Infosec stories

ReliaQuest warns BaoLoader and trust-based lures are surging, as attackers ditch zero-days for social engineering and valid certificates.

Shadow AI and shaky data foundations are undermining UK corporate AI rollouts, with leaders warning of weak controls and executive blind spots.

One Identity’s Manager 10.0 adds AI-driven threat response, risk-based governance and a new browser interface to tackle identity attacks.

A new Astaroth banking trojan variant hijacks WhatsApp Web to self-spread via chats while silently stealing Brazilian banking credentials.

Check Point adds AI Cloud Protect to Nvidia’s Enterprise AI Factory design to secure purpose-built AI data centres without GPU performance hit.

Phishing-as-a-service kits doubled in 2025, now powering 90% of attacks as cyber gangs race to outsmart multifactor checks and filters.

Atlassian Williams F1 adopts KeeperPAM to lock down privileged access and remote connections across its fast-moving global operations.

Infoblox agrees to buy AI-driven threat hunter Axur, aiming to curb phishing and brand abuse beyond the traditional network perimeter.

F5 rolls out AI Guardrails and AI Red Team to harden runtime security, blending adversarial testing with real-time policy enforcement.

Instagram denies a data breach after a dataset on 17m users appears on hacking forums, blaming old leak scraps and a fixed reset bug.

Concentric AI brings its Semantic Intelligence data security platform to AWS GovCloud, targeting US public sector and tightly regulated users.

Black Hat will premiere Semperis documentary Midnight in the War Room in Las Vegas, spotlighting the human cost of cyber conflict.

Cybersecurity in 2026 pivots from building higher walls to one core question: how fast can organisations recover when attacks inevitably hit?.

Ping Identity appoints former Slack executive Adnan Chaudhry as chief revenue officer to drive global go-to-market amid AI identity boom.

Ping Identity snaps up Keyless to add privacy-preserving biometrics and fight AI-driven deepfakes and account takeover attacks.

CrowdStrike moves deeper into browser security with Seraphic buy, tying in SGNL identity tech to protect in-session activity and AI use.

Microsoft’s first 2026 Patch Tuesday fixes an exploited DWM zero-day, strips decades-old modem drivers and tackles Secure Boot risks.

Coralogix enlists US Federal Student Aid to sponsor its FedRAMP bid, targeting first-mover status in AI observability for federal buyers.

AI in 2026 will be less about dazzling breakthroughs and more about fragile data, hybrid clouds and investor pressure for real profits.

AI will reshape risk, trust and compliance in 2026 as firms swap hype for embedded tools, tighter controls and higher regulatory scrutiny.