The MSSP Threat Landscape Report Is Out From SOCRadar

Posted in Commentary with tags on February 11, 2026 by itnerd

In a threat landscape where 60% of underground discussions directly reference security vendors and their products, the question is no longer whether a company’s defenses are good enough; it’s whether they’re being actively monitored, adapted, and evolved.

A just-published MSSP Threat Landscape Report by threat intel company SOCRadar examines how threat actors systematically study, test, and bypass widely deployed security products, and why partnering with a Managed Security Service Provider is essential for true operational resilience. Have a look and consider what adjustments you need to do as an organization to keep yourself safe.

Leave a comment »

80% of Exploited Vulnerabilities Are “N-Days” – Not Zero-Days: Flashpoint

Posted in Commentary with tags on February 11, 2026 by itnerd

Today, the threat intelligence team at Flashpoint published new research examining how the race between defenders and adversaries is accelerating — and why known vulnerabilities, not zero-days, are now driving the majority of real-world attacks.

Key finding: Flashpoint data shows that N-day vulnerabilities account for more than 80% of Known Exploited Vulnerabilities (KEVs) tracked over the past four years, underscoring a major shift in attacker behavior. Even more concerning, the average Time to Exploit (TTE) — the gap between public disclosure and observed exploitation — has collapsed from 745 days in 2020 to just 44 days by 2025, dramatically reducing the patching grace period many enterprises rely on. 

Flashpoint researchers attribute this trend to the rapid weaponization of publicly released proof-of-concept code, effectively creating “turn-key” exploits that allow even less sophisticated actors to launch mass attacks within hours. 

Additional insights include:

  • Security and perimeter technologies — such as firewalls, VPN gateways, and edge devices — are among the most targeted because they must remain internet-facing. 
  • Nation-state activity remains prominent, with China identified as the most active actor in vulnerability exploitation campaigns. 
  • Most organizations lack full asset visibility, with many maintaining accurate inventories for only about 25% of assets, slowing detection and response. 

Why this mattersAs weaponization timelines compress — sometimes to under 24 hours — organizations must shift from reactive patching toward intelligence-led exposure management that prioritizes exploitability and threat-actor activity. 

Leave a comment »

The AI Caricature Trend Has Security Teams Paying Attention

Posted in Commentary with tags on February 11, 2026 by itnerd

The viral Instagram “AI work caricature” trend is exposing a serious shadow AI risk. By prompting ChatGPT to create job-based caricatures and posting the results publicly, users are unintentionally signaling their access to sensitive systems, their use of public LLMs for work, and potential data leakage in prompts. Millions are tied to real profiles, helping threat actors identify high‑value targets and potential exploitation of LLMs via prompt injection or jailbreaking.

This seemingly harmless trend is a roadmap for targeted cyber and data‑exfiltration attacks.

Fortra cybersecurity expert Josh Davies has just published an article informing of these risks, which you can read here: https://www.fortra.com/blog/what-can-ai-work-caricature-trend-teach-us-about-risks-shadow-ai 

UPDATE: Reinforcing that this is a top of mind issue at the moment, Bob Long, President, Americas at Daon had this comment:

“Preventing identity fraud on the internet can be a serious challenge. Everyone knows that it’s vital not to share high-value personal information like your social security number or credit card information, but that is just a start to truly protecting your identity. There are multiple ways that bad actors take advantage of people in order to break into their accounts. Stealing your login information through a data breach is just the most visible method of attack. The most common is something most people don’t even see until after their information is compromised—social engineering. Social engineering is a broad term for a number of methods of luring people into handing over their login credentials willingly. Phishing is the most well known of these techniques, but there are many others. One thing they all have in common is the more a fraudster knows about their target, the easier it is to fool them.

That’s where things like the new trend of having Generative AI create a caricature of you based on everything it knows about you moves from being a fun exercise to a security threat. By creating one of these images and posting it on social media, you are doing fraudsters’ work for them—giving them a visual representation of who you are. This is literally the modern version of the “40 things about me” posts that used to be popular on social channels, creating a quick access, public record of who you are so people with bad intentions can exploit it. The fact that it explicitly prompts AI to include everything it knows about you makes it sound like it was intentionally started by a fraudster looking to make their job easy. It not only tells them a lot about the person, but it tells them which people have a lot of accessible information and which don’t. Until all businesses move away from passwords and other knowledge based forms of authentication, people will need to remain vigilant about what information about them is publicly available.

Of course, the argument against giving your image to Generative AI also stands. Unless you know, for certain, what will be done with that image outside of providing the requested output, you are at risk of your image being used for anything from training AI image generators to populating less-than-legal tracking software. Sharing personal information, including your image, with AI should only be done when you know and trust the organization making the request.”

Leave a comment »

Finosec Named ICBA Preferred Service Provider for Cybersecurity Governance

Posted in Commentary with tags on February 11, 2026 by itnerd

The Independent Community Bankers of America (ICBA) today named Finosec, a cybersecurity governance SaaS company, as its newest preferred service provider. Finosec specializes in governance tools for infosec, vendor management and cybersecurity risk assessment, helping community banks enhance exam preparedness.

Finosec’s automated workflows help community banks manage repeatable tasks such as control reviews, policy updates, vulnerability tracking, and committee reporting. The platform also allows bankers to assign responsibilities, track completion, and identify potential gaps ahead of scheduled exams.

Finosec is the fifth ICBA ThinkTECH Accelerator alum to become an ICBA Preferred Service Provider.

Leave a comment »

Love, Fandom, and Hackers: The Romantic Passwords Cybercriminals Can’t Resist

Posted in Commentary with tags on February 11, 2026 by itnerd

New research from Specops Software shows that love-themed passwords are still extremely common, despite years of warnings from security experts. In fact, across a database of breached and compromised passwords, the word “love” appeared more than 4.7 million times — making it one of the most predictable (and hackable) choices users continue to rely on.

Additionally, terms from classic literature such as Wuthering Heights and from popular romance-themed TV shows like Heated Rivalry, are frequently appearing, suggesting that people often choose passwords based on beloved characters, themes, and fandom referenced. 

The top 5 romance pop-culture breached passwords right now are: 

  1. ilya – 233,702
  2. shane – 105,429 
  3. hockey – 67,658 
  4. boston – 34,886 
  5. catherine – 25,143 

This may seem like a harmless trend at first glance but predictable passwords are always a prblem because they are easier to breach in attacks. When users create romantic passwords based on love, names, pop culture, or seasonal events, they reduce the overall number of guesses an attacker needs.

The full details of this analysis can be found here: https://specopssoft.com/blog/romantic-passwords-cybercriminals-love/

Leave a comment »

Hacker reveals 6.8 billion emails online and warns victims “your data is public”

Posted in Commentary with tags on February 11, 2026 by itnerd

A user of a popular data leak forum posted a database, claiming it contains 6.8 billion unique email addresses collected from various data sources online. The user claims to have spent several months digging through various online sources, containing often illegally obtained data.

“Two years ago, I obtained more than 3.3 billion unique email addresses. After a long break, I started this again and spent about 2 months extracting emails from various combos, ULP collections, logs, and databases and extracted 6,839,584,670 unique email addresses,” the post’s author, going by the moniker Adkka72424, said.

The Cybernews research team investigated the 150GB-strong dataset and here’s what they found:

  • The dataset did include over 6.8 billion lines of information, exactly as the posts’ author said.
  • However, our team noted numerous invalid email addresses, which makes the database a lot more difficult to use for amateur attackers. For one, the database requires time and effort to fix and make usable for large scale attacks.
  • The team believes that after eliminating unusable emails and removing duplicates the actual number of email addresses included in the database could be significantly smaller, hovering 3 billion unique emails.

While over twice as small as initially intended, several billion email addresses in a single database is still a massive number of ready-to-use targets for cybercriminals.

For more information, here’s the full report: https://cybernews.com/security/massive-email-database-leak-billions-records/ 

Leave a comment »

The privacy costs of dating on your phone: 100+ dating apps analyzed

Posted in Commentary on February 11, 2026 by itnerd

Comparitech researchers published an in-depth study examining the data privacy practices of more than 100 popular dating apps. With an estimated 350 million people worldwide using dating platforms, the findings raise serious questions about how much personal data users are asked to give up in search of love. 

By analyzing each app’s Android manifest, the researchers found that dating apps request an average of just over 30 permissions at download, nearly eight of which are classified by Android as high-risk or “dangerous.”

Key findings include: 

  • The average app requests access to just over 30 permissions in total, 8 of which are classed as high-level/”dangerous”
  • The most common dangerous permissions are ones that request access to the device’s camera, access location data (precise geolocation data or approximate location based on cell tower or Wi-Fi data), read and write to external storage (data outside of the app, e.g. stored on the device), and record audio
  • 24% of apps (24 apps out of 102) potentially violate Google’s privacy policy standards
  • The most common omission from privacy policies was the data retention period (not provided by 15 apps), followed by a clear policy on how users can delete their data (omitted, restricted, or unclearly defined by 11 apps)
  • The average app comes with 8.7 trackers with one app (Zoosk) using 28
  • These apps have been downloaded over 1.2 billion times in total (based on each app’s download figure listed on Google Play)

For full details on the data privacy of these dating apps, the research can be read here: https://www.comparitech.com/news/the-privacy-costs-of-dating-on-your-phone-100-dating-apps-analyzed/

Leave a comment »

Kyndryl unveils Agentic AI workflow governance

Posted in Commentary with tags on February 11, 2026 by itnerd

Kyndryl today announced an innovative capability for creating policy-governed agentic AI workflows to enable enterprises to scale agentic AI across complex and highly regulated environments. Kyndryl’s policy as code capability translates customers’ organizational rules, regulatory requirements and operational controls into machine‑readable policies that govern how agentic AI workflows execute, to support consistent, auditable and trustworthy outcomes.

Customers want to reap the benefits of integrating agentic AI into their operations, but security, compliance and control challenges inhibit trusted deployment of AI agents. In fact, 31% of customers cite regulatory or compliance concerns as a primary barrier limiting their organization’s ability to scale recent technology investments.

Kyndryl’s policy as code capability addresses these concerns by defining operational boundaries and designing agents actions to remain explainable, reviewable and aligned with the customer-defined business and regulatory requirements. This combination also helps reduce costs, accelerate decision-making, eliminate errors and power AI-native workflows within defined policy guardrails.

Policy as code is a critical element of the Kyndryl Agentic AI Framework, providing a logical enforcement layer that dynamically governs how AI agents execute, interact and operate across systems. Kyndryl’s approach to codifying compliance into enterprise workflows is strengthened by insights drawn from decades of operating complex enterprise environments and the nearly 190 million automations the company manages every month for these mission-critical systems. These operational foundations enable more reliable governance, improve agent explainability and reduce unexpected behaviors in production environments.

Embedding policy-governed agent workflows into business operations

Kyndryl policy as code enables governance of agentic workflows and is bolstered via differentiated capabilities, including:

  • Deterministic execution – Agents only execute actions permitted and enforced by pre-defined policies, reducing operational risk.
  • Eliminates hallucination impact – Guardrails block unpredictable or unauthorized actions along the workflow, eliminating operational impact of agentic hallucinations.
  • Audit-by-design transparency – Each agent action and decision is logged and explainable, supporting compliance and oversight.
  • Human supervision – Agents execute tasks aligned with established and testable policies that are observed via a dashboard to support consistent actions and decisions.

Kyndryl’s structured approach to managing agentic workflow execution supports controlled and safe deployment of policy-constrained autonomous agents in sectors such as financial operations, public services, supply chains and other mission-critical domains where reliability and predictability are essential.

Learn more by connecting with a Kyndryl Consult expert to design, implement and operate agentic AI solutions governed by the company’s enterprise-grade policies, oversight and compliance controls.

Leave a comment »

Adyen Launches ‘Personalize’ to Tailor Checkout Experiences in Real-Time

Posted in Commentary with tags on February 11, 2026 by itnerd

Adyen today announced the launch of Personalize, a new product within its Adyen Uplift payment optimization suite. Personalize allows businesses to adjust their checkout pages in real-time based on individual shopper preferences, making it easier for customers to pay while reducing processing costs for the merchant.

The addition of Personalize builds on the overall success of Adyen Uplift, which launched in January 2025. In its first year, Adyen Uplift helped businesses lower payment costs by 9.4% on eligible traffic while reducing false positives (blocking legitimate transactions) by 42% on average. Additionally the 6,500+ businesses that are using Adyen Uplift saw an average increase of 1.19% in payment conversion rates above standard industry baselines, reaching up to 6% for some customers. These results stem from optimized routing and the prevention of unnecessary blocks triggered by inefficient risk configurations. The new Personalize product goes a step further, focusing on the early customer journey, routing shoppers to optimal payment methods to maximize both merchant savings and conversion rates.

Addressing checkout friction

Traditional online checkouts are often rigid, showing the same payment options and security steps to every shopper regardless of their history or preferences. This lack of flexibility is a leading cause of lost sales, with Adyen’s research showing that 37% of shoppers abandon a purchase if the process takes too long. Additionally, 72% of businesses report that high transaction fees continue to put significant pressure on their profit margins.

Personalize addresses these challenges by adding a Dynamic Identification layer to the checkout experience. By leveraging insights from trillions of dollars in transaction data and Adyen’s global banking infrastructure, businesses can now recognize shoppers and adapt the payment experience before they click ‘pay.’ This allows businesses to automatically order payment methods based on what a specific customer is most likely to use, creating a faster, more user-friendly experience that reduces abandoned carts.

Improving efficiency and security

Beyond speed, Personalize improves margins and security by highlighting cost-effective payment methods and identifying risk signals before a payment is even attempted. These optimizations, supported by detailed reporting, A/B testing capabilities, and configurable UI components, allow merchants to pinpoint friction and validate performance in real-time. As a result, early data shows businesses can improve conversion rates by up to 6% and lower transaction costs by up to 3%.

Turning payments into a strategic advantage

Results from initial pilots demonstrate how Personalize helps businesses manage transaction costs while improving the shopper experience. Hospitality tech platform, Tebi, saw a 4.26% saving alongside a 0.8% lift in checkout conversions. These results show that real-time checkout customization can protect margins without adding friction to the customer journey.

The Personalize module is available now to Adyen customers as part of Adyen Uplift. For more information, read here.

Leave a comment »

Hisense Designated World’s First Customer Centricity Lighthouse in TV Industry by World Economic Forum

Posted in Commentary with tags on February 11, 2026 by itnerd

Hisense announced that the Hisense Visual Technology Qingdao Factory in China has been recognized by the World Economic Forum (WEF) as a Customer Centricity Lighthouse, becoming the first and only such factory in the global television industry.

The designation was announced as part of the WEF’s Global Lighthouse Network, which recognizes industrial sites applying advanced digital technologies to improve customer value, speed-to-market and operational performance. The Customer Centricity Lighthouse designation represents a key milestone in Hisense’s human-centric digital transformation and intelligent manufacturing strategy.

Operating in a mature and highly competitive global TV market, the Hisense Visual Technology Qingdao Factory faced rapidly evolving consumer demand and increasing cost pressure. In response, the site undertook a comprehensive digital transformation, embedding artificial intelligence, big data, industrial simulation and large-scale virtual reality (VR) across new product R&D and manufacturing. As a result, the factory achieved a Net Promoter Score (NPS) of 84 per cent, reduced R&D cycles by 34 per cent, lowered material costs by 18 per cent and shortened new employee training time by 60 per cent. The cycle from capturing customer needs to translating them into product functions was reduced by 62 per cent, while production efficiency for 85-inch TVs improved to a 20-second manufacturing cycle.

This marks Hisense’s third Lighthouse designation within the WEF Global Lighthouse Network. Previously, Hisense Hitachi’s Huangdao factory was recognized as the world’s first Sustainability Lighthouse in the VRF sector and the industry’s only dual Lighthouse factory, underscoring Hisense’s leadership in AI-enabled sustainable manufacturing.

For more information, please visit hisense-canada.com

Leave a comment »

« Older Entries