Geek-Guy.com

Category: Compliance

Eon Launches Ransomware Protection for Cloud Databases

As enterprises move critical workloads to managed cloud databases, a growing ransomware recovery gap is emerging across modern cloud infrastructure. Eon is aiming to close that gap with new ransomware protection designed specifically for managed cloud database environments. The new capability expands Eon’s ransomware protection suite and focuses on detecting corruption and restoring trusted data…

Every significant B2B company is becoming a security company

Every platform giant is becoming a security company. As every enterprise is becoming more and more tech-enabled, the responsibility for protecting data, identities, and infrastructure starts to fall on the platforms where that work happens. Over the past several years, I have come to a simple realization: that every platform vendor eventually becomes a security…

Blumira Intros EDR and ITDR Solutions, Joins Pax8 Marketplace

Blumira, a security operations platform, is releasing enhanced endpoint detection and response (EDR) and identity threat detection and response (ITDR) capabilities. The company also recently joined the Pax8 Marketplace to deliver enterprise security operations to MSPs. Stopping threats at speed These newly expanded capabilities will enable security teams on Blumira Respond and Automate editions to…

SailPoint improves visibility and control over unauthorized AI use

SailPoint has announced the launch of SailPoint Shadow AI Remediation, the latest component of its real-time AI governance and security framework. This solution enables organizations to discover, monitor, and secure the use of unauthorized AI tools, known as “shadow AI,” helping to mitigate the security and compliance risks associated with the rapid growth of artificial…

DH2i Enhances SQL Server Resilience Across Hybrid IT

DH2i has released new versions of its clustering and automation software designed to help enterprises maintain SQL Server uptime while modernizing infrastructure across Linux, Windows, and Kubernetes environments. The company announced the general availability of DxEnterprise v26.0 and DxOperator v2, updates that introduce expanded monitoring, automated quorum enforcement, security improvements, and new automation capabilities for…

Imprivata enhances NHS access security with passwordless controls

Imprivata has introduced new capabilities designed to help NHS organisations and UK healthcare providers meet the unique demands of the UK’s evolving compliance, cybersecurity, data protection landscape, including the Cyber Assessment Framework (CAF)-aligned Data Security and Protection Toolkit (DSPT) and Care Identity Service (Spine) Authentication. Imprivata Enterprise Access Management (EAM) offers context-aware passwordless authentication, high-assurance…

Lazarus, AI, and Trust Abuse: Top Enterprise Cybersecurity Risks 2026 

As part of a recent live expert panel, ANY.RUN together with threat researcher and ethical hacker Mauro Eldritch explored biggest security risks companies should be prepared for in 2026.  The discussion covered several relevant cases, from the Lazarus IT Workers operation to the rapid rise of AI-driven phishing attacks, and examined the common thread behind them: trust abuse.  Below are the key takeaways for those seeking a clearer view of…

Nutanix Unveils Nutanix Agentic AI, Full Stack Software Solution to Unlock the Potential of Enterprise AI Factories

COMPANY NEWS:  Designed to deliver performance, compliance, and security for Agentic AI applications and help minimise aggregate token costs Empowers enterprise infrastructure and platform teams to simply build, scale, and operate AI factories Enables developer teams with a rich set of AI PaaS services integrated with NVIDIA AI Enterprise to accelerate deployment of Agentic AI…

ANY.RUN at RootedCON 2026: Meeting Security Teams and Showcasing New Capabilities 

From March 5 to March 7, the ANY.RUN team attended RootedCON 2026 in Madrid and showcase some of our latest capabilities developed for modern SOC environments at the conference expo.  The event provided a great opportunity to meet our existing clients and connect with security teams exploring advanced threat detection solutions.  Meeting the Community and Partners  RootedCON is one of the largest cybersecurity conferences in Europe, bringing together thousands of security researchers, SOC…

What it takes to win that CSO role

CSO and CISO roles are among the hardest to fill in IT. Which should be good news for cybersecurity professionals that aspire to leadership positions as the organization’s top security exec. For those that do, the authority, clout, pay, and benefits are increasing significantly. But so too are the responsibility and accountability placed on cybersecurity…

When insider risk is a wellbeing issue, not just a disciplinary one

Written by Katie Barnett, Director of Cyber Security at Toro Solutions Insider risk is still often framed around intent, with the focus placed on malicious employees, disgruntled contractors, or deliberate misuse of access for personal gain.Those cases exist and they matter, but they are rarely where risk first begins, and they do not reflect how…

MY TAKE: The AI magic is back — whether it endured depends on Amazon’s next moves

I ran an experiment this week that I did not expect to be instructive, and it was. Related: How ChatGPT is becoming Microsoft Office The setup was simple. I had been working through a spontaneous personal essay — about cognitive overload, AI, and the specific anxiety of not knowing whether a memory lapse is a…

Deploy AWS applications and access AWS accounts across multiple Regions with IAM Identity Center

If your organization relies on AWS IAM Identity Center for workforce access, you can now extend that access across multiple AWS Regions with multi-Region replication. Previously, AWS access portal was only available in one Region, when you add an additional Region, users get an active access portal endpoint there. If the primary Region experiences a…

Data mining? Old servers could become new source of rare earths

The retirement of old server equipment from data center facilities could become an opportunity for enterprises to generate revenue, instead of being an often costly recycling expense. Last year Western Digital announced it was experimenting with new ways to extract valuable rare earth elements and metals from obsolete servers from Microsoft’s US data centers, as…

Beyond File Servers: Securing Unstructured Data in the Era of AI

File servers still exist for legacy storage and governance, but most modern workflows now happen in collaboration tools, code platforms, chats, and AI systems. File servers remain, but they are no longer central to operations. They still appear important on paper: legacy project shares with strict permissions, legal drives with structured folders, and network areas…

AI Agent Safety Checklist

As organizations rapidly adopt AI agents to automate workflows, summarize data, and assist decision-making, security and governance teams face a new challenge: how to deploy AI safely without introducing unmanaged risk.  Unlike traditional SaaS tools, AI agents can interpret, generate, and act on data dynamically — often across multiple systems. That makes oversight, scope control,…

How to manage the lifecycle of Amazon Machine Images using AMI Lineage for AWS

As organizations scale their cloud infrastructure, maintaining proper lifecycle management of Amazon Machine Images (AMIs) is a critical component of their security and risk management goals. AMIs provide the essential information required to launch Amazon Elastic Compute Cloud (Amazon EC2) instances, however; they present security and compliance challenges if not tracked and managed throughout their…

Netrio CEO on Building an AI-Powered Services Platform

Managed services provider Netrio is investing heavily in AI to reshape how it delivers IT services to midmarket customers. Through its NetrioNow platform, the company is integrating automation, sentiment analysis, and AI-driven service workflows to streamline support operations and improve customer insights. In a conversation with Channel Insider, CEO Mark Clayman discussed how the platform…

Officials worry Salt Typhoon apathy is killing momentum for tougher telecom security rules

Two years ago, it was revealed that Chinese hackers had compromised at least ten U.S. telecoms, giving them broad access to phone data affecting nearly all Americans. Since then, public officials charged with responding to the campaign and bolstering the nation’s cyber defenses have reported a common problem. Many of their constituents struggle to understand…

Socure Launch enables startups to deploy identity verification and fraud controls

Socure has announced Socure Launch, providing every organization with immediate access to industry tested, pre-built identity and fraud solutions. This marks a new era for Socure, providing startups an enterprise level of identity verification, fraud detection, and compliance decisioning. With Socure Launch, developers can instantly build on Socure’s RiskOS platform and move from account creation…

SurePath AI Announces New MCP Policy Controls

Security and governance platform SurePath AI recently announced MCP Policy Controls to provide real-time controls over which MCP servers and tools are allowed to be used. MCP presents a new attack surface and security challenges These new controls are designed to assist organizations in adopting MCP, ensuring safety, visibility, and safeguards from day one. MCP…

Zscaler enhances data sovereignty controls with regional processing and logging

Zscaler has expanded its data sovereignty capabilities globally, powered by the Zscaler Zero Trust Exchange cloud security platform. For global enterprises, the conflict between protecting data and enabling cross-border collaboration is a major compliance and business challenge to growth. Zscaler already operates 160+ data centers and is present in most countries. Its architecture is based…

MicroStealer Analysis: A Fast-Spreading Infostealer with Limited Detection 

Security teams depend on early signals to spot and contain new threats. But what happens when a fully capable infostealer spreads while traditional detections stay limited?  In recent investigations, ANY.RUN researchers observed MicroStealer in 40+ sandbox sessions in less than a month, despite low public visibility. Early activity points to distribution through compromised or impersonated accounts,…

Wie CISOs schlechte Angebote enttarnen

Drum prüfe… Ground Picture | shutterstock.com Security-Anbietern stehen viele Wege offen, um CISOs und Sicherheitsentscheider mit Lobpreisungen und Angeboten zu ihren jeweils aktuellen Produkten und Lösungen zu penetrieren. Und die nutzen sie auch: Manche Sicherheitsverantwortliche erhalten mehr als 30 solcher Anfragen pro Woche – per Telefon, E-Mail oder auch über LinkedIn. Um erkennen zu können,…

How not to steal $46 million from the US government

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn’t stirred since 2024 – and within minutes, giant woodpecker images are plastered across the internet’s favourite encyclopaedia. Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it – and…

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at…

Fortanix helps enterprises build resilience with multi-sourced quantum entropy

Fortanix announced a new multi-sourced quantum entropy capability within Fortanix Data Security Manager (DSM), enabling enterprises to diversify encryption key generation at the origin of trust. Through partnerships with Qrypt and Quantum Dice, Fortanix integrates independent, physics-based quantum entropy sources directly into its key management workflows, enabling compliance requirements that require multiple entropy sources and…

Cynomi: Third-Party Risk is Untapped MSP Revenue Opportunity

Cynomi has released its latest industry guide, The Rise of Third-Party Risk Management: Securing the Modern Perimeter, offering a practical roadmap for MSPs to formalize, scale, and monetize third-party risk management (TPRM). Scaling third-party risk management According to the guide, TPRM represents the largest untapped recurring revenue opportunity for managed service providers beyond human cyber…

If consequences matter, they should apply to vendors, too

Washington has rediscovered consequences. Just not consistently. The March 6 executive order rests on a simple, correct idea: cyber-enabled fraud persists because it is profitable, scalable, and too often tolerated. So the government’s answer is to raise the cost. More coordination. More disruption. More prosecutions. More diplomatic pressure on the states that shelter these operations.…

Microsoft seeks a stay on DoD’s effective ban on Anthropic offerings

Microsoft is urging a federal court in California to temporarily pause the US Department of Defense’s (DoD) effective ban on Anthropic’s AI offerings, arguing that the government’s “supply chain risk” label could have significant knock-on effects for its own defense technology business. In a filing backing Anthropic’s request for emergency relief, the company said the…

Forescout replaces manual audits with automated, always-on compliance validation

Forescout Technologies has announced Automated Security Controls Assessment, a new Forescout 4D Platform capability that continuously evaluates trust, control effectiveness and compliance posture across an organization’s attack surface. Replacing manual, static and error-prone spreadsheet-driven audits with real-time, automated evidence-based collection and reporting, the Automated Security Controls Assessment feature gives security and governance, risk, and compliance…

Secureframe automates CMMC compliance with secure infrastructure and AI SSPs

Secureframe has launched Secureframe Defense, an end-to-end solution for CMMC certification. It provides secure infrastructure deployment, AI-generated System Security Plans (SSPs), policies, and comprehensive monitoring that Defense Industrial Base (DIB) organizations need to achieve and maintain certification faster, without unnecessary cost or complexity. With CMMC enforcement underway, readiness across the DIB remains critically low. The…

AWS European Sovereign Cloud achieves first compliance milestone: SOC 2 and C5 reports plus seven ISO certifications

In January 2026, we announced the general availability of the AWS European Sovereign Cloud, a new, independent cloud for Europe entirely located within the European Union (EU), and physically and logically separate from all other AWS Regions. The unique approach of the AWS European Sovereign Cloud provides the only fully featured, independently operated sovereign cloud…

The CSO role is evolving fast with AI in Cyber Defense strategy

AI and cybersecurity are proving to be extremely challenging for organisations. AI is a double-edged sword – as used by threat actors and under effectively by security companies to ward off AI-centric threats besides the traditional threats.  Organizations are continuously ramping their cybersecurity skill sets and address a variety of pressing challenges to ensure they…

There’s only one kind of tool security teams should be building with AI

I am not sure what I’ve been doing on social media over the past year (particularly on LinkedIn), but these days my feed is filled with posts of security people who build some very cool tools. There’s so much excitement that with LLMs, anyone can now be a product developer, which means that security teams…

Pre-travel authorisation is the next big audit focus in Australian business travel

GUEST OPINION: For years, corporate travel governance in Australia has followed a familiar and largely unchallenged sequence: employees book trips, incur costs, and submit expense claims, then finance teams check compliance afterwards. That post-trip model worked until now. As travel volumes regain momentum, finance and audit leaders face new pressure to avoid non-compliant spend. The answer is pre-travel authorisation,…

Terra Portal adds human-governed AI to live production pentesting

Terra Security has announced the launch of Terra Portal, its agentic desktop app that serves as an execution layer for pentesters to direct and oversee AI-driven testing in live production environments. Terra Portal reduces the discovery-to-fix cycle for vulnerabilities from the industry average of nearly three months to a matter of hours without sacrificing safety…

The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix

When I first secured a production line, part of the control system was still running on an unpatched Windows XP machine tucked under a lab table — right next to the state-of-the-art GMP manufacturing setup that produced millions in value every day. Everyone knew that the system was a risk, but no one was willing…

I replaced manual pen tests with automation. Here’s what I learned.

More accreditation and compliance requirements have been added in response to cyber incidents. While these frameworks play an important role in establishing security baselines, true security is more than just achieving a perfect compliance score. As I often say, “policies and procedures won’t stop an attacker, they’ll just have more documents to exfiltrate when they…

OneTrust expands AI governance with real-time monitoring and guardrail enforcement

OneTrust has announced the expansion of its solution to include real‑time monitoring and enforcement capabilities across agents, models, and data. Designed for data, risk, and AI teams, these enhancements empower organizations to shift AI governance from static compliance workflows to a continuous control plane. “As AI becomes more embedded across the enterprise, organizations need governance…

Slide Announces $70M Series B Round & EMEA Expansion

Slide, a business continuity and disaster recovery (BCDR) platform designed exclusively for managed services providers (MSPs), announced Tuesday it has raised $70 million in Series B funding as the company accelerates product development and expands internationally. The round was led by venture capital firm General Catalyst, with participation from Base10, Outsiders Fund, futurepresent, Vine Ventures,…

When AI safety constrains defenders more than attackers

Security teams are being urged to adopt AI copilots for threat modeling, phishing simulations, and SOC workflows. Yet many of the most widely deployed, enterprise-approved AI systems struggle to support realistic defensive scenarios once prompts resemble real-world attack behavior. This is not because such activity is inherently malicious, but because mainstream AI safety models are…

Airbus CSO on supply chain blind spots, space threats, and the limits of AI red-teaming

Pascal Andrei, CSO at Airbus, knows that the aerospace and defense sector is facing a threat environment that is evolving faster than most organizations can track. From sub-tier suppliers quietly becoming entry points for state-backed attackers, to satellites emerging as targets in an increasingly contested space domain, the risks are real and growing. In this…

OpenAI to acquire AI security platform Promptfoo

OpenAI are acquiring Promptfoo, an AI security platform that helps enterprises identify and remediate vulnerabilities in AI systems during development. Once the acquisition is finalized, OpenAI will integrate Promptfoo’s technology directly into OpenAI Frontier, their platform for building and operating AI coworkers. As enterprises deploy AI coworkers into real workflows, evaluation, security, and compliance become…

Datadog Intros MCP Server for Secure AI Observability

Datadog, Inc., a provider of observability and security services for cloud applications, has announced that its MCP Server is now generally available.  The Datadog MCP Server provides access to live observability data, enabling teams to debug using their preferred AI coding agents or an Integrated Development Environment, with real-time telemetry, and take action within established…

Why MSPs Should Focus on Managed Patch Management in 2026

In 2026, patch management is more critical than ever as organizations face a rapidly evolving threat environment. AI-driven attacks have increased both the volume and sophistication of exploits, making vulnerabilities easier and faster for threat actors to weaponize.  As a result, MSPs and internal IT teams alike must implement effective patch management strategies to keep…

4 ways to prepare your SOC for agentic AI

a way to automate alert triage, threat investigation and eventually higher-level functions. According to IDC, agentic AI is on track to become mainstream infrastructure. The analyst firm expects 45% of organizations to have autonomous agents operating at scale across critical business functions by 2030. In enterprise SOCs, AI is already reshaping functions like alert triage,…

AI Is Moving Faster Than Security Controls

AI is entering organisations faster than the security controls designed to govern it. Artificial intelligence is rapidly becoming embedded across organisations. AI assistants are now writing code, summarising documents, analysing data, and supporting operational decisions. What began as experimentation is quickly becoming operational dependency. For security teams, the challenge is not simply adopting AI. The…

Reading White House President Trump’s Cyber Strategy for America (March 2026)

White House released President Trump’s Cyber Strategy for America, framing cyberspace as a strategic domain to project power and counter growing cyber threats The White House has released “President Trump’s Cyber Strategy for America,” a document that outlines how the United States intends to maintain dominance in cyberspace and confront an increasingly hostile digital landscape.…

Nutanix Enterprise Cloud Index: AI Drives Container Adoption

Nutanix, a hybrid multicloud computing company, has published the findings of its eighth annual Enterprise Cloud Index (ECI) survey and research report. The report looked at the challenges IT executives face as they navigate the rapid growth of AI use and the increasing need for application and infrastructure modernization in the enterprise. Scaling AI confidently…

Channel M&A Roundup: February 2026 Consolidation Trends

During the month of February, the channel witnessed several key acquisitions and a couple of mergers aimed at increasing revenue and supporting partners. Among the moves are acquisitions by 11:11 Systems, Scale Computing, and Proofpoint, which continue to pursue strategic acquisitions to grow their businesses and expand their services. Proofpoint acquires Acuvity Cybersecurity and compliance…

UK lawmakers back licensing‑first approach, adding pressure to global AI copyright standards

AI developers must obtain licenses for copyrighted material before using it to train models, a committee of the House of Lords, the UK Parliament’s upper chamber, said Thursday. The committee called the approach “licensing-first,” meaning no training on protected works without prior permission and payment, regardless of how the material is sourced. The committee has…

Challenges and projects for the CISO in 2026

Sophisticated attacks and the incorporation of AI tools, talent shortages, and tight budgets are some of the challenges commonly cited when it comes to managing cybersecurity in organizations. In a changing environment, the key is no longer to stay one step ahead, but to maintain a resilient infrastructure that ensures a rapid response when —…

AWS completes the 2026 annual Dubai Electronic Security Centre (DESC) certification audit

We’re excited to announce that Amazon Web Services (AWS) has completed the annual Dubai Electronic Security Centre (DESC) certification audit to operate as a Tier 1 Cloud Service Provider (CSP) for the AWS Middle East (UAE) Region. This alignment with DESC requirements demonstrates our continued commitment to adhere to the heightened expectations for CSPs. Government…

Anthropic seeks to renegotiate its AI deal with US DoD, says report

Anthropic is attempting to renegotiate the terms of its AI contract with the US Department of Defense (DoD). CEO Dario Amodei has been in meetings with Emil Michael, the US under-secretary of defense for research and engineering, to iron out contractual disagreements that led the DoD to mark Anthropic as a supply-chain risk, the Financial…

Codenotary Trust delivers autonomous AI security for Linux and Kubernetes

Codenotary has announced Codenotary Trust, a unified SaaS platform that uses AI to instantly detect, prioritize, and autonomously fix security, configuration, and performance issues, while also providing rollback capabilities. Importantly, the product is designed with the talent shortage in mind so that expert-level security management is made accessible to junior and mid-level administrators. Codenotary helps…

IRONSCALES Unveils AI Agents to Tackle ‘Phishing 3.0’

A new wave of phishing attacks is forcing security teams to rethink their defenses, and IRONSCALES believes AI agents are the answer. The Atlanta-based email security firm this week unveiled its Winter 2026 Release, introducing three specialized AI agents designed to help organizations counter what it calls “Phishing 3.0,” a new generation of AI-powered impersonation…

SIEM vs Log Management: Observability, Telemetry, and Detection

Security teams are no longer short on data. They are drowning in it. Cloud control plane logs, endpoint telemetry, identity events, SaaS audit trails, application logs, and network signals keep expanding, while the SOC is still expected to deliver faster detection and cleaner investigations. That is why SIEM vs log management is not just a…

How a cybersecurity boss framed his own employee

When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker… who promptly sent an innocent colleague into a career-ending ambush. In this episode, we unravel the jaw-dropping tale of a defence contractor caught selling…

2025 ISO and CSA STAR certificates are now available with one additional service and one new region

Amazon Web Services (AWS) successfully completed the annual recertification audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. The objective of the audit was to enable AWS to expand their ISO and CSA STAR certifications to include one new AWS…

Google Workspace vs. Microsoft 365: What’s the best office suite for business?

Once upon a time, Microsoft Office ruled the business world. By the late ’90s and early 2000s, Microsoft’s office suite had brushed aside rivals such as WordPerfect Office and Lotus SmartSuite, and there was no competition on the horizon. Then in 2006 Google came along with Google Docs & Spreadsheets, a collaborative online word processing and…

Radware Announces Another DDoS Industry First – Encrypted Attack Blocking Without SSL Decryption

COMPANY NEWS:  Radware (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today announced the availability of its Web DDoS Protection for Encrypted Traffic as a cloud-based service that does not require SSL certificate sharing or traffic decryption. With this release, Radware believes it is the only security provider to…

Major Cyber Attacks in February 2026: BQTLock, Thread-Hijack Phishing, and MFA Bypass Evolution

February 2026 brought a surge of sophisticated cyber threats targeting businesses across industries. ANY.RUN’s analysts exposed and explored several major cyber threats this month, providing early visibility into emerging malware families and evolving attack techniques.  From new ransomware strains capable of encrypting entire environments in minutes, to fully undetected remote access trojans — the threat…

U.S. CISA adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2026-22719 (CVSS…

How to know you’re a real-deal CSO — and whether that job opening truly seeks one

Recruiters of senior-level IT professionals often say that a truly skilled and experienced CSO is among the hardest of all IT roles to fill. The reason is due to the increased responsibility placed on these key employees, who are often part of the C-suite and may even report directly to the CEO. Unfortunately, this can…

2025 FINMA ISAE 3000 Type II attestation report available with 183 services in scope

Amazon Web Services (AWS) is pleased to announce the issuance of the Swiss Financial Market Supervisory Authority (FINMA) Type II attestation report with 183 services in scope. The Swiss Financial Market Supervisory Authority (FINMA) has published several requirements and guidelines about engaging with outsourced services for the regulated financial services customers in Switzerland. An independent…

2025 PiTuKri ISAE 3000 Type II attestation report available with 183 services in scope

Amazon Web Services (AWS) is pleased to announce the issuance of the Criteria to Assess the Information Security of Cloud Services (PiTuKri) Type II attestation report with 183 services in scope. The Finnish Transport and Communications Agency (Traficom) Cyber Security Centre published PiTuKri, which consists of 52 criteria that provide guidance across 11 domains for…

$5M Microsoft Activation Key Fraud Ends in Prison Term

A Florida woman has been sentenced to 22 months in federal prison for running a years-long scheme that trafficked thousands of illicit Microsoft software activation keys.  Heidi Richards, who operated Trinity Software Distribution, was also ordered to pay a $50,000 fine after pleading guilty to charges tied to the resale of Microsoft Certificate of Authenticity…

Anthropic won’t kill cyber, but it will kill some companies

Over the past several weeks, social media has been exploding with predictions that “cyber is dead”. It doesn’t take much insight to jump on that bandwagon, as Anthropic’s announcement of Claude Code Security indeed sent the cybersecurity public market into turmoil, with some companies losing as much as 20% of their market cap. Contrary to…

Josys centralizes identity data to replace manual IT oversight with automated governance

Josys has transitioned into an autonomous identity governance platform, expanding beyond traditional SaaS management. The enhanced platform empowers IT leaders and managed service providers (MSPs) to scale governance and compliance efforts by centralizing identity data within a single, AI-driven system. With Verizon reporting that 80% of hacking breaches stem from compromised credentials, identity is the…

Climb Global Execs on European Expansion, Acquisition Efforts

Climb Global Solutions has acquired Greece-based cloud distributor interworks.cloud for approximately €8.0 million ($9.4 million), expanding its cloud distribution footprint in Southeastern Europe and deepening its position in the Microsoft Cloud Solution Provider (CSP) ecosystem. The transaction, announced Feb. 24, brings more than 600 cloud reseller and MSP relationships into Climb’s European channel portfolio, along…

Cybersecurity jobs available right now: March 3, 2026

AI & Data Security Expert Ferrero | Italy | Hybrid – View job details As an AI & Data Security Expert, you will define and maintain security controls for AI solutions, ensuring compliance with evolving threats and regulations. You will advise on data protection, tool selection, and access controls, strengthen AI evaluation frameworks, and drive…

Operator of AI Fake ID Platform Pleads Guilty

An artificial intelligence-powered website that churned out thousands of fake passports and driver’s licenses has landed its alleged operator in federal court.  Yurii Nazarenko, a 27-year-old Ukrainian national, pleaded guilty to running OnlyFake, a subscription-based platform that generated more than 10,000 counterfeit identification documents for customers worldwide. “OnlyFake’s manufacture of fraudulent IDs and other documents…

A scorecard for cyber and risk culture

Have you once watched a leadership team clap for their “security culture month” like they’d landed a rover? Posters everywhere. Quizzes. A prize draw. Someone baked cupcakes with padlocks iced on top. Cute. Two weeks later, a product manager asked an engineer to “just share the admin credentials for an hour” because the vendor demo…

Kiteworks VP: Sovereignty Gap Fuels Channel Growth

David Byrnes is the vice president of global channels at Kiteworks, where he works at the intersection of data sovereignty, channel strategy, and cross-border compliance.  The company recently shared findings from its 2026 Data Sovereignty report, showing where gaps remain for Canadian firms and how channel partners can meet those needs while expanding their own…

MY TAKE: The Pentagon punished Anthropic for red lines it accepted from OpenAI hours later

KINGSTON, Wash. — On Friday afternoon, President Trump ordered every federal agency to stop using Anthropic’s AI technology. Defense Secretary Pete Hegseth followed by designating the company a “supply-chain risk to national security,” a label the government typically reserves for companies like Huawei. Related: Claude’s memory vs. ChatGpt’s Anthropic’s offense: refusing to remove contract provisions…

OpenAI launches stateful AI on AWS, signaling a control plane power shift

Stateless AI, in which a model offers one-off answers without context from previous sessions, can be helpful in the short-term but lacking for more complex, multi-step scenarios. To overcome these limitations, OpenAI is introducing what it is calling, naturally, “stateful AI.” The company has announced that it will soon offer a stateful runtime environment in…

Kiteworks Flags Canada Sovereignty Compliance Gaps

Kiteworks’ newly released “2026 Data Security and Compliance Risk: Data Sovereignty Report” finds that Canadian organisations report the lowest sovereignty incident rate among surveyed regions — yet channel leaders warn that the risk environment is intensifying, not stabilizing. The cross-regional survey of 286 security, compliance, and IT professionals across Canada, Europe, and the Middle East…

Zero-Days, Data Breaches, and AI Risks Define This Week’s Cybersecurity Landscape

Major Threats & Vulnerabilities Zero-Day Exploits and Critical CVEs Cisco SD-WAN Zero-Day Grants Root Access has been actively exploited since 2023, allowing attackers to bypass authentication and gain root privileges. Cisco urges administrators to patch immediately, secure management planes, and monitor for rogue peers. ServiceNow AI Platform Vulnerability could allow unauthenticated remote code execution through…

One of the ‘most influential cybersecurity’ roles will pay under $175,000

A recent job ad  is causing plenty of head-shaking, suggesting that some government high-ups  appear to be out of touch with the current state of the cybersecurity job market. There is plenty of evidence that the world needs cybersecurity talent. According to a recent ISC2 survey, 33% of organizations cannot staff their security teams adequately…

Why application security must start at the load balancer

For a long time, I thought of the load balancer as a performance device. Its job was to distribute traffic, improve uptime, and make applications feel fast. Security was something that happened elsewhere, on firewalls, inside WAFs or deep in the application code. That perspective changed early in my consulting career. I worked with a…

How AI Aids Incident Response: Why Humans Alone Cannot Do IR Efficiently

AI accelerates incident response by correlating alerts and generating reports in minutes, helping teams scale beyond manual limits. Incident response has always been a race against the clock. It starts ticking the moment an alert is triggered, and each minute thereafter can lead to lost revenue, regulatory exposure, reputational damage, or customer churn. Traditionally, incident…

Versa introduces cloud-based sovereign solution for enterprises of all sizes

Versa released Sovereign SASE-as-a-Service, a cloud-delivered SaaS offering in which the data, control, and management planes operate entirely within a region’s legal jurisdiction. Digital sovereignty has moved from a compliance consideration to a board-level decision. Across Europe and other regions, governments are asserting stronger authority over data residency and protection. The European Union’s GDPR, NIS2,…

New infosec products of the month: February 2026

Here’s a look at the most interesting products from the past month, featuring releases from Aikido Security, Avast, Armis, Black Duck, Compliance Scorecard, Fingerprint, Gremlin, Impart Security, Portnox, Redpanda, Socure, SpecterOps, Veza, and Virtana. Gremlin launches Disaster Recovery Testing for zone, region, and datacenter failovers Gremlin, the proactive reliability platform, launched Disaster Recovery Testing: a…

Europe forces a search reset: Google experiments with fairer rankings

Google continues to find itself in hot water over its alleged antitrust tactics and monopolization of certain market segments. Now its parent company, Alphabet, seems to be ceding to EU scrutiny of its search practices.  The company will reportedly begin testing changes to its search engine results in the EU to more fairly represent vertical…

AWS successfully completed its first surveillance audit for ISO 42001:2023 with no findings

In November 2024, Amazon Web Services (AWS) was the first major cloud service provider to announce the ISO/IEC 42001 accredited certification for AI services, covering: Amazon Bedrock, Amazon Q Business, Amazon Textract, and Amazon Transcribe. In November 2025, AWS successfully completed its first surveillance audit for ISO 42001:2023, Artificial Intelligence Management System with no findings.…

Nearly 38 Million Impacted in ManoMano Third-Party Breach

European online DIY giant ManoMano is notifying roughly 38 million customers after threat actors compromised a third-party customer service provider, exposing personal data tied to user accounts and support interactions.  The incident, discovered in January 2026, underscores the persistent risk posed by supply chain and vendor-based breaches. “We can confirm that ManoMano has recently notified…

GitLab Expands MSP Program for AI-Driven DevSecOps

GitLab is expanding its managed services strategy with a new MSP partner program designed to help providers deliver agentic AI capabilities across the full software development lifecycle while addressing enterprise data sovereignty and compliance requirements. GitLab targets enterprise demand for agentic AI across the software lifecycle Enterprises are accelerating AI adoption but often encounter bottlenecks…