Josh Breaker Rolfe

A new report from Thales highlights how artificial intelligence is reshaping the cybersecurity landscape, introducing new attack vectors while amplifying existing data protection challenges.  The 2026 Thales Data Threat Report finds that as organizations accelerate AI adoption, they are simultaneously increasing their exposure to cloud threats, identity attacks, and operational complexity. Based on a survey of more than 3000 IT and security professionals across 20 countries, the report highlights how AI-driven innovation is creating both opportunity and risk. Organizations are increasingly dependent on data to power AI applications, yet many still lack visibility into where that data resides or how it is secured. AI Expands the Attack Surface Security professionals…

A single threat actor has leveraged stolen credentials and missing MFA protections to breach dozens of major global organizations. According to a research by Infostealers, the lone cybercriminal, known as Zestix or Sentap, used infostealer malware to harvest credentials, then simply logged in.   Infosetealers, Not Zero Days, Drove Breaches Rather than relying on novel exploits, Zestix abused credentials stolen by widely known infostealers such as RedLine, Lumma, and Vidar. These malware strains extract saved passwords, browser data, and session information from infected employee devices.   Michael Bell, Founder & CEO at Suzu Labs, offers insight into Zestix’s process: “The attack method is straightforward. Parse credential logs for enterprise file-sharing URLs, test the passwords, walk through any door where MFA…

In an ideal world, security teams would be able to prevent phishing emails from getting to an employee’s inbox. But in the modern world, that simply isn’t feasible. Phishing emails themselves don’t cause harm – the damage comes from what happens after it reaches the user. Post-incident investigation is about determining that damage: checking if users clicked or downloaded something malicious, gave up credentials, or if their machine triggered a process as a result. If analysts stop at reviewing the email and don’t examine the user’s behavior and endpoint activity, they can miss early signs of compromise that quietly escalate into major incidents. Here’s a step-by-step guide for post-delivery investigation. Step 1: Reviewing Inbox Clues and…

A newly disclosed security flaw in Red Hat Open Shift AI could allow attackers to escalate privileges and seize control of entire infrastructures – albeit under specific conditions. Tracked as CVE-2025-10725, the vulnerability carries a CVSS score of 9.9 out of 10, falling just short of the maximum severity rating. Red Hat has classified the bug as “Important” rather than “Critical”, citing the requirement for attackers to already possess authenticated access before exploitation. What is OpenShift AI? OpenShift AI is Red Hat’s platform for managing predictive and generative AI models across hybrid cloud environments. It handles tasks including data acquisition,…

ChatGPT users are routinely sharing personally identifiable information (PII), sensitive emotional disclosures, and confidential material with the AI platform, analysis from SafetyDetectives has revealed. The cybersecurity reviewer’s deep dive into 1000s of ChatGPT conversations, leaked in August 2025, confirms what many already suspected: many internet users aren’t fully aware of how the AI model handles and distributes their data, and they have a startling level of trust in a still-emerging technology. A UX Flaw That Turned into a Data Leak The leak originally stemmed from a now-removed “Make Chat Discoverable” feature that allowed search engines to index conversations and make…

For many of us, wearable technology has become a part of everyday life, a way to track key health metrics to improve our overall wellbeing. But a new report from vpnMentor has suggested that these health benefits come at a significant cost to our privacy.   Tracked Health Data is a Regulatory Gray Area According to the report, 90% of wearable devices monitor at least one health and wellness metric, making it the most widely collected data category. 71% of devices tracked heart rates, while 56% measured blood oxygen levels. A smaller but growing share monitor glucose, skin temperature, and…

The embedded software world is undergoing one of its most profound shifts in decades, according to Black Duck’s State of Embedded Software Quality and Safety 2025 report.   The global survey of 785 developers, managers, and security professionals reveals the two major forces reshaping the industry: the rapid adoption of AI for development, and the growing importance of transparency. Most Orgs Use AI, But Not Enough Have Effective Guardrails AI is now a fundamental part of embedded software development. According to the Black Duck report, an overwhelming 89% of organizations now use AI-powered coding assistants, while 96% have embedded open source…

The number of publicly known ransomware victims jumped early 70% compared to the same period in 2023 and 2024, according to the newly released Acronis Cyberthreats Report H1 2025.   The surge underscores ransomware’s continuing grip on businesses worldwide, especially as attackers increasingly exploit AI to sharpen their tactics.   While the endgame for cybercriminals is still ransomware, how they get there is changing,” said Gerald Beuchelt, CISO at Acronis. “Even the least sophisticated attackers today have access to advanced AI capabilities, generating social engineering attacks and automating their activities with minimal effort.”  Manufacturing Hit Hard by Ransomware   Ransomware continues to dominate…

Cybersecurity has risen to the top of the manufacturing industry’s risk agenda. A new report from Rockwell Automation reveals that 61% of IT and security professionals plan to adopt AI and machine learning (ML) for cyber defense in the next year – 12 points ahead of general AI adoption across the sector.   Meanwhile, 30% of executives rank cyber threats as a top external risk, nearly on par with inflation and economic growth, which came in at 34%.   Rockwell Automation’s 10th Annual State of Manufacturing Report, based on responses from 1560 leaders in 17 countries, reveals that cybersecurity is fast becoming…

A new report from Sectigo and Omdia reveals that enterprises are dangerously underprepared for two converging megatrends shaking the foundations of Public Key Infrastructure (PKI): the radical shortening of SSL/TLS certificate lifespans and the looming transition to post-quantum cryptography (PQC).  The State of Crypto Agility 2025 study, based on a survey of 272 IT decision-makers worldwide, found a striking gap between awareness and execution. While nearly all organizations recognize the risks, most lack the automation, roadmaps, and internal alignment to meet the scale of the coming transformation.  Certificate Deadlines are Coming Fast  Following the CA/Browser Forum’s vote in April 2025,…