CISA issues urgent directive on Cisco SD-WAN vulnerabilities that are being actively exploited 

Posted in Commentary with tags on March 11, 2026 by itnerd

There is a new urgent directive from the CISA released this morning which is Emergency Directive 26-03, warning that threat actors are actively exploiting vulnerabilities in Cisco Catalyst SD-WAN systems used across federal networks. The directive requires agencies to immediately inventory affected systems, collect forensic artifacts, apply patches, and hunt for signs of compromise. 

The vulnerabilities include CVE-2026-20127, a critical authentication bypass flaw (CVSS 10) that could allow an unauthenticated attacker to gain administrative access to SD-WAN infrastructure and potentially manipulate network configurations. 

Bobby Kuzma, Director of Offensive Operations at ProCircular had this to say:

“CISA has clear reason to believe that these vulnerabilities have been, and likely continue to be, exploited by threat actors to compromise government systems and networks. The requests for artifact collection and submission make it clear they’re working to identify the scope of the threat. While contractors and civilian organizations are not required or requested to follow similar collection steps, if you have Cisco SD-WAN appliances in your environment, this is a good time to collect artifacts and review patch statuses and logs.”

Once again it’s time to patch all the things. Though this time around, this patching exercise is pretty urgent and should be done without delay.

Equinix Unveils Distributed AI Infrastructure

Posted in Commentary with tags on March 11, 2026 by itnerd

At its inaugural AI Summit, Equinix, Inc. unveiled its Distributed AI infrastructure—a bold new approach to power the next wave of AI innovation, including agentic AI. Today’s announcement includes a new AI-ready backbone to support distributed AI deployments, a global AI Solutions Lab to test new solutions, and Fabric Intelligence to better support next-generation workloads for enterprises.

Fabric Intelligence AI-Driven Network Automation

As businesses look to deploy next-generation AI tools, such as AI agents, enterprises need to rethink their existing IT architecture. Equinix’s Distributed AI has been engineered from the ground up to support the scale, speed and complexity of modern intelligent systems—including the evolution from static models to autonomous, agentic AI capable of reasoning, acting and learning independently. Unlike traditional applications, AI is inherently distributed, with distinct infrastructure requirements for training, inferencing and data sovereignty. Meeting these needs requires a new kind of infrastructure—globally distributed, deeply interconnected and built for performance at scale. With a fully programmable, AI-optimized network linking 270+ data centers across 77 markets, Equinix is uniquely positioned to unify these environments across geographies, enabling intelligent systems to operate reliably, securely and everywhere they need to be.

Key announcements from Equinix’s inaugural AI Summit include:

Fabric Intelligence:

  • A software layer that enhances Equinix Fabric®, an on-demand global interconnection service, with real-time awareness and automation for AI and multicloud workloads.
  • Available in Q1 2026, Fabric Intelligence integrates with AI orchestration tools to automate connectivity decisions, taps into live telemetry for deep observability, and dynamically adjusts routing and segmentation to optimize performance and simplify network operations. By making the network responsive to workload demands, Fabric Intelligence helps enterprises reduce manual effort, accelerate deployment and keep pace with the scale and speed of AI.

AI Solutions Lab at Equinix Solution Validation Center® facilities: 

  • Equinix is launching a global AI Solutions Lab across 20 locations in 10 countries, giving enterprises a dynamic environment to collaborate with leading AI partners.
  • Available today, enterprises can use the AI Solutions Lab to connect to the expansive Equinix AI partner ecosystem. This collaboration can help to de-risk AI adoption, co-innovate solutions, and to move faster from idea to operational AI deployment.

Expansion of Equinix’s AI ecosystem:

  • Now one of the most comprehensive vendor-neutral AI ecosystems in the industry, with more than 2,000 partners worldwide, making next-generation AI inferencing services discoverable and actionable through the new Fabric Intelligence.
  • Providing enterprises access to cutting-edge technology, including the GroqCloud™ platform in Q1 2026, to enable direct, private access to leading-edge inference platforms without custom builds—so they can connect and scale AI services faster with enterprise-grade performance and security.

With Equinix’s Distributed AI infrastructure, enterprises will be able to support use cases like real-time decision-making for predictive maintenance in manufacturing, dynamic retail optimization and faster fraud detection in financial services. By enabling AI at the edge and across regions, Equinix helps organizations run scalable, compliant and low-latency AI workloads wherever they’re needed. These products are expected to become available in the first quarter of 2026.

Kyndryl provides Canadian enterprises with a fast, secure path to move and modernize mission-critical legacy systems on Microsoft Azure

Posted in Commentary on March 11, 2026 by itnerd

Kyndryl today announced the availability of Kyndryl Cloud Uplift, formerly Skytap, in Microsoft Canadian data center regions. This expansion provides Canadian enterprises a fast, low-risk, self-serve way to move and modernize mission-critical legacy applications on Microsoft Azure while keeping data in Canada.

While cloud has become a key driver of business agility, Canadian leaders face operational and regulatory complexity as they try to modernize without disrupting critical systems. According to the Kyndryl Readiness Report, 67% of leaders say innovation is delayed by foundational technology issues, and 81% are increasingly concerned about the geopolitical risks of storing and managing data in global cloud environments, with 60% changing cloud strategies in response.

Kyndryl Cloud Uplift addresses these realities by enabling enterprises to replicate and run IBM Power (AIX, IBM i, Linux) on Microsoft Azure without re-architecting or rewriting applications so they can reduce migration risk while maintaining performance and day‑to‑day operations. And because Kyndryl Cloud Uplift is available in Microsoft Canadian data center regions, organizations can keep data within Canada as they modernize and adopt modern cloud services and AI at their own pace.

Canada is the fifth geographic region to offer Kyndryl Cloud Uplift following the acquisition of Skytap in May 2024, reinforcing Kyndryl’s commitment to delivering locally compliant solutions with global deployment options to customers. Canada marks the fourteenth Microsoft data center region where Kyndryl Cloud Uplift is available.

Learn more about Kyndryl’s hybrid cloud services portfolio.

New Liquibase research: AI & Production Databases interact in 96.5% of organizations, governance automation lags 

Posted in Commentary with tags on March 11, 2026 by itnerd

Liquibase, the leader in Database Change Governance, today released the 2026 State of Database Change Governance Report, new research on how enterprises are managing database change as AI becomes embedded across production systems, analytics, and delivery pipelines. The report finds that AI interaction with enterprise databases is now widespread, while governance automation and consistent enforcement have not kept pace with the speed and scale of change. (The report and graphic are linked at bottom.)

For CIOs, the issue is not that AI touches production data. The issue is whether the organization can prove control at the database layer when change is frequent, environments are heterogeneous, and AI introduces new pathways for change and access. At AI scale, manual governance struggles to keep up. That is where risk compounds and then surfaces as data quality failures, audit friction, and outcomes leaders cannot explain.

Key survey findings:

  • AI interaction: 96.5% of respondents report at least one AI or LLM interaction with their production databases, including analytics and reporting, training pipelines, internal copilots, and AI-generated SQL.
  • Change velocity: 68.1% deploy database changes weekly or faster, including 10.8% deploying multiple times per day and 18.8% deploying daily.
  • AI-era risk: 64.3% cite data quality issues as a top AI-related risk, and 46.5% cite ungoverned AI-generated SQL as a key concern.
  • Estate complexity: Organizations report an average of five database and data platform types, and 29.1% manage ten or more database types.
  • Governance gap: Only 28.1% report database change governance that is standardized and consistently enforced, while 42.3% remain at Ad hoc or Emerging. Only 7.7% report fully automated governance using policy as code with real-time enforcement.
  • Audit pressure compounds the challenge. The report finds 95.3% of respondents undergo multiple compliance or database audits per year, with more than one in five facing seven or more audits annually.

The report highlights a widening operating gap. Enterprises are shipping database change continuously across diverse platforms, while governance often depends on documentation, manual review, and fragmented evidence. In an AI era, those approaches do not scale. As AI automations and AI-generated changes increase, the cost of inconsistent enforcement rises, and the blast radius of a single unmanaged change expands across downstream analytics and AI systems.

What customer behavior telemetry shows at AI scale:

Anonymized Liquibase Secure product telemetry, separate from the survey results, reveals the following.

  • Governance is the default: 99.25% of Liquibase Secure sessions run with governance enabled, a necessary baseline as AI increases the volume of proposed change.
  • Standardization enables automation: Nearly 86% of observed changelog activity is in XML and YAML, supporting machine-readable change definitions that AI-scale delivery can validate and enforce.
  • Controls must exist before CI: About 90% of sessions run outside CI, reinforcing that as AI accelerates change, governance has to shift left into the developer workflow.
  • Adoption starts with proof: Reporting is among the most exercised capabilities, reflecting early demand for audit-ready traceability as AI makes decisions harder to defend without evidence.

A practical roadmap and scorecard for CIOs

Beyond the survey findings, the report provides a staged operating model for moving from ad hoc database change to standardized, enforced, and observable governance, without slowing delivery. It also introduces a CIO-ready scorecard that pairs reliability metrics (MTTD and MTTR) with coverage metrics for automated controls, audit evidence, and AI-governed change, so leaders can measure progress and risk reduction over time.

Here’s a link to a summary of the 2026 State of Database Change Governance Report.

Flashpoint Releases 2026 Global Threat Intelligence Report

Posted in Commentary with tags on March 11, 2026 by itnerd

Flashpoint today announced the release of its 2026 Global Threat Intelligence Report (GTIR), providing security leaders from threat intelligence and vulnerability management teams to physical security professionals and the CISO’s office with a proprietary data-driven, ground-truth view of the converging threats defining today’s hybrid risk environment.

Powered by Flashpoint’s Primary Source Collection (PSC), the 2026 GTIR reveals a sharp rise in AI-related discussions, signaling a rapid shift from criminal curiosity to the active development of malicious agentic frameworks. At the same time, the mechanics of cybercrime have shifted from breaking in to logging in, as attackers leverage stolen session cookies to operate as legitimate users. As technical defenses against encryption harden, ransomware groups are pivoting to the path of least resistance: human trust and identity compromise. Meanwhile, the patching window continues to collapse, with mass exploitation of zero-day vulnerabilities occurring in as little as 24 hours after discovery.

Cybercrime Has Entered the Era of Total Convergence

Between late 2025 and early 2026, adversaries rapidly accelerated adoption of agentic AI frameworks capable of orchestrating autonomous attack chains — automating reconnaissance, phishing generation, credential testing, and infrastructure rotation all without direct human control. This dramatically lowers the cost of experimentation and increases the speed of exploitation.

The 2026 GTIR identifies four converging forces reshaping the global threat landscape:

  • Agentic AI Operationalization — Autonomous systems capable of executing
    end-to-end attack chains at machine speed, increasing both the volume and intensity of
    cybercrime
  • Identity as the Primary Exploit Vector — Billions of compromised credentials fueling
    credential-based intrusions beyond the boundaries of organizational oversight and
    control
  • Compression of the Exploitation Window — Vulnerabilities weaponized within hours
    of disclosure before organizations can understand their exposures or begin to respond
  • The Evolution of Extortion — Ransomware shifting toward identity-driven and
    insider-enabled models, enhancing its effectiveness

Together, these dynamics form a single, high-velocity threat ecosystem where automation,
identity compromise, and vulnerability exploitation reinforce one another.

AI-Related Illicit Activity Surged 1,500% in a Single Month

Flashpoint identified a 1,500% rise in AI-related illicit discussions between November and December 2025 from 362,000 mentions to more than 6 million, signaling a rapid transition from experimentation to operationalized malicious AI frameworks.

Threat actors are actively developing autonomous systems capable of scraping data, rotating infrastructure, adjusting messaging, and learning from failed attempts without continuous human oversight. These agentic systems dramatically increase iteration speed and reduce operational friction for attackers.

Identity Has Become the Primary Exploit Vector

Flashpoint observed over 11.1 million machines infected with infostealers in 2025, generating an inventory of 3.3 billion compromised credentials and cloud tokens.

As a result, the mechanics of cybercrime have shifted from “breaking in” to “logging in.” Attackers now leverage stolen session cookies, tokens, and legitimate credentials to bypass traditional security perimeters entirely, turning digital identity into the connective tissue of modern exploitation. The reality of identity data and the potential for its automation necessitate a shift in how organizations must view their attack surface. Infostealers have shown that it is no longer limited to corporate infrastructure; it now includes employee browsers, personal devices, SaaS platforms, and third-party access.

The Window Between Vulnerability Disclosure and Exploitation Is Vanishing

Vulnerability disclosures increased by 12% year-over-year, with one-third (33%) of disclosed vulnerabilities having publicly available exploit code.

Several high-impact vulnerabilities were mass exploited within hours of disclosure, compressing remediation timelines and raising the stakes for exposure management. In this environment, organizations cannot rely solely on reactive patching cycles; they must incorporate early-warning intelligence to anticipate weaponization trends.

Ransomware Is Pivoting Toward Pure-Play Identity Extortion

Ransomware incidents rose by 53% in 2025, with RaaS groups responsible for more than 87% of attacks.

Rather than relying exclusively on encryption payloads, threat actors are increasingly targeting identity and human trust by recruiting malicious insiders, abusing authorized access, and leveraging credential theft to extort organizations without deploying traditional ransomware binaries.

Who should read the 2026 GTIR?

The report is designed for CISOs, threat intelligence teams, vulnerability management leaders, fraud and risk teams, and executive decision-makers seeking a strategic view of converged cyber and hybrid threats.

Read the full report here: https://flashpoint.io/resources/report/flashpoint-global-threat-intelligence-report-2026

New HP Report Highlights SMB Print Security Gap: 57% say print security is a low priority while trusting printers by default

Posted in Commentary on March 11, 2026 by itnerd

HP today released The Workflow Wakeup report, which takes a comprehensive look at how everyday technologies, including printers, can help small businesses improve security and prepare for the future of work.

Despite growing concern among Enterprise IT leaders, print security remains one of the most overlooked weaknesses in SMB cyber defenses. A new global study of 800 IT Decision Makers and 2,400 knowledge workers shows that 57% of SMBs say print security is a low priority in cybersecurity strategies.

The findings come as print-related risk continues to rise. Separate research from Quocirca showed that 56% of SMBs have reported at least one print-related loss of data in the past year, underscoring how easily this “assumed safe” part of the IT estate can become an exposure point.

Key findings from HP’s SMB study include:

  • Policies don’t work or are bypassed: Over half (55%) of SMBs see users trying to bypass print rules or restrictions, while 60% worry existing document processes could lead to a data or privacy issue. A further 50% lack visibility into who prints what and where, while 45% are unsure if print security meets industry compliance standards.
  • Print security assumed: 66% of knowledge workers assume printers on the office network are secure, while 50% don’t think of printers as a security threat. However, 37% do worry about printing confidential information and the wrong person finding it.

Despite low prioritization, 69% of SMBs acknowledge print security needs improvement, and 65% frequently worry about the security risks outdated systems pose. Their top five printer security concerns include:

  1. Cybersecurity risks linked to connected printers
  2. Confidential documents being left at the printer
  3. Cloud vulnerabilities related to scanned documents
  4. Unauthorized access to print files or queues
  5. Misprinting, misfiling, or mishandling materials

The data also suggests these risks are addressable when organizations put the right controls in place. Of SMBs that have adopted smart printing technology, 88% say that smart printing has made their organization more secure. Respondents cite three key reasons: providing clearer visibility into printing and scanning activity across users and locations (89%), meeting compliance and security standards (86%), and enforcing smart rules and restrictions more effectively (85%).

Please visit this blog to learn more about the security findings: https://www.hp.com/us-en/newsroom/blogs/2026/security-threat-small-business-at-risk

Russia-linked hackers breach Signal and WhatsApp accounts

Posted in Commentary with tags on March 11, 2026 by itnerd

Reuters is reporting that Russia-linked hackers have breached the messaging accounts of officials, journalists, and activists using apps including Signal and WhatsApp, according to a warning issued by the Dutch government. Something that I have covered here in the past.

Authorities say the campaign involved targeted account takeovers that allowed attackers to access private communications and potentially monitor sensitive conversations. The activity highlights how threat actors can gain access to messaging platforms without breaking encryption by compromising accounts or exploiting weaknesses in how applications and devices are trusted.

Mark Mazur, Field CTO, Approov Mobile Security had this to say:

“Account takeover attacks often exploit applications’ failure, particularly messaging applications, to accurately assess the risk of tampered mobile applications and devices.

“Security teams need to treat mobile applications and the devices they run on as potential sources of threats. Cloning and modifying an app downloaded from an app store, on a rooted or jailbroken device is an increasing risk due to AI-powered reverse engineering. RASP, Attestation and cryptographically signed API messages should be used in mobile applications to minimize these risks.”

Having strict policies on the use of personal for business use, as well as using MDM products to manage apps on devices and detect jailbroken devices are some ways to keep users safe. Organizations should look at options like those to mitigate the potential threat that this scenario poses.

Maria Xenos: Powering Ford of Canada’s Next Chapter in Automotive Innovation

Posted in Commentary with tags on March 10, 2026 by itnerd

For more than a century, the automotive industry has been defined by engineering breakthroughs and innovation, yet the contributions of women shaping those transformations have often gone underrecognized. Today, as vehicles become more advanced and digitally integrated, women are increasingly driving the strategic, technological and customer-facing decisions shaping the industry’s future.

This International Women’s Day, as conversations focus on representation and leadership across sectors, Ford of Canada is proud to spotlight Maria Xenos, Connected Services Marketing Manager, whose work sits at the centre of that transformation.

Maria didn’t always know that she wanted to work in automotive, but she was drawn to opportunities that offered continuous learning opportunities and dynamic environments. After graduating from Concordia, she joined Ford in 2015 and quickly embraced its culture of mobility and growth, moving across product and retail marketing roles.

Having grown up in the restaurant business (another historically male-dominated environment), Maria understands the subtle dynamics women often navigate in these industries. She notes that when people learn she works in automotive, the instinct can be to speak to her “like one of the guys,” as though expertise requires shedding a feminine perspective — something her leadership firmly disproves.

Today, she leads connected services for Canada, overseeing go-to-market strategy and dealer training for technologies including BlueCruise hands-free highway driving, as well as Ford’s Connectivity and Security Packages. At a time when vehicles are increasingly software-driven, Maria’s role bridges advanced technology with the everyday ownership experience. As a busy mom, her work ensures that Canadians like her feel supported, confident and seamlessly connected through their vehicles, long after they leave the dealership.

“International Women’s Day is an important reminder of how far we’ve come, but also of how important visibility and representation still are for women in STEM. In my role as Connected Services Marketing Manager at Ford of Canada, I help bring advanced technologies like connected services and in-vehicle experiences to Canadians in ways that enhance their everyday lives – whether that’s features like in-vehicle Wi-Fi that can power multiple devices or ‘gaming on the go’ through Ford’s Arcade Sports Collection to help make long family road trips more enjoyable.

As a woman and now as a mom, I also make a point to advocate for those who may not always have a voice in the room and to represent the perspectives of younger women in the organization who are still building confidence in their careers. I was fortunate to have strong female role models when I started my career, and I hope to help create the same sense of possibility for the next generation of women entering the industry.”

Secure.com Speaks To Reducing Open Source Dependency Risks

Posted in Commentary with tags on March 10, 2026 by itnerd

Today, Uzair Gadit, Founder & CEO of Dubai-based Secure.com ( https://www.secure.com/ ), published new analysis: “Open Source Dependency Risk Management,” which begins with the reminder that most apps today run on open source code, and 84% of those codebases carry at least one known security vulnerability.

He discusses why open source dependency risk management is important to SMBs, MSSPs and enterprises alike, noting that:

  • Scale makes manual tracking impossible,
  • Attackers know developers trust open source, 
  • Regulatory pressure is rising,
  • Unfixed vulnerabilities compound over time, and
  • License misuse can cost millions. 

In addition to examining some common risks of O/S dependencies, such as security vulnerabilities,  malware injections, transitive dependencies and unmaintained code, the analysis offers specific risk reduction recommendations.

These include enforcing a quality gate on coding, and effective tracking to measure open dependency risks over time, as well as their severity and the organization’s resolution speed.

The recommendations are timely, given that Sam Sabin of Axios reported today that volunteers “who keep open-source software running and secure are being flooded with reports from an unlikely source: autonomous AI agents… The vast majority of this software is maintained by volunteers who were already struggling to keep up with the deluge of reports about security flaws. Now, maintainers tell Axios their inboxes are being inundated by a wave of AI-written reports that lack specific details and legitimate errors.

Open Source Dependency Risk Management: Most apps today run on open source code — and 84% of those codebases carry at least one known security vulnerability:  https://www.secure.com/blog/open-source-dependency-risk-management

New SolarWinds CVE Continues Patch-Bypass Pattern

Posted in Commentary with tags on March 10, 2026 by itnerd

The CISA and NVD have published a new critical vulnerability affecting SolarWinds Web Help Desk tracked as CVE-2025-26399 which involves deserialization of untrusted data that could allow remote code execution.

What makes this vulnerability particularly notable is that it appears to be a bypass of a previous SolarWinds patch
tracked as CVE-2024-28988 which itself was a bypass of an earlier fix which was tracked as CVE-2024-28986. Security researchers are already pointing out that this creates a concerning pattern of patch bypasses tied to the same vulnerability class.

Bobby Kuzma, Director of Offensive Cyber Operations, ProCircular

“The newly disclosed CVE-2025-26399 vulnerability in SolarWinds Web Help Desk is especially troubling because it appears to be a patch bypass of a previous critical flaw — which itself was already a bypass of an earlier patch for essentially the same vulnerability class. When vulnerabilities repeatedly reappear through patch bypasses, it suggests the underlying root cause may not have been fully addressed. As security professionals sometimes joke, if developers are being forced to patch just enough to break the exploit instead of fixing the root issue, they should blink twice and we’ll send help. The humor reflects a real problem: partial fixes can leave organizations exposed to the next iteration of the same flaw.”

SolarWinds related vulnerabilities just will not seem to die. That’s bad for anyone who is responsible for defending organizations as their lives will be pretty miserable.