Adapting Zero Trust Principles to Operational Technology

Zero trust (ZT) offers a modern, adaptive approach to cybersecurity by eliminating implicit trust and continuously validating access based on identity, context, and risk. ZT principles assume a breach has already occurred and are designed to limit threat actor movement Read More …

NIST changes enrichment process for National Vulnerability Database due to surge in CVE submissions

The number of reported vulnerabilities has surged so sharply that it forced the National Institute of Standards and Technology (NIST) to change how it ‘enriches’ each entry. Until now, NIST would take a basic CVE record and add structured analysis, Read More …

Watch how job interviewer exposes North Korean fake IT worker

For the last few years, North Koreans have gotten remote jobs at hundreds of Western companies pretending to be from somewhere else, using fake resumes, and sometimes with the help of American collaborators. It’s been a major problem for years, Read More …

Russian Intelligence Services Target Commercial Messaging Application Accounts

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are jointly issuing this public service announcement (PSA) to warn the public about ongoing phishing campaigns by cyber actors associated with the Russian Intelligence Services (RIS) Read More …

Over 29 million secrets were leaked on GitHub in 2025, and AI really isn’t helping

Vibe-coding may seem great for quickly shipping products, but inexperienced developers are leaving gaping cybersecurity holes that are causing breaches and exposures left and right. This is according to GitGuardian’s latest report, the “State of Secrets Sprawl” paper that was Read More …

Critical Vulnerabilities in Ivanti EPMM Exploited

Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) affecting Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, affecting enterprise mobile fleets and corporate networks. These vulnerabilities allow unauthenticated attackers to remotely execute arbitrary code on target servers, Read More …

EU Parliament blocks AI tools over cyber, privacy fears

he European Parliament has disabled AI features on the work devices of lawmakers and their staff over cybersecurity and data protection concerns, according to an internal email seen by POLITICO. The chamber emailed its members on Monday to say it Read More …

Patch Tuesday – February 2026

Microsoft is publishing 55 vulnerabilities this February 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for six of today’s vulnerabilities, and notes public disclosure for three of those. Earlier in the month, All three of the publicly Read More …

SolarWinds Web Help Desk Exploitation – February 2026

Multiple intrusions have been publicly reported starting on February 6, 2026 stemming from Internet-connected servers utilizing SolarWinds Web Help Desk software. This exploitation activity reportedly first occurred in December 2025. Given the number of recent CVEs affecting this product, it’s Read More …