CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-34197

"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise."

AI on the attack: How defenders turn artificial intelligence against cyber threats The question isn't whether to adopt AI in email security, but how quickly you can do so.

AI has transformed email security into a full-scale arms race.

On one side, attackers use AI to produce phishing emails that are faster, cheaper, and more convincing than ever before. On the other hand, defenders use AI-native tools to detect, analyze, and respond to threats at equal speed.

CMMC compliance in the age of AI Federal contracting is no longer about just saying you're secure; you have to prove it. Automation and AI are the only ways to keep up with the mountain of evidence required.

Central to preparation is gaining a complete understanding of the data subject to CMMC 2.0 controls. Many organizations are still struggling to define the full scope of systems, workflows and third-party relationships that process or store CUI.

Securing the Future of IAM: Why AI Agents Need First-Class Identity Governance | Built In Stop treating AI agents like service accounts. Learn why modern IAM requires first-class identity governance, human ownership, and JIT access to secure autonomous agents at scale.

Modern enterprise IAM is shifting to govern AI agents as first-class identities, distinct from service accounts. Our expert explains how to make the switch.

White House Tells Banks to Use Anthropic to Spot Vulnerabilities | PYMNTS.com America’s biggest banks are reportedly beginning in-house tests of Anthropic’s Mythos artificial intelligence model. That’s according to a report Friday

America’s biggest banks are reportedly beginning in-house tests of Anthropic’s Mythos artificial intelligence model.

Clear’s reusable biometric digital ID platform joins FedRAMP Marketplace | Biometric Update Clear’s CLEAR1 biometric digital ID platform joins FedRAMP Marketplace with “In Process” status, advancing toward federal authorization and new gov’t contracts.

Biometric digital identity platform CLEAR1 is now listed in the FedRAMP Marketplace, with Clear announcing the Federal Risk and Authorization Management Program has granted it “In Process” designation at the Moderate impact level.

UK Cyber Security Council Launches Associate Cyber Security Profession The UK Cyber Security Council has unveiled a new Associate Cyber Security Professional title aimed at supporting early‑career cybersecurity professionals

The UK’s professional body for the cybersecurity sector has launched a new title designed to support more people at the start of their careers in the industry.

Does ‘federated unlearning’ in AI improve data privacy, or create a new cybersecurity risk? As governments push for stronger data rights like the “right to be forgotten,” evidence suggests AI may not fully comply, raising new regulatory challenges.

Federated unlearning promises that user data can be removed from a trained AI system. But what if the request to forget is not itself trustworthy? Research shows that while FU appears to be a natural extension of data rights, it also introduces new hidden security risks.

Cybersecurity’s Hottest New Job Is Negotiating With Hackers | PYMNTS.com In the escalating cybersecurity arms race, the enterprise’s most valuable asset may no longer be its defense perimeter but rather someone who knows how to

As cybercrime becomes a structured extortion economy, negotiation relies on intelligence, psychology, and insider knowledge of hacker tactics — not just technical skill.

Social Security Administration warns beneficiaries about 'perfect' scam Social Security Administration warns of a new, clever scam. Fraudsters send fake emails pretending to be from the agency. These emails aim to steal your personal and financial details. They look very…

New alert from the Social Security Administration: If you receive an email claiming to be from SSA, pause and review it carefully:
- Is it creating urgency or threatening consequences?
- Is it asking for personal or financial information?

If the answer is yes, treat it as a scam.

Ongoing cyberattacks targeting internet-connected PLCs disrupt US critical infrastructure, agencies warn - Industrial Cyber Ongoing cyberattacks targeting internet-connected PLCs disrupt US critical infrastructure, cybersecurity agencies warn.

Attackers are actively exploiting internet-connected OT devices—including Rockwell Automation & Allen-Bradley PLCs—across multiple critical infrastructure sectors. Since March, this activity has caused disruptions by tampering with project files and altering data presented on HMI and SCADA displays.

App Privacy Labels Need Better Standards, Tools App privacy labels help users but need better accuracy and tools to ensure data privacy and simplify choices for consumers.

In an age of AI, consumers should have access to tools that let them search for apps that align with their privacy preferences. But even if the privacy labels are perfectly accurate, nobody wants to spend all day reading them - short and sweet is the ideal.

Why Most CMMC Compliance Road Maps Fall Behind Schedule Understanding how organizations can prepare for a Cybersecurity Maturity Model Certification, or CMMC, assessment often starts with structured road maps and well-defined compliance plans. Yet, many…

Preparing for a CMMC assessment takes more than a checklist and a project plan. At Idenhaus, we help contractors turn CMMC requirements into a disciplined, cross-functional program—so you can reach certification on time and with confidence.

Break the inertia mindset in cybersecurity | ThinkBusiness Why 2026 demands a shift from reactive cybersecurity to proactive intelligence. Centripetal’s Dave Silke explains how breaking mindset inertia prevents modern threats.

Dave Silke from Centripetal explains why 2026 demands a new emotional intelligence when it comes to bolstering a business’s cyber defense. #cybersecurity

Is Google using my email messages to train AI? - KTAR.com A viral story has been making the rounds again claiming that Gmail lets Google train its AI on your private emails and attachments. Is it true?

The question isn’t whether Google reads your emails — it’s whether you’re comfortable with how that data is being used and whether your current settings reflect your actual preferences.

HIPAA - I Do Not Think That Word Means What You Say It Means HIPAA is often used as a shorthand for "no," but the law is a nuanced permissions framework, not a blanket prohibition. Explore why "HIPAA-compliant" software often enforces a caricature of the…

When someone tells you they are required to do something under HIPAA, they are usually wrong. And when they tell you they are not permitted to do something under HIPAA, they are usually wrong. The best advice regarding HIPAA is usually: “I don't think that word means what you think it means.”

AI is breaking crypto security by making hacks cheaper and easier, Ledger CTO warns Ledger’s Charles Guillemet says artificial intelligence is making hacks cheaper and faster, forcing a rethink of how crypto systems stay secure.

Ledger’s Charles Guillemet says artificial intelligence is making hacks cheaper and faster, forcing a rethink of how crypto systems stay secure.

Enhanced Support for Microsoft Teams with Non-E5 Licenses - Check Point Blog Check Point Email Security now expands Microsoft Teams protection to organizations without advanced Microsoft E5 licensing.

Check Point Email Security now expands Microsoft Teams protection to organizations without advanced Microsoft E5 licensing.

HIPAA Cloud Storage 2026: What Your Practice Must Know - MedicalITG The healthcare landscape is undergoing a significant transformation with the upcoming HIPAA Security Rule rewrite in 2026. For practice managers…

The healthcare landscape is undergoing a significant transformation with the upcoming rewrite of the HIPAA Security Rule in 2026. For practice managers and healthcare administrators, understanding these changes is crucial to maintaining compliance and protecting patient data. Let's dig in!

Access now defines the value and risk of AI agents.

Healthcare AI growth exposes limits of HIPAA era compliance Rapid adoption of artificial intelligence in healthcare is raising questions about whether traditional privacy frameworks can keep pace.

More than 250 AI-related bills have been introduced across 47 states as policymakers attempt to establish oversight for emerging clinical technologies.

Who owns AI agent access? At most companies, nobody knows - Help Net Security AI agents run in most enterprise production systems, but identity controls and access management haven't kept up, a new report finds.

When asked which capabilities would most improve their organizations’ ability to safely scale AI agents, 52% selected real-time visibility into agent actions. Forty-five percent selected clear identity separation between AI agents and humans.

Five Trends Defining Identity Security in 2026 - SNS Mideast HID has released its 2026 State of Security and Identity Report, revealing how organizations in the region and worldwide are reshaping their approach to identity management. Based on insights from…

“The organizations succeeding in 2026 are those giving stakeholders meaningful solution choice while maintaining robust security.”

Courts Using AI and Cybersecurity Advances to Improve Access to Justice A recent statewide technology summit convened hundreds of court professionals from around the state to talk about cybersecurity and how using artificial intelligence (AI) data can improve efficiency…

A recent statewide technology summit convened hundreds of court professionals from around the state to talk about cybersecurity and how using artificial intelligence (AI) data can improve efficiency and benefit court users.

What security leaders need to know about zero trust identity management in 2026 The evolution of cybersecurity challenges and the rapid pace of digital transformation have led security leaders to focus increasingly on robust and adaptive security frameworks. Among them, zero…

Security leaders must understand that the underlying principle of zero trust identity management is “never trust, always verify.” In 2026, this approach will not only secure enterprise environments but also reshape how organizations think about authentication, access control, and risk management.

UAE Cybersecurity Council warns remote work drives 40% surge in home network attacks The UAE Cybersecurity Council has warned of rising risks linked to remote working, noting that the shift has driven an increase in attacks targeting u.....

The UAE Cybersecurity Council has warned of rising risks linked to remote working, noting that the shift has driven an increase in attacks targeting unsecured home routers. These vulnerabilities potentially expose the data of individuals, institutions, and businesses to breaches.

Cyber Attacks Are Inevitable in Health Care. Patients Don’t Have to Pay the Price. Health care boards can make the difference between organizational failure and resilience. Cyber incidents will happen, but board oversight can safeguard patients and maintain essential services.

Achieving true cyber resilience is an all-hands endeavor. It requires a health care organization to take a holistic approach that sets clear recovery priorities, drives cross-functional coordination, rigorously tests response plans, and ensures vendors meet core resilience expectations.

Changing narratives: Strengthening rural hospital cybersecurity Hospital preparedness programs are craving cyber components. At HIMSS26, a panel dispelled some of the confusion over resource sharing programs and explained how to get involved in coalitions.

At HIMSS26, representatives from healthcare coalitions discussed how small and rural hospitals can collaborate to strengthen their defenses, build resilience, and protect their facilities by engaging leadership within their organizations to drive change.

Water utilities need hands-on cybersecurity help, not just free guidance, pilot program finds In a new report, Microsoft criticized the federal government for scaling back support to critical infrastructure operators.

Free cybersecurity training can help water and wastewater utilities protect themselves against hackers, but only when paired with hands-on assistance and incentives for employees to build cybersecurity skills, Microsoft said in a report published on Thursday.

HIPAA Security Rule Updates 2026: Preparing Healthcare Organizations for Compliance and PHI Protection Learn about HIPAA Security Rule updates for 2026, PHI protection requirements, OCR enforcement trends, and how healthcare organizations can strengthen compliance.

HIPAA compliance is no longer just a regulatory requirement—it is a fundamental component of protecting patient trust and healthcare data security. As cyber threats increase and federal enforcement becomes more aggressive, healthcare organizations must stay informed and prepared.