Fraud Management & Cybercrime, Identity & Access Management, Ransomware Critical Vulnerability Could Provide Attackers Access to Clinical Networks Marianne Kolbasuk McGee (HealthInfoSec) • February 20, 2026 The Department of Health and Human Services along with industry officials are advising healthcare organizations to patch a critical flaw in BeyondTrust’s remote support…
High-Severity Flaw in jsonwebtoken Library Poses Remote Code Execution Risk A significant security vulnerability has been discovered in the widely used open-source jsonwebtoken (JWT) library, which could allow attackers to execute arbitrary code on servers processing maliciously crafted JSON web token requests. This issue has been tracked as CVE-2022-23529 and…
Next-Generation Technologies & Secure Development, Observability, Video Founder and CEO Martin Mao Discusses AI-Driven Remediation and Data Optimization Michael Novinson (MichaelNovinson) • February 18, 2026 Martin Mao, co-founder and CEO, Chronosphere (Image: Chronosphere) Chronosphere, an observability vendor, has announced its acquisition by Palo Alto Networks, a move that co-founder and…
Recent discoveries have unveiled a series of critical vulnerabilities affecting Alibaba Cloud’s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL. These flaws pose significant risks by potentially enabling unauthorized access to sensitive data across tenant environments. According to a report by cloud security firm Wiz, these vulnerabilities could have allowed…
In May 2023, Microsoft released its Patch Tuesday updates, addressing 38 security vulnerabilities, including two major zero-day flaws that are currently being exploited. The updates aim to fortify Windows systems against active threats that pose significant risks to users and businesses. Trend Micro’s Zero Day Initiative has highlighted that this…
Cloud Security, Cloud-Native Application Protection Platform (CNAPP), Data Security Series B Round at $1.5B Valuation Fuels Expansion into AI, Application, and Data Security Michael Novinson (MichaelNovinson) • January 26, 2026 Amiram Shachar, co-founder and CEO, Upwind (Image: Upwind) Upwind, a cloud security startup led by a former NetApp executive, has…
Cloud Security, Cloud-Native Application Protection Platform (CNAPP), Security Operations Increasing Investments Could Enhance Cloud Security Competition Against Major Players Michael Novinson (MichaelNovinson) • January 21, 2026 The cybersecurity landscape has experienced a significant shift, transitioning from a dry spell to a surge in funding for emerging companies. See Also: On-Demand…
AI-Based Attacks, Fraud Management & Cybercrime, Governance & Risk Management Also: Non-Human Identities Transforming Security; Insights from the Delinea-StrongDM Acquisition Anna Delaney (annamadeline) • January 23, 2026 . Pictured from left to right: Anna Delaney, Mathew Schwartz, Michael Novinson, and Tom Field This week’s ISMG panel convened four editors to…
Cybersecurity experts have identified a new peer-to-peer (P2P) worm named P2PInfect, which specifically targets vulnerable Redis installations for subsequent exploitation. Unlike many previous threats, P2PInfect can compromise Redis servers operating on both Linux and Windows platforms, making it a particularly formidable threat, as noted by researchers from Palo Alto Networks’…
