Geek-Guy.com

Category: Compliance

NATO approves iPhone and iPad to handle classified info

In an impressive and unique industry first that reflects the work Apple has done on mobile device security since the first iPhone arrived almost 20 years ago, the North Atlantic Treaty Organization (NATO) says iPhones and iPads running iOS 26 are secure enough to handle classified information in NATO-restricted environments — pretty much out-of-the-box. That’s going…

APCON IntellaStore IV analyzes network traffic characteristics for further processing

Deploying the IntellaStore IV Network Security Appliance from APCON means easy installation, dedicated network packet capture, and a seamless workflow from traffic of interest to security and compliance tools. The release of APCON’s IntellaStore IV empowers network security engineers, business owners, office managers, and others to conveniently address network visibility (filtering, port tagging, etc.) as…

News alert: One Identity fills CFO-COO role to strengthen operating discipline amid expansion

ALISA VIEJO, Calif., Feb. 25, 2026, CyberNewswire—One Identity, a trusted leader in identity security, today announced the appointment of Michael Henricks as Chief Financial and Operating Officer. This decision reflects the continued growth of the business and a focus on aligning financial leadership with operational objectives as One Identity scales. “As One Identity accelerates its growth, the addition of a Chief Financial and Operating Officer will strengthen how we plan, operate, and invest…

12.4 Million Accounts Exposed in CarGurus Leak

Millions of CarGurus users may have had their personal and financial data exposed after a notorious threat actor group published a massive dataset allegedly stolen from the automotive marketplace.  Attributed to the ShinyHunters extortion group, the leak includes 12.4 million records with about 70% of those being new data. “The ShinyHunters extortion group has published…

FormAssembly Expands Partner Program for Regulated Industries

FormAssembly, an enterprise data collection and automation provider, has launched its enhanced Partner Program to accelerate growth and expand business opportunities for its partners.  Meeting the demand for secure, automated workflows According to FormAssembly, the program provides partners with specialized tools and resources to serve organizations operating in highly regulated industries. This includes firms in…

Structured Launching Partner Marketing Execution Platform

Structured is announcing the debut of its AI-native Partner Marketing Execution Platform (PMEP), built to help enterprises activate and scale partner ecosystems. Mult-agent PMEP promises to accelerate channel revenue With this platform, Structured aims to remove the friction that has slowed partner marketing, which traditionally has relied on partners logging into portals, searching content libraries,…

Beachhead Solutions Unveils ComplianceEZ 2.0 for MSPs

Beachhead Solutions has launched ComplianceEZ 2.0, a major update to its compliance management tool built into the BeachheadSecure for MSPs platform.  The company says the new version moves beyond simple documentation and delivers full lifecycle management of cybersecurity compliance, with AI-driven guidance included at no extra cost. Beachhead positions ComplianceEZ 2.0 as MSP-focused GRC alternative…

A Practical Guide to Microsoft Copilot for MSPs

If you’re an MSP considering adding Microsoft Copilot to your portfolio in 2026, it’s worth being deliberate about how you package and position it for clients. For many organizations, pitching AI as a novel “productivity booster” is no longer enough.  Customers increasingly expect the conversation to shift from experimentation to execution, anchored in defined use…

Anthropic targets core business systems with new Claude plug-ins

Anthropic is expanding its push into the enterprise market with a new set of “coworker” plug-ins designed to embed its Claude AI directly into tools used by investment bankers, HR teams, and engineers, signaling a shift from standalone assistants toward AI agents that operate inside core business workflows. In a blog post, the company said…

News alert: Sendmarc highlights impact of DMARC update on evolving email security standards

WILMINGTON, Del., Feb. 24, 2026, CyberNewswire — Sendmarc has released a new fireside chat featuring Todd Herr, Principal Solutions Architect at GreenArrow Email and co-editor of DMARCbis, on the upcoming update to DMARC (Domain-based Message Authentication, Reporting, and Conformance). Led by Dan Levinson of Sendmarc, the fireside chat explains how the protocol is progressing through the IETF (Internet Engineering Task Force) standards…

What Is a Security Data Pipeline Platform: Key Benefits for Modern SOC

Security teams are drowning in telemetry: cloud logs, endpoint events, SaaS audit trails, identity signals, and network data. Yet many programs still push everything into a SIEM, hoping detections will sort it out later. The problem is that “more data in the SIEM” doesn’t automatically translate into better detection. It often translates into chaos. Many…

VMware Aria Operations flaws could enable remote attacks

Broadcom patched multiple VMware Aria Operations flaws, including high-severity issues that could enable remote code execution. Broadcom has released security updates to address multiple vulnerabilities affecting VMware Aria Operations. VMware Aria Operations is an IT operations management platform that helps organizations monitor and optimize virtual, cloud, and hybrid environments. It provides performance monitoring, capacity planning,…

Druva expands DruAI with autonomous agents for forensics and compliance

Druva announced a major expansion of DruAI, adding Deep Analysis Agents that automate complex multi-day forensic and compliance investigations. IT and security teams spend too much time not just fixing problems, but proving what happened and why across incident response, forensics, audits, and operational reviews. Much of that effort goes into manual correlation and report…

Zero Networks Goes 100% Channel, Boosts MSP Growth

Zero Networks is doubling down on the IT channel, announcing a full transition to a 100% channel-first go-to-market strategy alongside a significant expansion of its global partner ecosystem. The zero-trust security vendor said the move comes as demand grows for identity-driven containment designed to limit lateral movement and reduce the blast radius during cyberattacks—an increasingly…

All Covered Launches Managed Vulnerability Service

All Covered, a division of Konica Minolta and a managed IT and managed security services provider, has launched a vulnerability remediation service designed to help organizations continuously identify, prioritize, and remediate security vulnerabilities before they can be exploited. Announced Feb. 24, the offering responds to growing demand from organizations, particularly in regulated industries such as…

Anthropic alleges large-scale distillation campaigns targeting Claude

Anthropic has accused three Chinese AI developers of running large-scale campaigns to illicitly extract capabilities from its Claude model to improve their own systems. The company claims DeepSeek, Moonshot, and MiniMax used a distillation technique, where a less capable model is trained on the outputs of a more advanced one. More than 16 million interactions…

Pure Storage Rebrands to Everpure with M&A, Partner News

Pure Storage has announced it will rebrand as Everpure, representing an evolution in data management for the organization. The newly named company also announced a recent acquisition and updates to its partner program. New identity, evolved mission: inside the Everpure roll-out Everpure’s strategy addresses two challenges enterprises face and enables customers to create their own…

Pure Storage Rebrands to Everpure with M&A, Partner News

Pure Storage has announced it will rebrand as Everpure, representing an evolution in data management for the organization. The newly named company also announced a recent acquisition and updates to its partner program. New identity, evolved mission: inside the Everpure roll-out Everpure’s strategy addresses two challenges enterprises face and enables customers to create their own…

Ensuring legal compliance with Digital Paystub generation systems for multinational organisations

GUEST OPINION: As businesses expand across borders and adopt remote or hybrid work models, payroll management has become more complex than ever. Multinational organisations must navigate a patchwork of regional tax laws, labour regulations, and reporting standards while still delivering accurate and timely employee compensation. Digital paystub generation systems have emerged as a practical solution,…

AI-augmented threat actor accesses FortiGate devices at scale

Commercial AI services are enabling even unsophisticated threat actors to conduct cyberattacks at scale—a trend Amazon Threat Intelligence has been tracking closely. A recent investigation illustrates this shift: Amazon Threat Intelligence observed a Russian-speaking financially motivated threat actor leveraging multiple commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries…

Microsoft 365 Copilot Bug Circumvented DLP Controls

Microsoft has confirmed a bug in Microsoft 365 Copilot Chat that allowed the AI assistant to summarize emails labeled as confidential, even when sensitivity labels and data loss prevention (DLP) policies were in place.  The issue, first identified on Jan. 21, 2026 and tracked internally as CW1226324, impacted Copilot’s “work tab” chat feature. “Without proper…

AI FOMO: How Pressure to Adopt AI is Outpacing Understanding

AI – or large language models (LLMs) – is introducing new attack surfaces, despite the new capabilities that the technology promises.  The new threats it is introducing, including prompt injection, deepfakes, and alignment risks, are huge security concerns at a strategic level. AI FOMO is driving enterprise adoption before risk mitigation At the Genetec Global…

Apple’s enterprise partners evolve their channel approach

Enterprise tech markets are complex, not just because of technology but also because every business has different needs, strategies, compliance requirements, and customers. The diversity means that when it comes to tech deployment, channel resellers play an important role in tech purchasing. The role of channel resellers “We’re seeing tremendous momentum around Mac in the…

Security Compass brings policy-driven security and compliance to agentic AI development

Security Compass released SD Elements for Agentic AI Workflow, enabling organizations to stay in control of security and compliance as AI becomes part of software development. AI agents introduce an unprecedented opportunity to accelerate the velocity of software development, but concerns about security and compliance are holding back adoption in regulated industries. Emerging laws like…

PayPal launches latest struggle to get rid of SMS for MFA

When PayPal started emailing customers this month that it was backing off unencrypted SMS for multifactor authentication (MFA) at login, it came with the typical approach-avoidance asterisk. The financial services giant signaled that it was turning the page on the much-maligned authentication method while simultaneously offering no timeline and assuring customers SMS wouldn’t entirely go…

Applying green energy tax policies to improve cybersecurity

For years, governments have focused only on the stick of compliance when they could leverage the carrot of tax incentives. Theoretically, compliance fines and penalties should act as a deterrent that improves accountability and reduces data breaches. However, many vendors often assume compliance risk rather than securing data effectively. For example, Meta has been the…

New infosec products of the week: February 20, 2026

Here’s a look at the most interesting products from the past week, featuring releases from Compliance Scorecard, Impart Security, Redpanda, and Virtana. Impart enables safe, in-app enforcement against AI-powered bots Impart Security has launched Programmable Bot Protection, a runtime approach to bot defense that brings detection and enforcement together within the application. Impart makes enforcement…

AI Governance Becomes Critical as Agentic AI Moves Into Production

As agentic AI systems shift from pilot projects to real-world deployment, governance is quickly becoming a board-level concern.  Unlike traditional AI models that generate content, agentic systems can autonomously invoke tools, access enterprise data and execute actions across business systems — fundamentally changing the risk equation. “As agentic AI moves from experimentation into real-world deployment,…

better-auth Flaw Allows Unauthenticated API Key Creation

A vulnerability in the better-auth library could allow attackers to take over user accounts without ever logging in.  The flaw affects the library’s API keys plugin and enables unauthenticated attackers to mint privileged API keys for arbitrary users. Exploitation of the vulnerability grants “… full authenticated access as the targeted user and, depending on the…

Keeping Google Play & Android app ecosystems safe in 2025

Posted by Vijaya Kaza, VP and GM, App & Ecosystem Trust The Android ecosystem is a thriving global community built on trust, giving billions of users the confidence to download the latest apps. In order to maintain that trust, we’re focused on ensuring that apps do not cause real-world harm, such as malware, financial fraud,…

News alert: Link11’s ‘AI Management Dashboard’ makes AI traffic, AI access policies enforceable

FRANKFURT, Feb. 19, 2026, CyberNewswire — Link11 launches its new “AI Management Dashboard”, closing a critical gap in how companies manage AI traffic. Artificial intelligence is fundamentally changing internet traffic. But while many companies are already feeling the strain of AI crawlers on their infrastructures, they often lack clarity, reliable data, and operational control. With…

Irish regulator probes X after Grok allegedly generated sexual images of children

Ireland’s Data Protection Commission opened a probe into X over Grok AI tool allegedly generating sexual images, including of children. Ireland’s Data Protection Commission has launched another investigation into X over Grok’s AI image generator. The probe focuses on reports that the tool created large volumes of non-consensual and sexualized images, including content involving children,…

Cybersicherheit braucht Reife und keine Checklisten

Wenn CISOs stärkere Programme, bessere Widerstandsfähigkeit und eine sicherere Zukunft wollen, müssen sie ihren Ansatz weiterentwickeln. Overearth – shutterstock.com Cybersicherheit wird oft wie ein Spiel behandelt. Unternehmen jagen schnellen Erfolgen hinterher, haken Compliance-Listen ab oder klopfen sich nach einem einzigen erfolgreichen Audit selbst auf die Schulter. Auf dem Papier mag das produktiv aussehen, aber in…

Compliance Scorecard v10 delivers context-driven AI for explainable compliance decisions

Compliance Scorecard announced the release of v10, introducing governed, audit-ready AI designed to support defensible compliance decision-making for managed service providers (MSPs). Compliance Scorecard v10 applies AI only within a structured system of validated context and controls. The platform is built on a simple premise: AI can only be trusted in compliance if the required…

From in-house CISO to consultant. What you need to know before making the leap

For Nikoloz Kokhreidze, the move into cybersecurity consulting came gradually through a series of small steps. “I accumulated enough experience across different industries, I started my newsletter, and I realized there’s a community of people interested in what I have to say,” he explains. What ultimately crystallized the decision was the thought that his impact…

Face off: Meta’s Glasses and America’s internet kill switch

Could America turn off Europe’s internet? That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech sovereignty. Could Gmail, cloud services, and critical infrastructure really become geopolitical leverage? And is anyone actually building a Plan B? Plus we explore if Meta is quietly plotting to turn its…

Opkey Debuts Design Studio Suite of Agentic AI Capabilities

Opkey, an agentic AI-native platform for cloud application lifecycle management, is launching the Opkey Design Studio to shorten enterprise application implementation timelines. Agentic AI tools automate application implementation to drive SIs forward The Opkey Design Studio is a suite of agentic AI capabilities that extend the company’s platform to automate and standardize enterprise application implementation…

One Process, Every Metric: How Better Alert Enrichment Transforms SOC Performance

Every security alert represents a decision point. Act too slowly, and a threat becomes a breach. Act without context, and analysts drown in noise. At the center of both failure modes is a single, often underestimated process: alert enrichment.  Key Takeaways Alert enrichment is the operational multiplier. Its quality determines the effectiveness of every other SOC investment — detection tools, SIEM…

ArmorText Debuts Sovereign Edition for Operational Resilience

ArmorText, an organization dedicated to safeguarding communication globally for organizations, has debuted ArmorText Sovereign Edition. ArmorText Sovereign Edition built to support collaboration as geopolitical security risks rise This new solution enables deployment of globally reachable, multi-tenant secure communications hosted entirely on local infrastructure to ensure communication continuity even when connectivity is disrupted. The Edition addresses…

ArmorText Debuts Sovereign Edition for Operational Resilience

ArmorText, an organization dedicated to safeguarding communication globally for organizations, has debuted ArmorText Sovereign Edition. ArmorText Sovereign Edition built to support collaboration as geopolitical security risks rise This new solution enables deployment of globally reachable, multi-tenant secure communications hosted entirely on local infrastructure to ensure communication continuity even when connectivity is disrupted. The Edition addresses…

CVE-2026-22769: Critical Dell RecoveryPoint Zero-Day Exploited in the Wild

SOC Prime has recently covered a wave of actively exploited zero-days across major ecosystems, including Apple’s CVE-2026-20700 and Microsoft’s CVE-2026-20805, alongside a fresh Chrome zero-day case. But the avalanche of threats keeps marching into 2026. Recently, researchers from Mandiant and Google Threat Intelligence Group (GTIG) detailed the active exploitation of CVE-2026-22769, a maximum-severity hardcoded-credential vulnerability…

Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability

In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and compliance. In 2026, the seas are no longer calm between storms. Cybersecurity now unfolds in a state of continuous atmospheric instability: AI-driven threats that adapt in…

The new paradigm for raising up secure software engineers

CISOs were already struggling to help developers keep up with secure code principles at the speed of DevOps. Now, with AI-assisted development reshaping how code gets written and shipped, the challenge is rapidly intensifying. Whereas only about 14% of enterprise software engineers regularly used AI coding assistants two years ago, that number is on its…

13 Fragen gegen Drittanbieterrisiken

Drum prüfe… Miljan Zivkovic | shutterstock.com Die zunehmende Abhängigkeit von IT-Dienstleistern und Software von Drittanbietern vergrößert die Angriffsfläche von Unternehmen erheblich. Das wird auch durch zahlreiche Cyberattacken immer wieder unterstrichen. Zwar lassen sich die Risiken in Zusammenhang mit Third-Party-Anbietern nicht gänzlich beseitigen, aber durchaus reduzieren. Dabei sollten Sicherheitsentscheider eine zentrale Rolle spielen, wie Randy Gross,…

CVE-2026-25903 Impacts Apache NiFi Users

A vulnerability has been disclosed that potentially impacts organizations using Apache NiFi to manage data pipelines. The issue could allow lower-privileged users to modify restricted components within a data flow due to missing authorization checks. “The missing authorization requires a more privileged user to add a restricted component to the flow configuration, but permits a…

Pentagon Weighs Axing $200M Anthropic Deal in Moral Standoff Over AI Safeguards

Here’s a sentence you don’t hear every day: the US military is threatening to punish an AI company for being too ethical. Axios reported that Defense Secretary Pete Hegseth is “close” to cutting ties with Anthropic and designating it a “supply chain risk,” a label normally reserved for foreign adversaries like Chinese tech firms. The…

RSA mafia continues to shape the industry 44 years later

Although, as a startup founder now, I don’t get much (any?) time to look at parts of the industry unrelated to what I am building, I would still consider myself to be pretty plugged into the cybersecurity ecosystem. I have a good idea what is being discussed, what people pay attention to, and what questions…

ManageEngine adds causal and autonomous AI to Site24x7 to cut MTTR

ManageEngine has added new causal intelligence and autonomous AI capabilities in Site24x7, its full-stack observability platform. These enhancements transform how enterprises handle outages, shifting from firefighting to autonomous resilience. By reducing mean time to recovery (MTTR) and ensuring service-level agreement (SLA) compliance, Site24x7 helps IT teams safeguard the customer experience and retain trust. IT environments…

Cynomi Expands EU NIS 2, AI Governance for MSPs

Cynomi is expanding its regulatory governance capabilities across the UK and European Union, adding new NIS 2 support for Croatia and Belgium while positioning its platform to help MSPs scale fractional CISO and AI governance services amid tightening compliance mandates. Regulatory pressure drives demand for fractional CISO services As regulatory pressure intensifies across critical infrastructure…

Alibaba’s Qwen3.5 targets enterprise agent workflows with expanded multimodal support

Alibaba has unveiled Qwen3.5, a new multimodal AI model that the company says is intended to serve as a foundation for digital agents capable of advanced reasoning and tool use across applications. The release reflects the ongoing shift from standalone chatbot deployments toward AI systems that can execute multi-step workflows and operate with minimal human…

Citizen Lab links Cellebrite to the hacking of a Kenyan presidential candidate’s phone

Researchers have found forensic evidence suggesting that Kenyan authorities used Cellebrite’s phone-cracking technology on the device of a prominent human rights activist after arresting him, according to a report published Tuesday. The University of Toronto’s Citizen Lab said the intrusion is a sign of growing abuse of Cellebrite’s technology. According to the report, after his…

Proofpoint Launches Revamped Global Partner Network

Proofpoint, Inc., a cybersecurity and compliance provider, has unveiled the Proofpoint Partner Network, an enhanced global partner program designed to help partners grow faster, strengthen margins, and deliver greater value to customers as cyber threats increasingly target people, data, and AI-driven workflows. Proofpoint aligns new partner network with channel growth According to Proofpoint, the new…

With CISOs stretched thin, re-envisioning enterprise risk may be the only fix

A majority of enterprise security leaders view their roles as “no longer fully manageable,” according to a recent report, and security consultants concede that the increasingly over-scoped nature of cyber execs’ roles is a problem not easily fixed. At issue is the fact that companies have consistently broadened the CISO’s jurisdiction and responsibilities without providing…

Cybersecurity jobs available right now: February 17, 2026

Chief Security Officer Seven Eleven Club & Hotels | India | On-site – View job details As a Chief Security Officer, you will oversee physical, operational, and cybersecurity programs, protect sensitive data and infrastructure, and assess risks to prevent incidents. You will lead incident response, ensure compliance with safety and data privacy regulations, educate staff…

Building an AI-powered defense-in-depth security architecture for serverless microservices

Enterprise customers face an unprecedented security landscape where sophisticated cyber threats use artificial intelligence to identify vulnerabilities, automate attacks, and evade detection at machine speed. Traditional perimeter-based security models are insufficient when adversaries can analyze millions of attack vectors in seconds and exploit zero-day vulnerabilities before patches are available. The distributed nature of serverless architectures…

CVE-2026-2441: Google Patches Chrome Zero-Day Exploited in the Wild

Right after Apple’s CVE-2026-20700 zero-day under active exploitation made headlines, Google released security updates for Chrome to address the first actively exploited Chrome zero-day of 2026. CVE-2026-2441 Analysis The high-severity flaw, tracked as CVE-2026-2441, is a use-after-free vulnerability in Chrome’s CSS component. NIST’s NVD description notes that the issue could allow a remote attacker to…

Passwork 7.4 enhances enterprise security with centralized User vault restrictions

Passwork has released version 7.4, introducing restrictive settings for User vaults along with enhancements to improve security and user experience. The update enables administrators to enforce stricter controls over password sharing and distribution, reducing data breach risks and supporting compliance with strong security policies. Key features of Passwork 7.4 Restrictive settings for User Vaults: Administrators…

Proofpoint Wants Visibility Into How AI Really Works

Security teams are being asked to protect a workspace that now includes AI acting alongside people. Once AI has access to systems and data, securing the workflow becomes a very different animal. That’s the backdrop for Proofpoint’s acquisition of Acuvity, a startup focused on AI security and governance. The deal is aimed at adding AI-native…

10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons

Ten years on, the Bangladesh Bank cyberheist — a landmark cybersecurity incident that rewrote the rules of nation state–sponsored hacking — continues to offer lessons for the cybersecurity community. Cyberspies hacked into Bangladesh Bank internal network and SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging environment before sending 35 fraudulent SWIFT payment instructions that attempted…

FTC digs deeper into Microsoft’s bundling and licensing practices

The US Federal Trade Commission (FTC) seems to be doubling down on its investigation of Microsoft and the tech giant’s potentially shady bundling and licensing practices. According to a Bloomberg report, the federal agency has been issuing civil investigative demands (CIDs) to companies that compete with Microsoft in the business software and cloud computing markets.…

FTC digs deeper into Microsoft’s bundling and licensing practices

The US Federal Trade Commission (FTC) seems to be doubling down on its investigation of Microsoft and the tech giant’s potentially shady bundling and licensing practices. According to a Bloomberg report, the federal agency has been issuing civil investigative demands (CIDs) to companies that compete with Microsoft in the business software and cloud computing markets.…

Pathlock CEO Talks Identity in the AI Era

Pathlock’s newly appointed CEO Damon Tompkins says agentic AI is forcing enterprises to rethink identity security, shifting focus from static permissions to real-time monitoring of human and non-human identities. We spoke with Tompkins about his first weeks in the CEO role and why he sees agentic AI as a new opportunity in identity security. Pathlock…

Odido CRM Data Breach Exposes 6.2M Customer Records

A major Dutch telecom provider is warning customers after a cyberattack exposed personal data tied to millions of accounts.  Odido Telecom confirmed that attackers gained unauthorized access to its customer database, impacting roughly 6.2 million customers.  “This involved personal data from a customer contact system used by Odido. No passwords, call logs, or billing information…

The foundation problem: How a lack of accountability is destroying cybersecurity

A tale of two industries The United States Navy takes 18-year-olds fresh out of high school and trains them to operate nuclear reactors in 18 months. These aren’t college graduates. They’re not experienced professionals. They’re young people with the right potential who go through the most rigorous, structured program in the military that transforms them into…

Why key management becomes the weakest link in a post-quantum and AI-driven security world

When people talk about cryptography, they usually talk about algorithms. RSA versus ECC. Classical versus post quantum. Encryption strength measured in bits and curves. In practice, none of that matters unless keys are created, stored, rotated and retired correctly. Key management is the discipline that governs the entire lifecycle of cryptographic keys, from generation to…

5 key trends reshaping the SIEM market

Security information and event management (SIEM) platforms have evolved far beyond their basic log collection and correlation roots. With cyber threats moving too fast for manual intervention, leading vendors have been integrating artificial intelligence and machine learning technologies into their SIEM platforms. In addition, modern SIEM platforms now incorporate extended detection and response (XDR) and…

SaaS isn’t dead, the market is just becoming more hybrid

Dramatic phrases like ‘Saas is dead,’ ‘SaaSpocalypse,’ and others have dominated recent discussions in the IT world. However, that narrative is premature, according to Deloitte. Yes, in 2026, established SaaS vendors will face competition from AI-native ones, the firm forecasts, but the real story is that traditional enterprise software continues to grow as it becomes…

Why identity recovery is now central to cyber resilience

Ransomware has permanently changed how security leaders think about risk. Verizon’s 2025 Data Breach Investigations Report found that ransomware was involved in 44% of all breaches. For small and midsize businesses, the problem is big; ransomware was involved in nearly nine out of 10 breaches, compared to it playing a role in 39% of incidents…

Apple Patches Actively Exploited Zero-Day Flaw

Apple is urging users to update immediately after patching a zero-day vulnerability that was exploited in what it described as “extremely sophisticated” attacks against specific individuals.  The flaw, which impacts multiple Apple operating systems, allowed attackers to execute arbitrary code on vulnerable devices. “An attacker with memory write capability may be able to execute arbitrary…

CVE-2026-20700: Apple Patches Zero-Day Exploited in Sophisticated Cyber Attacks

SOC Prime previously highlighted Apple’s actively exploited WebKit zero-day CVE-2025-14174, a case that showed how quickly weaponized iOS flaws can move from targeted activity to real operational risk for organizations and high-value users. That same case later led to additional fixes, with CVE-2025-14174 and CVE-2025-43529 both issued in response to it, reinforcing a familiar pattern…

SecurityBridge Taps Jesper Zerlang to Lead Global Growth

Enterprise ERP systems remain one of the most overlooked attack surfaces in cybersecurity. In an interview with Channel Insider, newly appointed SecurityBridge CEO Jesper Zerlang said closing that SAP security gap will define the company’s next phase of growth as it accelerates global expansion and deepens channel partnerships. Former board member turned executive charts early…

Q&A: How MSPs are Unlocking New Opportunity with Blockchain

As enterprises move from blockchain pilots to production deployments, MSPs are reassessing how the technology fits into their 2026 service strategies.  In this Q&A, Cosmos Labs co-CEO and co-founder Barry Plunkett breaks down where demand is forming—from regulated tokenization projects to blockchain infrastructure operations—and how MSPs can turn scarce expertise into durable, recurring revenue. How…

Germany greenlights the EU AI Act, triggering countdown for enterprise compliance

The German Federal Cabinet has approved a draft legislation to implement the EU’s AI Act, designating the Federal Network Agency (Bundesnetzagentur) as the country’s central AI supervisory authority. Under the draft AI Market Surveillance and Innovation Promotion Act (KI-MIG), Germany will establish its national framework for regulating AI system development and deployment. The draft law…

AI was not plotting humanity’s demise. Humans were

AI bots are having existential crises, inventing religions, and allegedly plotting against humanity… or so the internet would have you believe. We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, and turned out to be far less Terminator and far more humans role-playing as…

News alert: GitGuardian raises $50M to tackle non-human identities crisis, AI agent security gap

NEW YORK, Feb. 11, 2026, CyberNewswire — GitGuardian, a leading secrets and Non-Human Identity (NHI) security platform and #1 app on GitHub Marketplace, today announced a $50 million Series C funding round led by global software investor Insight Partners(more…)

The post News alert: GitGuardian raises $50M to tackle non-human identities crisis, AI agent security gap first appeared on The Last Watchdog.

Windows Notepad RCE Flaw Exploits Markdown Files

Microsoft has patched a vulnerability in the modern Windows Notepad app that could allow remote code execution if a user opens a specially crafted Markdown file.  The issue carries a CVSS score of 8.8 and requires user interaction to exploit. The vulnerability “… allows an unauthorized attacker to execute code over a network,” said Microsoft…

SmartBear Expands Carahsoft Partnership for Public Sector

SmartBear has expanded its partnership with Carahsoft Technology Corp. to strengthen its public sector go-to-market strategy and deepen engagement with the government-focused channel ecosystem, the companies announced Tuesday. The expanded agreement positions Carahsoft as SmartBear’s Master Government Aggregator, giving federal, state, and local agencies simplified access to SmartBear’s software quality and application visibility portfolio through…

The hard part of purple teaming starts after detection

In my recent articles for CSO, I’ve talked about the limits of current SOC models and the importance of rehearsal. This time, I want to focus on something that’s becoming increasingly clear: purple teaming has lost its depth. We’ve turned one of the most powerful tools for resilience into a transactional exercise that feels reassuring…

Emerging Ransomware BQTLock & GREENBLOOD Disrupt Businesses in Minutes 

How long would it take your team to realize ransomware is already running?  The newly identified ransomware families are already causing real business disruption. These threats can disrupt operations fast while also reducing visibility through stealth or cleanup activity, shrinking the time teams have to detect and contain the attack.  Here’s what you should know about BQTLock and GREENBLOOD, and how your team can detect and contain them before…

Global Group ransomware gang running new campaign using Windows shortcut files

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were wrong. According to researchers at Forcepoint, a new high-volume phishing campaign spreading the Global Group ransomware has been detected that hopes to sucker employees…

Video: How Netskope and Optiv Fight Shadow AI

As organizations race to modernize cloud environments and adopt AI, security and governance can’t be an afterthought. In this episode of Partner POV, Katie Bavoso sits down with Netskope and Optiv to explore how a deep partner-led approach helps customers securely adopt cloud and AI technologies at scale. Joe Green of Netskope and Paul Herrmann…

Imprivata delivers passwordless access to improve security, compliance, and productivity

Imprivata has introduced comprehensive new capabilities to enable the next generation of fast, frictionless, and passwordless access for frontline staff, knowledge workers, and all other enterprise users. Imprivata Enterprise Access Management (EAM) now offers context-aware passwordless authentication, identity verification, and AI-powered risk signaling and behavioral analytics, expanding the company’s solutions for seamless access to personal…

JumpCloud Launches Venture Arm, Releases New AI Research

JumpCloud has launched a new venture capital arm and released research showing AI adoption is improving IT productivity while security, identity, and governance gaps continue to widen. The company this week introduced JumpCloud Ventures, an investment program focused on early-stage identity, security, AI, and IT productivity startups, alongside its Q1 2026 IT Trends Report. The…

NinjaOne Debuts IT Asset Management to Streamline IT Ops

NinjaOne has unveiled NinjaOne IT Asset Management (ITAM), a new solution that gives IT teams visibility and control across their IT environment by unifying endpoint and asset management.  Built into the NinjaOne platform, ITAM aims to help organizations extend the life of their assets, reduce costs, and improve compliance by turning fragmented asset data into…