Geek-Guy.com

Category: Government & Policy

Stay updated on the intersection of tech and governance. From CISA security alerts to federal AI mandates and global policy shifts, get the latest at Geek Guy.

AI, Apps, Cybersecurity, Data Breaches, Endpoint, EU, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, News, Risk Management, Threats

European Commission Hit by Mobile Management Data Breach

European Union officials are investigating a cybersecurity incident after attackers breached systems used to manage staff mobile devices, potentially exposing limited personal data.  The European Commission said it detected a cyberattack on its central mobile device management infrastructure and moved quickly to contain it.  “The EU commission did well to clean systems swiftly and ensure…

Read more →

AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Endpoint, Europe, Exploits, Global Security News, Government & Policy, ivanti, known exploited vulnerabilities (KEV), network edge devices, Threats

Fallout from latest Ivanti zero-days spreads to nearly 100 victims

Ivanti customers, including major government agencies, face mounting pressure as attackers expand their scope of targets to exploit a pair of vulnerabilities the vendor disclosed late January after in-the-wild attacks already occurred. The Netherlands’ Dutch Data Protection Authority and the Council for the Judiciary confirmed both agencies were impacted by attacks linked to the Ivanti…

Read more →

AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Endpoint, Europe, Exploits, Global Security News, Government & Policy, ivanti, known exploited vulnerabilities (KEV), network edge devices, Threats

Fallout from latest Ivanti zero-days spreads to nearly 100 victims

Ivanti customers, including major government agencies, face mounting pressure as attackers expand their scope of targets to exploit a pair of vulnerabilities the vendor disclosed late January after in-the-wild attacks already occurred. The Netherlands’ Dutch Data Protection Authority and the Council for the Judiciary confirmed both agencies were impacted by attacks linked to the Ivanti…

Read more →

AI, Breaking News, Exploits, Global Security News, Government & Policy, hacking, hacking news, Security

BeyondTrust fixes critical pre-auth bug allowing remote code execution

BeyondTrust patched a critical pre-auth flaw in Remote Support and PRA that could let attackers execute code remotely. BeyondTrust released security updates to address a critical flaw, tracked as CVE-2026-1731 (CVSS score of 9.9), in its Remote Support and older Privileged Remote Access products. The bug could allow an unauthenticated attacker to send specially crafted…

Read more →

AI, Breaking News, Exploits, Global Security News, Government & Policy, hacking, hacking news, Security

BeyondTrust fixes critical pre-auth bug allowing remote code execution

BeyondTrust patched a critical pre-auth flaw in Remote Support and PRA that could let attackers execute code remotely. BeyondTrust released security updates to address a critical flaw, tracked as CVE-2026-1731 (CVSS score of 9.9), in its Remote Support and older Privileged Remote Access products. The bug could allow an unauthenticated attacker to send specially crafted…

Read more →

AI, Breaking News, Exploits, Global Security News, Government & Policy, hacking, hacking news, Security

BeyondTrust fixes critical pre-auth bug allowing remote code execution

BeyondTrust patched a critical pre-auth flaw in Remote Support and PRA that could let attackers execute code remotely. BeyondTrust released security updates to address a critical flaw, tracked as CVE-2026-1731 (CVSS score of 9.9), in its Remote Support and older Privileged Remote Access products. The bug could allow an unauthenticated attacker to send specially crafted…

Read more →

AI, Breaking News, Exploits, Global Security News, Government & Policy, hacking, hacking news, Security

BeyondTrust fixes critical pre-auth bug allowing remote code execution

BeyondTrust patched a critical pre-auth flaw in Remote Support and PRA that could let attackers execute code remotely. BeyondTrust released security updates to address a critical flaw, tracked as CVE-2026-1731 (CVSS score of 9.9), in its Remote Support and older Privileged Remote Access products. The bug could allow an unauthenticated attacker to send specially crafted…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, News, Risk Management, Threats

BridgePay Ransomware Causes Widespread Payment Outages

A ransomware attack on BridgePay Network Solutions on Feb. 6, 2026, caused payment processing disruptions across the U.S., affecting merchants, local governments, and service providers. The outage temporarily forced some businesses to rely on cash-only transactions while payment services were unavailable. “No card data was compromised and any file that may have been accessed was…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, News, Risk Management, Threats

BridgePay Ransomware Causes Widespread Payment Outages

A ransomware attack on BridgePay Network Solutions on Feb. 6, 2026, caused payment processing disruptions across the U.S., affecting merchants, local governments, and service providers. The outage temporarily forced some businesses to rely on cash-only transactions while payment services were unavailable. “No card data was compromised and any file that may have been accessed was…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, News, Risk Management, Threats

BridgePay Ransomware Causes Widespread Payment Outages

A ransomware attack on BridgePay Network Solutions on Feb. 6, 2026, caused payment processing disruptions across the U.S., affecting merchants, local governments, and service providers. The outage temporarily forced some businesses to rely on cash-only transactions while payment services were unavailable. “No card data was compromised and any file that may have been accessed was…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, News, Risk Management, Threats

BridgePay Ransomware Causes Widespread Payment Outages

A ransomware attack on BridgePay Network Solutions on Feb. 6, 2026, caused payment processing disruptions across the U.S., affecting merchants, local governments, and service providers. The outage temporarily forced some businesses to rely on cash-only transactions while payment services were unavailable. “No card data was compromised and any file that may have been accessed was…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, News, Risk Management, Threats

BridgePay Ransomware Causes Widespread Payment Outages

A ransomware attack on BridgePay Network Solutions on Feb. 6, 2026, caused payment processing disruptions across the U.S., affecting merchants, local governments, and service providers. The outage temporarily forced some businesses to rely on cash-only transactions while payment services were unavailable. “No card data was compromised and any file that may have been accessed was…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, News, Risk Management, Threats

BridgePay Ransomware Causes Widespread Payment Outages

A ransomware attack on BridgePay Network Solutions on Feb. 6, 2026, caused payment processing disruptions across the U.S., affecting merchants, local governments, and service providers. The outage temporarily forced some businesses to rely on cash-only transactions while payment services were unavailable. “No card data was compromised and any file that may have been accessed was…

Read more →

AI, Apps, Europe, Global Security News, Government & Policy, Government, Industry, Laws and Regulations, Markets, Technology Industry

How the EU’s trade ‘bazooka’ could hit the US tech sector

When the Trump Administration threatened tariffs last month against countries looking to block any plan to annex Greenland, European leaders debated responding with the region’s trade “bazooka” – a retaliation mechanism that could target US tech firms selling into the European Union.  The anti-coercion instrument, introduced in 2023 and so far unused, is designed to deter…

Read more →

AI, Breaking News, china, Cybercrime, Cybersecurity, data breach, Data Breaches, Exploits, Global Security News, Government & Policy, hacking, malware, Network Security, Risk Management, Russia, Security

Security Affairs newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to…

Read more →

AI, Breaking News, china, Cybercrime, Cybersecurity, data breach, Data Breaches, Exploits, Global Security News, Government & Policy, hacking, malware, Network Security, Risk Management, Russia, Security

Security Affairs newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to…

Read more →

AI, Breaking News, Compliance, Cybersecurity, edge network devices, Global Security News, Government & Policy, hacking, hacking news, Network Security, Risk Management, Security

CISA pushes Federal agencies to retire end-of-support edge devices

CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported ones within 12–18 months. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed U.S. federal civilian agencies to strengthen how they manage edge network devices throughout their lifecycle. According to Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices, agencies must…

Read more →

AI, Breaking News, china, cyber crime, Global Security News, Government & Policy, hacking, malware, Network Security, Security

Record-breaking 31.4 Tbps DDoS attack hits in November 2025, stopped by Cloudflare

AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025, which Cloudflare automatically detected and blocked. The AISURU/Kimwolf botnet was linked to a record-breaking DDoS attack that peaked at 31.4 Tbps and lasted just 35 seconds. Cloudflare said the November 2025 incident was part of a surge in hyper-volumetric HTTP…

Read more →

AI, APAC, Apps, Cybersecurity, Data Breaches, Europe, Global Security News, Government & Policy, Mergers & Acquisitions, Network Security, Risk Management, Venture

January 2026 M&A Recap: Channel Orgs Set to Expand Capabilities

January is now in the book, and channel organizations have made a number of early-year acquisitions to boost their capabilities and to better serve customers. Channel Insider has rounded up key mergers and acquisitions that have highlighted the start of Q1 2026. Service provider consolidation continues across ServiceNow, VMware ecosystems and more CoreX expands ServiceNow…

Read more →

AI, Global Security News, Government & Policy, Network Security

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been observed conducting active reconnaissance against government infrastructure associated with…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Risk Management, Risk Management, Security

The blind spot every CISO must see: Loyalty

The longstanding assumption that tenure, performance metrics, or expressed commitment serve as reliable indicators of the trustworthiness of an employee persists across many sectors. Indeed, the great majority of personnel are loyal. But, while small, the percentage of those who aren’t is still well above zero. Moreover, this conflation of loyalty and security overlooks a…

Read more →

AI, Apps, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

New APT group breached gov and critical infrastructure orgs in 37 countries

A new cyberespionage group that operates out of Asia has compromised 70 government and critical infrastructure organizations across 37 countries over the past year using a sophisticated toolset that combines phishing, exploitation kits, custom malware, Linux rootkits, web shells, and a variety of other tunneling and proxy tools. Researchers believe the group is expanding its…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, News, Risk Management, Russia, Threats

10,000+ Active Infections Traced to SystemBC Botnet

Security researchers at Silent Push identified more than 10,000 unique IPs infected with SystemBC, a proxy malware commonly used as an early foothold in ransomware attacks. Using a custom SystemBC tracking fingerprint, analysts mapped a globally distributed botnet that includes compromised systems supporting government infrastructure.  “SystemBC proxies traffic through compromised systems and acts as a…

Read more →

AI, Apps, Exploits, Global Security News, Government & Policy, Politics, privacy, Risk Management

This is why high-value targets should use Lockdown Mode

If you’ve ever wondered how secure Apple’s Lockdown Mode is, the Federal Bureau of Investigations (FBI) has the answer — and it’s good news for journalists, business leaders, civil leaders, or anyone who has to handle confidential data. As part of an ongoing investigation about alleged leaks of classified information to the media, the FBI controversially raided the…

Read more →

AI, Funding, Global Security News, Government & Policy, Network Security, Risk Management, Technology

Lawmakers Call on Meta to Stop Running ICE Ad Featuring Neo-Nazi Anthem

Members of Congress are demanding answers from Meta after it ran advertisements by U.S. Immigration and Customs Enforcement that they say included imagery and music intended to appeal to white nationalists and neo-Nazis. In a letter sent to Meta CEO Mark Zuckerberg, Reps. Becca Balint, D-Vt., and Pramila Jayapal, D-Wash., questioned how the social media…

Read more →

AI, Breaking News, Cybersecurity, DDoS, Global Security News, Government & Policy, hacking, hacktivism, information security news, Russia

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Italy stopped Russian-linked cyberattacks targeting Foreign Ministry offices and Winter Olympics websites and hotels, Foreign Minister Tajani said. Italy has thwarted a series of Russian-linked cyberattacks aimed at Foreign Ministry offices, including one in Washington, as well as Winter Olympics websites and hotels in Cortina d’Ampezzo, according to Foreign Minister Antonio Tajani. “We have foiled…

Read more →

AI, APAC, Apps, Compliance, Cybersecurity, Endpoint, Global Security News, Government & Policy, Risk Management, Vendor Leadership & Partner Programs

January 2026 Leadership Moves Across the Channel, Part 1

Newly created roles and chief customer officers are defining the beginning of the year. As we start the new year, a significant number of leadership moves have been made across the channel. This is just part one of the January 2026 leadership recap. Let’s dive in and stay tuned for the follow-up story later this…

Read more →

AI, APT, china, Cyber warfare, Exploits, Global Security News, Government & Policy, hacking, intelligence, malware

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in 2025. CheckPoint says China-linked threat actors, tracked as Amaranth-Dragon, carried out cyber-espionage campaigns in 2025 targeting government and law enforcement agencies across Southeast Asia. The activity is linked to the APT41 ecosystem and affected countries including Thailand, Indonesia, Singapore, and…

Read more →

AI, Global Security News, Government & Policy, Industry News

AiStrike introduces AI-powered MDR to reduce costs and alert fatigue

AiStrike announced the launch of AiStrike MDR, an AI-powered managed detection and response (MDR) service designed to replace human-intensive MDR with an AI-led, expert-guided operating model built for scale, speed, and measurable outcomes. Enterprises and government organizations use AiStrike to unify threat intelligence, detection engineering, investigation, and response in a single AI-native platform, improving detection…

Read more →

AI, Global Security News, Government & Policy, Industry News

AiStrike introduces AI-powered MDR to reduce costs and alert fatigue

AiStrike announced the launch of AiStrike MDR, an AI-powered managed detection and response (MDR) service designed to replace human-intensive MDR with an AI-led, expert-guided operating model built for scale, speed, and measurable outcomes. Enterprises and government organizations use AiStrike to unify threat intelligence, detection engineering, investigation, and response in a single AI-native platform, improving detection…

Read more →

CISO, cyber-risk, Cybersecurity, Don't miss, Global Security News, Government, Government & Policy, News, Risk Management

Cybersecurity planning keeps moving toward whole-of-society models

National governments already run cybersecurity through a mix of ministries, regulators, law enforcement, and private operators that own most critical systems. In that environment, guidance circulating among policymakers outlines how national cybersecurity strategies increasingly tie together risk management, workforce planning, technology standards, and coordination across sectors. Across many countries, national cybersecurity strategies now function as…

Read more →

AI, Compliance, Cybersecurity, Global Security News, Government & Policy, malware, Network Security, privacy

The Epstein Files didn’t hide this hacker very well

Supposedly redacted Jeffrey Epstein files can still reveal exactly who they’re talking about – especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting. Sloppy redaction leads to explosive claims, and difficult reputational consequences for cybersecurity vendors, and we learn how trust – once cracked – can be almost impossible to fully…

Read more →

AI, Europe, Global Security News, Government & Policy

HPE and NVIDIA push secure AI factories with sovereign-ready designs and new Grenoble lab

HPE has expanded its NVIDIA AI Computing by HPE portfolio with new “secure AI factory” building blocks, including a planned AI Factory Lab in Grenoble, France, aimed at helping customers validate sovereign and compliant AI deployments – a theme that’s resonating well beyond Europe as governments and regulated industries tighten requirements around data residency and…

Read more →

Global Security News, Government & Policy, Industry News, Risk Management, Socure

Socure unifies identity, fraud, and program integrity for government at scale

Socure has released Socure for Government (SocureGov) RiskOS to help public sector organizations deliver simpler, faster, and more transparent digital identity verification and fraud prevention at scale. SocureGov RiskOS unifies identity proofing, fraud detection, and program integrity into a single intelligent control plane, supporting the full constituent lifecycle, from onboarding and progressive verification to authentication,…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, International, malware, Network Security, News, Risk Management, Threats

Fake Dating App Delivers Android Spyware in Targeted Campaign 

ESET researchers have uncovered a targeted Android spyware campaign using a fake dating app to lure victims into installing mobile surveillance malware.  The campaign, focused on users in Pakistan, disguises spyware as a chat platform that promises access to exclusive profiles but instead quietly exfiltrates sensitive data from infected devices. “Once installed, the app silently…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Announcements, Apps, Compliance, Cybersecurity, Europe, Foundational (100), Global Security News, Government & Policy, Risk Management, Security Blog, Security, Identity, & Compliance

AWS achieves 2025 C5 Type 2 attestation report with 183 services in scope 

Amazon Web Services (AWS) is pleased to announce a successful completion of the 2025 Cloud Computing Compliance Criteria Catalogue (C5) attestation cycle with 183 services in scope. This alignment with C5 requirements demonstrates our ongoing commitment to adhere to the heightened expectations for cloud service providers. AWS customers in Germany and across Europe can run…

Read more →

AI, Announcements, Apps, Compliance, Cybersecurity, Europe, Foundational (100), Global Security News, Government & Policy, Risk Management, Security Blog, Security, Identity, & Compliance

AWS achieves 2025 C5 Type 2 attestation report with 183 services in scope 

Amazon Web Services (AWS) is pleased to announce a successful completion of the 2025 Cloud Computing Compliance Criteria Catalogue (C5) attestation cycle with 183 services in scope. This alignment with C5 requirements demonstrates our ongoing commitment to adhere to the heightened expectations for cloud service providers. AWS customers in Germany and across Europe can run…

Read more →

AI, Announcements, Apps, Compliance, Cybersecurity, Europe, Foundational (100), Global Security News, Government & Policy, Risk Management, Security Blog, Security, Identity, & Compliance

AWS achieves 2025 C5 Type 2 attestation report with 183 services in scope 

Amazon Web Services (AWS) is pleased to announce a successful completion of the 2025 Cloud Computing Compliance Criteria Catalogue (C5) attestation cycle with 183 services in scope. This alignment with C5 requirements demonstrates our ongoing commitment to adhere to the heightened expectations for cloud service providers. AWS customers in Germany and across Europe can run…

Read more →

AI, Announcements, Apps, Compliance, Cybersecurity, Europe, Foundational (100), Global Security News, Government & Policy, Risk Management, Security Blog, Security, Identity, & Compliance

AWS achieves 2025 C5 Type 2 attestation report with 183 services in scope 

Amazon Web Services (AWS) is pleased to announce a successful completion of the 2025 Cloud Computing Compliance Criteria Catalogue (C5) attestation cycle with 183 services in scope. This alignment with C5 requirements demonstrates our ongoing commitment to adhere to the heightened expectations for cloud service providers. AWS customers in Germany and across Europe can run…

Read more →

AI, Announcements, Apps, Compliance, Cybersecurity, Europe, Foundational (100), Global Security News, Government & Policy, Risk Management, Security Blog, Security, Identity, & Compliance

AWS achieves 2025 C5 Type 2 attestation report with 183 services in scope 

Amazon Web Services (AWS) is pleased to announce a successful completion of the 2025 Cloud Computing Compliance Criteria Catalogue (C5) attestation cycle with 183 services in scope. This alignment with C5 requirements demonstrates our ongoing commitment to adhere to the heightened expectations for cloud service providers. AWS customers in Germany and across Europe can run…

Read more →

AI, Announcements, Apps, Compliance, Cybersecurity, Europe, Foundational (100), Global Security News, Government & Policy, Risk Management, Security Blog, Security, Identity, & Compliance

AWS achieves 2025 C5 Type 2 attestation report with 183 services in scope 

Amazon Web Services (AWS) is pleased to announce a successful completion of the 2025 Cloud Computing Compliance Criteria Catalogue (C5) attestation cycle with 183 services in scope. This alignment with C5 requirements demonstrates our ongoing commitment to adhere to the heightened expectations for cloud service providers. AWS customers in Germany and across Europe can run…

Read more →

AI, Announcements, Apps, Compliance, Cybersecurity, Europe, Foundational (100), Global Security News, Government & Policy, Risk Management, Security Blog, Security, Identity, & Compliance

AWS achieves 2025 C5 Type 2 attestation report with 183 services in scope 

Amazon Web Services (AWS) is pleased to announce a successful completion of the 2025 Cloud Computing Compliance Criteria Catalogue (C5) attestation cycle with 183 services in scope. This alignment with C5 requirements demonstrates our ongoing commitment to adhere to the heightened expectations for cloud service providers. AWS customers in Germany and across Europe can run…

Read more →

AI, Compliance, Global Security News, Government & Policy, privacy

I hacked the government, and your headphones are next

In episode 451 of “Smashing Security,” we meet the cybercriminal who hacked the US Supreme Court, Veterans Affairs, and more – and then helpfully posted screenshots (and even someone’s blood type) on an account called “I hacked the government.” Plus we discuss how researchers uncovered a creepy flaw that lets attackers hijack wireless headphones, listen…

Read more →

AI, Apps, Compliance, Exploits, Global Security News, Government & Policy, News Alerts, privacy, Risk Management, Top Stories

News alert: Reflectiz study finds most third-party web apps access sensitive data without justification

BOSTON, Jan. 21, 2026, CyberNewswire — Reflectiz today announced the release of its 2026 State of Web Exposure Research, revealing a sharp escalation in client?side risk across global websites, driven primarily by third?party applications, marketing tools, and unmanaged digital integrations. According to the new analysis of 4,700 leading websites, 64% of third?party applications now access…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, malware, News Alerts, Risk Management, Top Stories

News alert: Forrester study finds Airlock Digital’s app control cuts breaches to zero with 224% ROI

ATLANTA, Jan. 20, 2026, CyberNewswire — Airlock Digital, a leader in proactive application control and endpoint security, announced the release of The Total Economic Impact (TEI) of Airlock Digital, an independent study commissioned by Airlock Digital and conducted by Forrester Consulting. The study demonstrates a significant 224% return on investment (ROI) and a $3.8 million net…

Read more →

AI, Apps, APT, Blog, CERT-UA, CVEs, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Pluggyape, Risk Management, Russia

UAC-0190 Attack Detection: Fake Charity Lures Used to Deploy the PLUGGYAPE Backdoor Against the Ukrainian Armed Forces

On January 12, 2026, the CERT-UA team disclosed a targeted cyber-espionage campaign against the Ukrainian Armed Forces that abused charity-themed social engineering to deliver the PLUGGYAPE backdoor. The activity, observed between October and December 2025, is attributed with medium confidence to the russia-aligned threat actor known as Void Blizzard (Laundry Bear), tracked by CERT-UA as…

Read more →

AI, Apps, APT, Blog, CERT-UA, CVEs, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Pluggyape, Risk Management, Russia

UAC-0190 Attack Detection: Fake Charity Lures Used to Deploy the PLUGGYAPE Backdoor Against the Ukrainian Armed Forces

On January 12, 2026, the CERT-UA team disclosed a targeted cyber-espionage campaign against the Ukrainian Armed Forces that abused charity-themed social engineering to deliver the PLUGGYAPE backdoor. The activity, observed between October and December 2025, is attributed with medium confidence to the russia-aligned threat actor known as Void Blizzard (Laundry Bear), tracked by CERT-UA as…

Read more →

AI, Apps, APT, Blog, CERT-UA, CVEs, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Pluggyape, Risk Management, Russia

UAC-0190 Attack Detection: Fake Charity Lures Used to Deploy the PLUGGYAPE Backdoor Against the Ukrainian Armed Forces

On January 12, 2026, the CERT-UA team disclosed a targeted cyber-espionage campaign against the Ukrainian Armed Forces that abused charity-themed social engineering to deliver the PLUGGYAPE backdoor. The activity, observed between October and December 2025, is attributed with medium confidence to the russia-aligned threat actor known as Void Blizzard (Laundry Bear), tracked by CERT-UA as…

Read more →

AI, Compliance, Exploits, Global Security News, Government & Policy, Network Security, privacy

Grok the stalker, the Louvre heist, and Microsoft 365 mayhem

On this week’s show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire’s lawn and ends with Grok happily doxxing real people, mapping out stalking “strategies,” and handing out revenge-porn tips. Then we go inside the Louvre heist,…

Read more →

AI, Apps, Compliance, Cybersecurity, data breach, Data Breaches, Exploits, F5, forensics, Global Security News, Government & Policy, Information Security, Network Security, Risk Management

Think Your Firewall Is Safe? The F5 Hack Proves It’s the Perfect Trojan Horse

In what is being described as one of the most consequential cyber-espionage operations of the year, US technology vendor F5 Networks has confirmed that nation-state threat actors successfully infiltrated its internal environment, stealing source code and vulnerability intelligence related to its flagship BIG-IP product line — a core networking and application delivery system used by…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, online scams, Politics, Risk Management, Webroot Blog

Senior scams topped $4.8 billion in 2024: What to watch out for

Americans aged 60 and older lost $4.8 billion in 2024 to scammers, according to a report released by the FBI. These figures represent real people, real families, and life-changing financial devastation. The impact extends beyond just the numbers. The average loss among people over the age of 60 was $83,000, more than four times the…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, online scams, Politics, Risk Management, Webroot Blog

Senior scams topped $4.8 billion in 2024: What to watch out for

Americans aged 60 and older lost $4.8 billion in 2024 to scammers, according to a report released by the FBI. These figures represent real people, real families, and life-changing financial devastation. The impact extends beyond just the numbers. The average loss among people over the age of 60 was $83,000, more than four times the…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, online scams, Politics, Risk Management, Webroot Blog

Senior scams topped $4.8 billion in 2024: What to watch out for

Americans aged 60 and older lost $4.8 billion in 2024 to scammers, according to a report released by the FBI. These figures represent real people, real families, and life-changing financial devastation. The impact extends beyond just the numbers. The average loss among people over the age of 60 was $83,000, more than four times the…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, online scams, Politics, Risk Management, Webroot Blog

Senior scams topped $4.8 billion in 2024: What to watch out for

Americans aged 60 and older lost $4.8 billion in 2024 to scammers, according to a report released by the FBI. These figures represent real people, real families, and life-changing financial devastation. The impact extends beyond just the numbers. The average loss among people over the age of 60 was $83,000, more than four times the…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, online scams, Politics, Risk Management, Webroot Blog

Senior scams topped $4.8 billion in 2024: What to watch out for

Americans aged 60 and older lost $4.8 billion in 2024 to scammers, according to a report released by the FBI. These figures represent real people, real families, and life-changing financial devastation. The impact extends beyond just the numbers. The average loss among people over the age of 60 was $83,000, more than four times the…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, online scams, Politics, Risk Management, Webroot Blog

Senior scams topped $4.8 billion in 2024: What to watch out for

Americans aged 60 and older lost $4.8 billion in 2024 to scammers, according to a report released by the FBI. These figures represent real people, real families, and life-changing financial devastation. The impact extends beyond just the numbers. The average loss among people over the age of 60 was $83,000, more than four times the…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, online scams, Politics, Risk Management, Webroot Blog

Senior scams topped $4.8 billion in 2024: What to watch out for

Americans aged 60 and older lost $4.8 billion in 2024 to scammers, according to a report released by the FBI. These figures represent real people, real families, and life-changing financial devastation. The impact extends beyond just the numbers. The average loss among people over the age of 60 was $83,000, more than four times the…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, online scams, Politics, Risk Management, Webroot Blog

Senior scams topped $4.8 billion in 2024: What to watch out for

Americans aged 60 and older lost $4.8 billion in 2024 to scammers, according to a report released by the FBI. These figures represent real people, real families, and life-changing financial devastation. The impact extends beyond just the numbers. The average loss among people over the age of 60 was $83,000, more than four times the…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, online scams, Politics, Risk Management, Webroot Blog

Senior scams topped $4.8 billion in 2024: What to watch out for

Americans aged 60 and older lost $4.8 billion in 2024 to scammers, according to a report released by the FBI. These figures represent real people, real families, and life-changing financial devastation. The impact extends beyond just the numbers. The average loss among people over the age of 60 was $83,000, more than four times the…

Read more →

AI, Apps, china, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, Information Security, malware, vulnerabilities, vulnerability

Microsoft SharePoint Zero-Day EXPLAINED — How Hackers Got In Without a Password

Two previously unknown zero-day vulnerabilities in Microsoft SharePoint Server (on-premises) are being actively exploited in the wild as part of a highly coordinated espionage campaign. Microsoft has linked these attacks to China-based APT actors, and at least 75 organizations worldwide have confirmed breaches. The flaws, identified as CVE-2025-53770 and CVE-2025-53771, enable unauthenticated remote code execution…

Read more →

AI, Apps, Compliance, Cybersecurity, Exploits, Global Security News, Government & Policy, privacy, Risk Management

Fake Receipt Detector Technology: Protecting Financial Integrity in the Digital Age

The rise of sophisticated digital tools and artificial intelligence has revolutionized many aspects of business and finance, but it has also created new opportunities for fraudulent activities. Among the most concerning developments is the increasing prevalence of fake receipts and fraudulent expense documentation. As businesses, insurance companies, and financial institutions grapple with these challenges, the…

Read more →

AI, cyber security, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Information Security, Network Security

BreachForums Is DEAD — Cybercrime’s Biggest Empire Just Got Crushed!

A coordinated law enforcement operation in France has resulted in the arrest of key figures behind BreachForums, one of the most active and influential marketplaces for cybercriminals in recent years. The takedown marks a significant disruption in the cybercriminal economy, highlighting both the global reach of modern threat actors and the increasing sophistication of cross-border…

Read more →

AI, AI Security, Cybersecurity, Data Breaches, Global Security News, Government & Policy, malware, privacy, Risk Management

Mitigating prompt injection attacks with a layered defense strategy

Posted by Google GenAI Security Team With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt,…

Read more →

AI, AI Security, Cybersecurity, Data Breaches, Global Security News, Government & Policy, malware, privacy, Risk Management

Mitigating prompt injection attacks with a layered defense strategy

Posted by Google GenAI Security Team With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt,…

Read more →

deepfakes, Global Security News, Government & Policy, privacy, revenge porn, Take It Down Act, Trump

Why a new anti-revenge porn law has free speech experts alarmed 

The newly signed Take It Down Act makes it illegal to publish nonconsensual explicit images – real or AI-generated – and gives platforms just 48 hours to comply with a victim’s takedown request or face liability. While widely praised as a long-overdue win for victims, experts warn its vague language, lax standards for verifying claims,…

Read more →

AI, Apps, Global IT News, Global Security News, Government & Policy, Security, Startups, TC, TC Sessions: AI, TechCrunch Sessions: AI

At TechCrunch Sessions: AI, Artemis Seaford and Ion Stoica confront the ethical crisis — when AI crosses the line

As generative AI becomes faster, cheaper, and more convincing, the ethical stakes are no longer theoretical. What happens when the tools to deceive become widely accessible? And how do we build systems that are powerful — but safe enough to trust? At TechCrunch Sessions: AI, taking place June 5 at UC Berkeley’s Zellerbach Hall, Artemis…

Read more →

AI, Apps, Biotech & Health, Climate, Crypto, Disrupt 2025, Enterprise, Fintech, Fundraising, Global IT News, Global Security News, Government & Policy, Media & Entertainment, Real estate, robotics, Space, Startups, TC, TechCrunch Disrupt, TechCrunch Disrupt 2025, Venture

4 days left: Up to $900 off your ticket and 90% off for your +1 at TechCrunch Disrupt 2025

Here’s the deal: Only 4 days left to save up to $900 on your TechCrunch Disrupt 2025 ticket — and an additional 90% off for your +1. From October 27–29, San Francisco’s Moscone West transforms into the epicenter of tech innovation as 10,000 tech, startup, and VC leaders gather for the 20th anniversary of TechCrunch…

Read more →

doge, Elon Musk, Global Security News, Government & Policy, xAI

Amanda Scales, a Musk hire who helped lead DOGE, has returned to xAI

Amanda Scales, the former xAI HR exec who helped lead billionaire Elon Musk’s Department of Government Efficiency initiative while working at the U.S. Office of Personnel Management, recently returned to xAI, according to The New York Times. Scales used to work on talent acquisition at xAI. Since April, she’s worked on the talent side of…

Read more →

AI, Elon Musk, Global Security News, Government & Policy, Social, X, xAI

Grok says it’s ‘skeptical’ about Holocaust death toll, then blames ‘programming error’

Grok, the AI-powered chatbot created by xAI and widely deployed across its new corporate sibling X, wasn’t just obsessed with white genocide this week. As first noted in Rolling Stone, Grok also answered a question on Thursday about the number of Jews killed by the Nazis in World War II by saying that “historical records,…

Read more →