPv4/IPv6 support, VLAN tagging, and multi‑WAN capabilities through an intuitive web interface....
What Security Teams Can Learn From Torrent Metadata
A new research paper demonstrates how open‑source intelligence can turn public torrent metadata into actionable threat intelligence. By harvesting file descriptors, tracker‑provided peer lists and enriching over 60,000 IP addresses with geolocation, ISP and VPN indicators, the authors built network...
EU’s Chat Control Could Put Government Monitoring Inside Robots
EU’s proposed Chat Control regulation, originally targeting online child sexual abuse, now extends to robots that facilitate interpersonal communication. By defining any interactive service as a communication service, the law obliges robot providers to conduct risk assessments and potentially embed...
Week in Review: PoC for Trend Micro Apex Central RCE Released, Patch Tuesday Forecast
The week’s security roundup highlighted a critical proof‑of‑concept for an unauthenticated remote‑code execution flaw in Trend Micro Apex Central (CVE‑2025‑69258) and a newly disclosed exploit of HPE OneView (CVE‑2025‑37164). The UK government unveiled a £210 million Cyber Action Plan to harden public‑service...
European Commission Opens Consultation on EU Digital Ecosystems
The European Commission has launched a public consultation on open digital ecosystems, running from 6 January to 3 February 2026, to gather evidence for a forthcoming Communication due in Q1 2026. The call highlights that 70‑90 % of software code in EU digital systems relies...
January 2026 Patch Tuesday Forecast: And so It Continues
The latest Patch Tuesday briefing highlights Microsoft’s December 2025 update problems, including MSMQ failures and a RemoteApp issue on Windows 11 Azure Virtual Desktop that can be mitigated with a registry key or KIR rollback. Apple released December security patches addressing...
How AI Agents Are Turning Security Inside-Out
AppSec teams now face a new threat from internally built no‑code AI agents that operate across enterprise systems. These agents execute business logic, call APIs, and move data in real time, behaving like always‑on applications with high privileges. Because they...
Security Teams Are Paying More Attention to the Energy Cost of Detection
Security teams are increasingly scrutinizing the energy footprint of detection models as cloud costs and sustainability pressures rise. A recent study measured common anomaly detection algorithms for both traditional performance metrics and their power consumption, introducing an Eco Efficiency Index...
Wi-Fi Evolution Tightens Focus on Access Control
The Wireless Broadband Alliance reports rapid enterprise adoption of Wi‑Fi 7, driven by higher throughput, lower latency, and the newly available 6 GHz spectrum. Mixed‑generation device environments are forcing operators to rethink policy, telemetry, and access control across all radios. Security concerns...
Upwind Choppy AI Simplifies Cloud Security Exploration and Investigation
Upwind has launched Choppy AI, an add‑on that embeds generative‑AI capabilities throughout its Cloud‑Native Application Protection Platform (CNAPP). The tool converts natural‑language commands into visible, editable queries and security rules, letting teams investigate inventories, policies, and vulnerabilities without opaque black‑box...
Cyera Secures $400M to Scale AI-Native Data Security Platform and Enterprise Adoption
Cyera announced a $400 million Series F round, pushing its valuation to $9 billion and bringing total funding above $1.7 billion. The capital, led by Blackstone and backed by existing investors, will accelerate its AI‑native data security platform and global expansion. The company now...
PoC Released for Unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)
Trend Micro issued a critical patch (Build 7190) for its on‑premise Apex Central platform, addressing three remotely exploitable flaws disclosed by Tenable. The most severe, CVE‑2025‑69258, enables unauthenticated attackers to inject a malicious DLL into MsgReceiver.exe and gain SYSTEM‑level code execution....
IPFire Update Brings New Network and Security Features to Firewall Deployments
IPFire released Core Update 199, bringing Wi‑Fi 6 and Wi‑Fi 7 support, native LLDP/CDP discovery, and a Linux 6.12.58 kernel. The update upgrades Suricata to version 8.0.2 and refines OpenVPN handling, including multiple DNS/WINS pushes. It also patches a proxy‑related CVE and improves web‑interface...
StackRox: Open-Source Kubernetes Security Platform
StackRox is an open‑source Kubernetes security platform that unifies build‑time image scanning, configuration analysis, and runtime telemetry. It ingests data from container images, Kubernetes APIs, and live cluster activity to drive policy checks covering vulnerabilities, privilege escalation, and network exposure....
What Happens to Insider Risk when AI Becomes a Coworker
In a Help Net Security video, Living Security CEO Ashley Rose explains that AI’s integration into everyday workflows expands the definition of insider risk to include autonomous agents and automated processes. She notes that most risky actions stem from broken...
Voice Cloning Defenses Are Easier to Undo than Expected
Researchers at a Texas university demonstrated that popular noise‑based voice‑protection tools can be stripped away, restoring speaker identity and enabling cloned voices to pass verification. They introduced VocalBridge, a diffusion‑based system that removes protective noise while preserving natural speech characteristics....
Debian Seeks Volunteers to Rebuild Its Data Protection Team
The Debian Project announced that its Data Protection Team has become inactive after all three members stepped down simultaneously. The responsibilities for handling privacy inquiries, maintaining the public privacy policy, and processing data‑subject requests have temporarily shifted to Project Leader...
WWT Introduces ARMOR, a Vendor-Agnostic Framework for Secure AI Readiness
World Wide Technology (WWT) unveiled ARMOR, a vendor‑agnostic AI Readiness Model for Operational Resilience built with NVIDIA. The framework spans six security domains—from governance and risk to model, infrastructure, operations, SDLC, and data protection—providing end‑to‑end guidance across cloud and on‑prem...
Hexnode XDR Unifies Detection, Investigation, and Response in One Platform
Hexnode has introduced Hexnode XDR, an extended detection and response platform that consolidates threat detection, investigation, and remediation into a single interface. The solution embeds a unified dashboard, real‑time correlation, contextual alerts and one‑click remediation, and it integrates tightly with...
Keysight Empowers Engineering Teams to Build Trustworthy AI Systems
Keysight Technologies launched the AI Software Integrity Builder, a lifecycle‑based platform that unifies dataset analysis, model validation, and inference testing for AI systems. The tool is aimed at safety‑critical domains such as automotive, helping engineers demonstrate transparency, reliability, and regulatory...
When AI Agents Interact, Risk Can Emerge without Warning
New research from the Fraunhofer Institute shows that interactions among AI agents can generate systemic risks even when each agent follows its own design parameters. The study identifies feedback loops, shared signals, and coordination patterns as mechanisms that produce emergent...
What European Security Teams Are Struggling to Operationalize
Kiteworks’ 2026 forecast reveals European security and compliance teams have robust regulatory policies but weak operational execution. AI‑specific incident response, software‑supply‑chain visibility, third‑party coordination, and compliance automation all lag global averages. Adoption rates for AI anomaly detection, SBOM management, and...