Infosec stories

Cayosoft and XMS Solutions will overhaul identity systems for a US war agency, bolstering Zero Trust security across hybrid Microsoft environments.

Guardsquare snaps up Verimatrix’s XTD tech, adding real-time mobile threat detection and response to its end-to-end app security platform.

DigiCert warns UltraDNS DDoS attacks spiked to record levels in December 2025, driven by massive Aisuru and Kimwolf botnets.

Legacy VPNs are emerging as a prime security liability as hybrid work, identity‑based attacks and cloud apps expose their design flaws.

1Password revamps its global partner programme to tap soaring demand for AI-era identity security and non-human access governance.

Tenable warns ‘LookOut’ flaws in Google Looker could hand attackers server control, expose secrets and enable cross-tenant cloud access.

AvePoint extends its Confidence Platform to tighten agentic AI governance and broaden multi-cloud backup across major SaaS and IaaS tools.

Most NFL players’ personal data appears on people search sites, with Super Bowl teams facing above-average exposure and heightened safety risk.

AI, hybrid cloud and SASE are driving a shift from security sprawl to consolidation, with unified policy control now the top priority.

1Kosmos and Fischer link biometric ID checks with campus IAM to block enrolment and aid fraud while enabling passwordless access.

CIQ’s Rocky Linux NSS gains NIST CAVP for post-quantum ML-KEM and ML-DSA, marking key stride towards FIPS 140-3 cryptographic validation.

Developers granting AI agents broad, unsupervised access to code and systems are creating new software supply chain and data exposure risks.

Searchlight Cyber has promoted former product chief Michael Gianarakis to CEO as founder Ben Jones moves to a strategic board role.

Attackers are abusing Windows screensaver files in a spearphishing campaign to stealthily install remote access tools on business systems.

ENCS and DIVD have agreed a new cyber pact to uncover and disclose vulnerabilities in Europe’s high-impact energy and critical systems.

Callback phishing jumps sixfold as BEC fraud stays dominant, with criminals weaponising CAPTCHAs, trusted brands and cloud platforms.

EnSilica has joined the CHERI Alliance, aiming to embed hardware memory safety in custom chips for industrial, automotive and IoT systems.

DryRun launches DeepScan Agent, an AI tool that scans whole codebases in hours to rank real-world security risks and speed remediation.

Tenable warns critical Google Looker flaws could enable server takeover and data theft, leaving unpatched self-hosted deployments exposed.

Moltbook’s boom in user-built AI agents is fuelling mounting warnings over cyber threats and brand damage as governance lags adoption.