Kirsten Doyle

A study by the Center for Universal Education at the Brookings Institution has found that given the current trajectory of GenAI and its implementation and use, the potential risks to students outweigh the benefits.   However, it stressed that it’s “not too late to bend the arc of AI use to enrich, rather than diminish, student learning and development.” The report, dubbed “A new direction for students in an AI world: Prosper, Prepare, Protect”, provides a framework for action for all parties including schools, businesses, governments, and families.   Since the introduction of ChatGPT and with the public’s growing familiarity with GenAI, the education community has been debating its promises…

Attackers are claiming to be selling Target’s internal source code and developer documentation having published a sample of stolen repositories on Gitea, a public software development platform, BleepingComputer reports. The listings reference roughly 57,000 files and directory names, with the threat actor claiming an overall dump size of approximately 860 GB being offered for sale. The repositories appear to stem from Target’s private development environment and reportedly reveal internal naming conventions, commit metadata containing engineer names, and references to internal systems. After security researchers alerted Target to the exposed repositories, the sample files were removed and the company’s developer Git server (git.target.com) was taken offline, effectively pulling its development infrastructure from public access…

In 2026, it’s clear that cyber risk isn’t coming from one major new threat. It’s coming from lots of different ones adding up. More apps. More identities. More suppliers. More automation. And more AI quietly doing work in the background. Most organizations are moving faster than their ability to see who has access, what’s trusted, and what’s acting on their behalf.  Malefactors are taking advantage of that gap. They’re abusing tokens instead of passwords, exploiting on supply chains instead of direct breaches, and using automation and AI just as comfortably as defenders. At the same time, regulators, insurers, and boards are asking harder questions. They want evidence, not promises. This 2026 Cyber Predictions series brings together perspectives…

A Chinese-born billionaire wanted by US authorities for allegedly stealing at least $11 billion in bitcoin through a so-called “pig butchering” scam targeting Americans and others has been detained in Asia, according to the Wall Street Journal.  Chen Zhi, the chairman of Cambodia-based multinational conglomerate Prince Group, was arrested by Cambodian law enforcement and extradited to China, government officials in Cambodia said. The country’s interior ministry stated that Chen was taken into custody at the request of the Chinese government as part of ongoing cooperation to combat transnational crime. In October, the US Justice Department said it was seeking Chen’s arrest on charges of wire fraud and money laundering, after…

Every scam tells a story. This one begins with a single email. At first glance, it looks ordinary: a polite message about a missed payment sent on behalf of an executive. It carries the right tone, the right formatting, even a convincing chain of prior correspondence. A PDF is attached: an invoice for professional services that is slightly overdue. The amount is just under $50,000. The forged email trail also makes it seem that the company authorized the payment, and it was sent to the intended victim’s accounting email to deceive the team. Instead of ransomware or a breach, it’s clever persuasion. The group behind this scheme, which Fortra has identified and named Scripted Sparrow, has spent the past year…

In our third set of predictions, the AI narrative takes a back seat, as our experts land on a more uncomfortable truth: very little of this is actually new. The same attacks are coming back, just better dressed, more convincing, and operating at a far greater scale. Social engineering, impersonation, identity abuse, and broken trust haven’t disappeared: AI has simply made them easier, faster, and harder to spot. Looking across these perspectives, 2026 appears to be the year when humans and machines become fully entangled, for better and for worse. Malefactors aren’t breaking down doors so much as slipping through the cracks: identity systems, human–AI handoffs, APIs, autonomous agents, and the…

If the first part of our expert predictions series showed us how fast the threat landscape is shifting, part two shows us what happens when that shift becomes structural. Across this next set of expert insights, a pattern can be seen: the attack surface is no longer something organizations “manage”, it’s something that is growing on its own.  Agentic AI is scaling identities at lightning speed, leaving governance once set by people in the dust. Meanwhile, connectors and integrations are turning into silent backdoors, Zero Trust is buckling under the weight of non-human identities, and AI-driven malefactors are operating in ways that our conventional policy models do…

An unprotected MongoDB database exposing over 4 billion records, revealing 16 terabytes of professional and corporate intelligence data, has been discovered by researchers at the Cybernews research team and SecurityDiscovery.com. The database exposed detailed LinkedIn-derived profiles, contact information, corporate relationships, and employment histories, alongside other personal information. There were nine collections within the dataset, with each file name indicating the type of information contained within: The researchers said all records within a specific collection are unique and details exposed included full names, dmails and phone numbers, linkedIn URLs and profile handles, employment histories, degrees, certifications, location data, social media accounts and more. The database was discovered on 23 November 2025, with the instance’s owners securing it two…

US President Donald Trump says he will sign an executive order this week meant to create a single national rulebook for AI in the country, replacing a patchwork of different state laws. “There must be only One Rulebook if we are going to continue to lead in AI. We are beating ALL COUNTRIES at this point in the race, but that won’t last long if we are going to have 50 States, many of them bad actors, involved in RULES and the APPROVAL PROCESS. THERE CAN BE NO DOUBT ABOUT THIS!” he wrote on TRUTH Social. “AI WILL BE DESTROYED IN ITS INFANCY! I will be…

If there’s one common threat in every expert prediction for 2026, it’s this: the ground is shifting faster than most organizations realize. AI has moved from a “trend” sitting neatly on a roadmap, to a technology embedded in every part of the threat landscape. It is reshaping attacker behavior, stretching defensive playbooks, and exposing gaps we’ve been slow to confront. At the same time, people remain the constant: still the primary targets, and point of failure or resilience. Across all the expert perspectives, there’s a shared recognition that security is entering a paradoxical era: one where automation accelerates everything, but our ability to pause, validate, and think critically becomes more important than ever. This 2026…