FBI seizes Handala data leak site after Stryker cyberattack

Posted in Commentary with tags on March 19, 2026 by itnerd

You might recall that a med tech company named Stryker got pwned in epic fashion by Iran based threat actors. Click here if you need to get the details on that. Now there’s news that the FBI has seized two websites used by the threat actors behind this attack who are known as Handala:

As of Thursday, the contents of a website where Handala publicized its hacks, as well as another website that the group used to dox dozens of people over their alleged ties to the Israeli military and defense contractors, such as Elbit Systems and NSO Group, were replaced by a banner announcing the law enforcement action. 

The seizure announcement did not say why the FBI and the Justice Department took down the websites. But the language in them appears to indicate U.S. authorities believed these sites were run by hackers linked to a foreign government.

“Law enforcement authorities determined this domain was used to conduct, facilitate, or support malicious cyber activities on behalf of, or in coordination with, a foreign state actor,” read the seizure announcement. “The United States Government has taken control of this domain to disrupt ongoing malicious cyber operations and prevent further exploitation.”

Brian Bell, CEO of FusionAuth, has provided the following commentary: 

“The Stryker attack demonstrates that authentication and authorization are not the same thing. Attackers didn’t need to break in. They walked through the front door with compromised credentials. The missing safeguard is contextual: organizations need systems that can recognize when a privileged action is anomalous and require additional verification at that moment, not just at login. Risk-based, step-up authentication is a necessary architectural layer for organizations managing sensitive infrastructure, not just a ‘nice-to-have.’ The FBI’s seizure of Handala’s infrastructure is welcome – but the next group will find a new front door. The architectural fix has to happen on the defender’s side.”

I applaud this. Actions like this won’t stop these groups, but it will make their lives a bit more miserable. But it would be better if organizations defended themselves so things do not escalate to this level.

Leave a comment »

Unit 42 Analyzes The Use of AI in Malware

Posted in Commentary with tags on March 19, 2026 by itnerd

While less sophisticated attackers are using LLMs to help write functional malware, we’re still seeing attackers having challenges deploying local models to a target environment or embedding into a malware sample for local decision making. This research analyzes two samples of malware leveraging AI for remote decision making

  1. AI Theater: An Infostealer’s Illusory LLM Features: A trio of highly similar .NET information stealer samples that incorporate the OpenAI GPT-3.5-Turbo model via HTTP API. We will explore the implementation and assess the practical impact of its AI integration.
  2. AI-Gated Execution: Malware Dropper’s LLM-Based Environment Assessment: A malware dropper written in Golang that leverages an LLM to evaluate a system and provide a decision on whether to proceed with an infection. The sample was initially highlighted on X as a dropper for Sliver malware.

Some key takeaways:  

  • The current state of AI in malware is characterized by experimentation and uneven integration, but the potential for AI to aid in malware creation highlights a concerning issue of lowering the barrier to entry for less-skilled threat actors. 
  • Unit 42 anticipates a future where AI plays a greater role in both malware creation and execution. As local model deployment becomes more feasible, we may see malware samples with embedded AI capabilities (especially code generation) that can more dynamically adapt to their environment, evade detection and optimize malicious activities in real-time.
  • The rise of AI-assisted malware could manifest in the form of increased feature cadence and reliability. It will be crucial to monitor these advancements and develop defenses that can effectively counter an evolving AI-driven threat landscape.

You can read the research here: https://unit42.paloaltonetworks.com/ai-use-in-malware

Leave a comment »

Ricoh and Brother join forces to offer expanded print portfolio in Canada

Posted in Commentary with tags , on March 19, 2026 by itnerd

Ricoh Canada and Brother International Corporation-Canada today announced that the companies have entered into a strategic alliance in Canada, building on an existing partnership in the U.S. to provide a comprehensive portfolio of complementary print solutions.  

Empowering print modernization for Canadian businesses

Under this joint agreement, Ricoh will offer the Brother Exclusive Series to expand its portfolio of A4 office print solutions. With Ricoh’s robust, solutions-oriented A4 imaging devices complemented by Brother’s cost-effective, multi- and single-function desktop printers, businesses will now have access to a unified and complete portfolio of print solutions from Ricoh, with more options to modernize print infrastructures and enhance workflows in hybrid and distributed work environments.

Why hybrid work requires a broader A4 strategy

According to a Robert Half survey, 53% of employers in Canada offer hybrid work options to those in leadership roles, with an additional third of employers offering hybrid options to all regular employees regardless of seniority. Driven by the rise of hybrid and remote work, businesses need more compact print devices in decentralized setups. Ricoh will add the full Brother Exclusive Series lineup, https://www.brother-usa.com/business/printers/brother-workhorse-seriesincluding models such as the Brother MFC-L6915DW and Brother HL-L6415DW, to complement and expand its A4 portfolio, which includes award winning models like the RICOH IM C320F and RICOH P C375.  

More options to support diverse workplace needs

With the Brother Exclusive Series now part of its A4 print portfolio, Ricoh will create more opportunities for businesses of all sizes to acquire affordable, high-quality imaging devices that seamlessly integrate with digital workflows and offer secure, mobile and cloud print solutions to accommodate flexible workplaces. The expanded portfolio adds new, increased options for document-intensive work environments, such as healthcare, legal, financial, and retail organizations, to manage their complete print infrastructure through a single vendor, using a common print management platform — RICOH Streamline NX — that is being adapted to support Brother devices.

To learn more about Ricoh’s print solutions, click here.

Leave a comment »

Secure.com Analyzes How To Design Security Workflows Humans Don’t Hate

Posted in Commentary with tags on March 19, 2026 by itnerd

Dubai-based Secure.com has just published – “Designing Security Workflows Humans Don’t Hate” based on input from organizations across more than 30 countries. 

CEO Uzair Gadit advocates for human-first security workflows, designed around how people actually work, not how tools were built. The human-first approach surfaces what is relevant, removes friction from the right actions, and puts human judgment where it is needed most, instead of everywhere.

He said: “Most security workflows treat people like machines. They expect analysts to process hundreds of alerts, jump between tools, and make fast decisions under pressure all day, every day. Over 70% of SOC professionals say they have considered quitting due to stress and unmanageable alert volumes. That isn’t  a sign of weak teams. It’s a sign of broken workflows.”

The brief analysis examines:

  • Why most security workflows drive people away, amplifying rather than reducing risk;
  • Elements of human-first security design; and
  • Human-in-the-loop versus automation – where it works, where it doesn’t.

You can read the analysis here: https://www.secure.com/blog/human-centered-security-workflows

Leave a comment »

Teleport Launches Beams, Trusted Agent Runtimes For Infrastructure

Posted in Commentary with tags on March 19, 2026 by itnerd

Teleport today announced Beams, a trusted runtime designed to solve the security and IAM challenges blocking teams from designing and running AI agents in production infrastructure. Beams runs each agent in an isolated Firecracker VM with built-in identity. Each Beam is connected to infrastructure and inference services without secrets, with audit and access control.

Beams addresses a key challenge engineers face when designing agentic workflows for infrastructure. Engineers want to develop, test and deploy agents, but they need to do this in a secure environment. Today, launching agents means stitching together IAM, infrastructure, and secrets by hand — with no consistent identity, no visibility into agent actions, and every team building its own container or VM workflows from scratch. Beams eliminates that operational drag by providing ephemeral, isolated environments that are fast to start, locked down, and wired into Teleport’s identity and audit trails.

Each Beam runs in a Firecracker VM with full file system and networking isolation. Beams inherit delegated identity so they can authenticate to registered services and inference endpoints without using secrets, with fine-grained networking control over external and internal services. Every action is audited, giving teams full visibility into what agents access and when.

Beams are built for a range of agentic use cases — from internal agents that need access to production services, to agentic ephemeral workflows where developers build against staging without exposing secrets, to multi-agent production pipelines requiring hardened, reproducible isolation.Beams will launch as an MVP on April 30, 2026. Engineers interested in early access can register at https://www.beams.run.

Teleport will demonstrate Beams at both RSAC (Booth S-3111) and KubeCon (Booth 840) during the week of March 23.

Leave a comment »

AI Fraud Now Moves at Machine Speed — Can Enterprise Defenses Keep Up?

Posted in Commentary on March 19, 2026 by itnerd

Fraud has quietly entered a new era—and most organizations are still defending themselves at human speed.

Daon, a leading provider of digital identity solutions that help businesses verify, authenticate, and secure customer identities through biometric and multi-factor authentication, published a new analysis showing how AI‑driven fraud is no longer just faster; it’s fully autonomous. 

Attackers are now using AI agents that can jailbreak commercial models, write custom exploits, harvest credentials, and breach systems with minimal human oversight. In one recent case, attackers used a jailbroken Claude Code instance to infiltrate four global organizations—scanning networks, identifying high‑privilege accounts, creating backdoors, and exfiltrating data almost entirely on its own.

The report outlines a stark shift:
AI has collapsed the entire attack lifecycle—reconnaissance, exploitation, credential harvesting, and persistence—into a single automated workflow. Human defenders simply can’t match that velocity.

Key points to note:

  • AI fraud now operates at machine speed. Stanford’s ARTEMIS agent outperformed human penetration testers while running parallel attack paths and spawning sub‑agents to investigate vulnerabilities in the background.
  • Sophistication without expertise. Amateur attackers can now deploy professional‑grade exploits—AI writes the code for them.
  • Deepfake voice and video attacks are exploding. With as little as 10 seconds of audio, attackers can impersonate executives in real time.
  • Fraud infrastructure is now AI‑generated. Fake crypto wallets, banking portals, and password managers are being spun up and SEO‑optimized automatically.
  • Credential exploitation is now systematic, not opportunistic. AI tests thousands of leaked credentials across services simultaneously and maps privilege‑escalation paths autonomously.
  • Regulation is lagging. Even the new AI Scam Prevention Act doesn’t address the technical realities of AI‑driven fraud.

If attackers are using AI to automate and accelerate fraud, the only viable defense is AI‑powered identity verification and real‑time authentication that can match attacker velocity. Daon argues that the future of fraud prevention hinges on continuous, AI‑driven identity assurance—not static credentials or rules‑based systems.

You can read the analysis here: How Fraudsters Use AI to Get Ahead – Daon

Leave a comment »

Cobalt Introduces New AI Capabilities for Continuous Pentesting

Posted in Commentary with tags on March 19, 2026 by itnerd

Cobalt today announced new AI capabilities for continuous pentesting. Delivered through the Cobalt Offensive Security Platform, these next-generation components integrate AI with elite human pentesters and more than a decade of proprietary pentesting intelligence to accelerate the speed, scale, and depth of modern offensive security programs. Attendees of the RSA Conference can learn more by visiting the Cobalt team at Booth #N4519 at the Moscone Conference Center.

Offensive security is entering a new era. Attackers are increasingly using AI to automate reconnaissance, vulnerability discovery, and exploitation. At the same time, modern development practices are accelerating release velocity and dramatically expanding the attack surface across APIs, microservices, cloud infrastructure, and AI-powered applications. Security teams can no longer rely on periodic testing to understand their exposure—they must validate real-world risk continuously.

The Cobalt Platform enables organizations to move beyond point-in-time testing and adopt a programmatic approach to offensive security that continuously adapts to evolving environments. Using the largest dataset of real-world pentesting intelligence in the industry, it applies historical exploit intelligence to refine testing logic and ensure every engagement is smarter than the last. Cobalt integrates and exposes the industry’s most capable hacker tools—constantly updated to reflect current threat actor tactics.

New features and functionality include:

  • Automated Reconnaissance: The AI-powered platform autonomously maps the entire attack surface—from complex JavaScript routes to hidden shadow APIs and forgotten subdomains. This identifies every potential entry point and provides human testers with a high-fidelity roadmap from the start of every engagement. 
  • AI-Powered Vulnerability Discovery: By combining automated scanning with AI-driven credential validation, the Cobalt Platform ensures exhaustive coverage of all form fields and CVEs, including critical vulnerabilities like those in Log4j and WordPress. This autonomously validates access and surface-level flaws to provide an immediate baseline of enterprise risk.
  • Proprietary Data Enrichment: Every finding is enriched with context from public exploit feeds and over a decade of proprietary historical intelligence. By merging global threat data with a unique offensive security dataset, the Cobalt Platform provides the critical context needed to frame findings based on actual adversarial behavior.
  • AI-Driven Deduplication and Triage: An AI-driven triage engine automatically normalizes and deduplicates findings across all scanner outputs into a single, cohesive view. By distilling high-volume data into verified findings, the platform ensures pentesters are focused on creative attack scenarios that present the real risk to the business.

These enhancements build on additional AI capabilities released in Q4 2025, including AI-Powered Reporting and Insights. AI reporting automates vulnerability documentation, benchmark results against aggregated security data, and provide natural-language access to product guidance. By combining an AI report writer, insights and benchmarking capabilities, and an AI documentation assistant, the Cobalt Platform accelerates report delivery, contextualizes findings with industry data, and helps security teams quickly understand and remediate risk.

With only a few clicks to scope and set up a pentest, the Cobalt Platform initiates testing automatically to ensure depth and quality before human experts engage. Because reconnaissance and scanning are now fully automated, pentesters spend 0% of their time on basic discovery and 100% of their time on high-value exploitation. 

The Cobalt Platform also introduces compatibility with the Model Context Protocol (MCP), enabling AI assistants to securely interface with pentest data so security teams can query testing results, triage findings, and correlate risk through natural-language workflows. 

Additional Resources: 

Leave a comment »

Cobalt Introduces Security Program Manager Service to Help Enterprises Scale Offensive Security Programs

Posted in Commentary with tags on March 19, 2026 by itnerd

Cobalt today announced the launch of its Security Program Manager service, designed to help enterprises operationalize and scale offensive security programs. Attendees of the RSA Conference can learn more about these new capabilities by visiting the Cobalt team at Booth #N4519 at the Moscone Conference Center.

As organizations expand their security testing efforts across applications, APIs, cloud infrastructure, and emerging technologies, many security teams struggle with a growing gap between strategic security objectives and day-to-day execution. Fragmented oversight, engineering silos, and the challenge of translating technical vulnerability data into business-level insights can slow remediation efforts and reduce the effectiveness of offensive security programs.

The Cobalt Security Program Manager addresses this challenge by providing organizations with a dedicated expert who acts as an extension of the internal security team. Security Program Managers oversee the logistics of enterprise-scale pentesting programs, coordinate testing schedules across development teams, and ensure remediation workflows align with broader business and security goals.

Security Program Managers help organizations streamline pentesting operations and ensure testing results translate into actionable improvements across the business. Key benefits of the service include:

  • Reclaim Your Team’s Time: Security Program Managers coordinate with development and engineering teams to schedule pentests, manage administrative logistics, and track remediation progress, reducing the operational burden on internal security teams.
  • Eliminate Security Blind Spots: By maintaining a comprehensive inventory of assets and aligning testing cadences with corporate security objectives, Security Program Managers ensure continuous visibility into the organization’s security posture.
  • Secure Executive Buy-In: Security Program Managers translate technical findings into strategic intelligence and performance metrics, helping security leaders demonstrate ROI and communicate risk reduction to executive stakeholders.
  • Accelerate Innovation Cycles: Cobalt integrates pentesting workflows with common development tools such as Jira, GitHub, and Slack, enabling organizations to embed security into development pipelines without disrupting engineering velocity.

The Security Program Manager builds on the broader Cobalt Offensive Security Platform, which combines automation, AI-driven intelligence, and expert-led testing to deliver offensive security at enterprise scale. By integrating automated reconnaissance, vulnerability discovery, and intelligence-driven triage with human-led testing, Cobalt enables organizations to run continuous security programs that evolve alongside their environments.

Cobalt offensive security services span application, network, API, cloud, and emerging AI systems, and include capabilities such as web application pentesting, mobile testing, cloud configuration reviews, attack surface management, red teaming, and AI and LLM application testing. These services are delivered by the Cobalt Core, a global community of more than 500 vetted ethical hackers who average over 11 years of pentesting experience.

Leave a comment »

Bonfy Unveils First Data Security Platform for AI Agents, Shadow AI, and Enterprise GenAI Workflows

Posted in Commentary with tags on March 19, 2026 by itnerd

Bonfy.AI today announced Bonfy Adaptive Content Security™ (Bonfy ACS) 2.0, the industry’s first platform built to secure enterprise content across all systems, applications, and AI agents – anywhere data moves, resides, or is processed. As organizations race to deploy copilots, custom AI apps, and increasingly autonomous AI agents, security leaders are struggling with blind spots around how these systems access, transform, and share sensitive data, gaps that legacy DLP and DSPM tools were never designed to handle. By 2028, Gartner projects that 22% of cyberattacks and data leaks will involve generative AI, and through 2029 over 50% of successful cybersecurity attacks against AI agents will exploit access‑control issues.

Bonfy delivers real-time, contextual protection across email, SaaS apps, collaboration tools, browsers, cloud and on‑prem file stores, AI systems, and agent frameworks, so enterprises can safely accelerate AI adoption without flying blind. With native coverage for Microsoft 365 (Exchange Online, SharePoint, Entra, Copilot and Purview), Google Workspace (Gmail, Google Drive, Google Directory), Salesforce, HubSpot, Slack, on‑premises file stores, AWS S3, and more, Bonfy becomes the unifying data security layer that follows content regardless of channel or AI workflow. 

Built for agentic and autonomous AI

Bonfy ACS 2.0 is engineered specifically for system‑level and browser‑based AI agents that plan, reason, call tools, and execute actions across enterprise systems.

By treating agents as first‑class entities, not just extensions of users, Bonfy allows security teams to see which agents accessed which data, how they used it, and where the outputs ultimately landed. Bonfy ACS 2.0 fits cleanly into a customer’s existing security and productivity stack: it complements Microsoft Purview and M365 DLP, integrates with Microsoft Entra and Google Directory, and plugs into SIEM/SOAR tools such as Splunk, Sentinel, and Rapid7 for workflow automation, while also integrating via its MCP Server interface and APIs with modern AI platforms including Microsoft Copilot Studio, OpenAI, Anthropic Claude, Google Gemini, and other enterprise agent frameworks.

Bonfy is designed for executive level visibility and governance for CISOs, CIOs, and to be operated by security teams, security architects, and AI platform teams responsible for GenAI and agent deployments in financial services, insurance, technology, biotech/pharmaceutical, healthcare companies, and more. It provides one policy and automation engine that spans traditional data security, AI data governance, and AI agent guardrails, eliminating the need to stitch together separate point products for systems, and agents. The Bonfy platform can now be used both for projects where organizations consume AI and build AI.

Headline capabilities in Bonfy ACS 2.0

Bonfy ACS 2.0 introduces six major capabilities that together form a second-generation, high‑performance data security platform for the AI era.

  • AI Agent Data Guardrails (MCP & Agent Framework Support)
    Bonfy adds “data in use” security solution by adding an MCP server interface, API, and agent‑aware controls so enterprises can inspect and govern the content AI agents read, share, and generate during planning, reasoning, and execution, not just in the final output. Agents can call Bonfy inline to label and risk‑score content before it reaches external services or users, stopping AI‑driven leakage and trust‑boundary violations.
  • Browser Extension for Shadow AI and Agentic Activity
    A lightweight browser extension delivers real‑time, content‑aware inspection of web traffic, including unsanctioned AI tools and browser‑based assistants. Bonfy separates safe AI use from risky disclosure, detects shadow AI automations, and shows security teams exactly where sensitive data is going.
  • Full Google Workspace Support
    Bonfy 2.0 adds native support for Gmail, Google Drive, and Google Directory, achieving parity with Microsoft 365 integrations and extending multi‑channel protection across both ecosystems. Organizations running on Google now get unified, entity‑aware controls including contextual, automated classification labeling.
  • Data Surface Visibility for AI-Era Risk
    A new “data surface visibility” view gives CISOs a live map of where sensitive content lives across data stores such as Microsoft SharePoint, Google Drive, AWS S3 buckets, On-prem file stores and AI systems, and how employees and agents use it. Teams can drill from high‑level exposure down to specific actors and flows to understand real business risk, not just isolated events.
  • On-Premises and Cloud File Store Coverage
    Bonfy now covers on‑premises file stores and cloud object storage such as AWS S3, alongside existing SharePoint, Google Drive and other SaaS applications. This creates a unified control plane for unstructured data at rest, in motion, and in use.
  • Data Minimization, Encryption Enhancements, and SOC 2
    Bonfy 2.0 tightens data minimization, encryption, and configurable retention so the platform itself has a smaller, better‑protected footprint. Completing SOC 2 Type 2 certification as part of the release reinforces Bonfy’s readiness for highly regulated industries.

Availability and RSAC 2026

Bonfy ACS 2.0 is available immediately. RSAC 2026 attendees can schedule a live demo by contacting Vishnu Varma

Leave a comment »

“DarkSword” iOS Exploit Can Steal Data from iPhones

Posted in Commentary with tags on March 18, 2026 by itnerd

Researchers have uncovered a new iOS devices exploit kit dubbed “DarkSword” used to steal data from potentially millions of iPhones running iOS 18.4 through 18.6.2. The attack is linked to the Russian hacking group UNC6353 which recently used the Coruna exploit chain reported by Google and iVerify

Brian Bell, CEO of customer identity and access management platform FusionAuth, provided the following comments:

“When a device can be silently compromised when visiting a website, perimeter-based and device-based security collapse. That’s not a future risk, it’s the current reality for anyone with a mobile user base.

The right response isn’t to wait for your users to patch. It’s to build authentication that assumes the device is already compromised. Short-lived tokens, step-up authentication before sensitive actions, forced re-authentication when signals change. Design for the breach, not against it.

And here’s the piece that most teams miss: most authentication platforms are SaaS; your token policies, session controls, and audit logs live in someone else’s cloud, under someone else’s access controls. But when authentication runs inside your own infrastructure, isolated from external dependencies, a compromised device doesn’t cascade into a compromised system. Identity is your last defense, so make sure you own it.”

If you are worried about this new exploit, the fix is simple. Which is to update to iOS 26 as that apparently is not affected. The most recent version of iOS 18 which at the time of this article is 18.7.3 is also not affected. But I would just go straight to iOS 26 as it is likely to protect you from more than this single exploit.

Leave a comment »

« Older Entries