Archive for January, 2026

« Older Entries

Top Internet Outages of 2025 Studied By Cisco ThousandEyes

Posted in Commentary with tags on January 30, 2026 by itnerd

The folks at Cisco ThousandEyes have put out a study on the Top Internet Outages of 2025. It highlights the top outages and what happened as well as what to expect going forward. It’s an interesting piece and is worth your time to read.

You can find it here: https://www.thousandeyes.com/blog/the-top-internet-outages-of-2025-analyses-and-takeaways

Leave a comment »

TELUS CEO Darren Entwistle named Distinguished Entrepreneur of the Year

Posted in Commentary with tags on January 29, 2026 by itnerd

Darren Entwistle, president and chief executive officer (CEO) of TELUS, has been named the University of Victoria (UVic) Peter B. Gustavson School of Business 2026 Distinguished Entrepreneur of the Year Award (DEYA) recipient. 

This recognition highlights exceptional entrepreneurial leadership that has reshaped an entire industry, including:

  • Entwistle is the longest-serving CEO in the global telecommunications industry, leading TELUS since 2000
  • Under his 26-year tenure, he transformed TELUS from a regional Western Canadian telephone company into a global communications and IT leader
  • TELUS now holds a brand value of $12.1 billion — making it Canada’s most valuable telecommunications brand
  • Since 2000, TELUS and its team members have contributed $1.8 billion to communities, including more than 2.5 million days of volunteer service, which is more than any other company in the world. 

For more information, please see the University of Victoria’s media release here.

Leave a comment »

Quorum Cyber’s 2026 Global Cyber Risk Outlook Reveals Cyber Crime Enters an Industrial Phase

Posted in Commentary with tags on January 29, 2026 by itnerd

Quorum Cyber today reveals the extensive, but alarming findings of its 2026 Global Cyber Risk Outlook report. AI automation and Ransomware-as-a-Service (RaaS) platforms have fundamentally altered the threat landscape, enabling nation-state actors to automate up to 90% of intrusions, and pushing vulnerability disclosures past 35,000 for the first time. Attackers abandon slow-encryption tactics, as evidenced by ransom demands in financial services exploding by 179%. Organizations face a stark reality: detection windows are shrinking, barriers to hacker entry are collapsing, and even modestly skilled criminals now wield capabilities once reserved for elite operators.

Insights from the 2026 Global Cyber Risk Outlook are derived from incidents and investigations observed across over 350 global organizations ranging in staff size from 10 to 10,000 throughout calendar year 2025. Highlighted report findings that need to reshape 2026 cyber risk considerations include: 

  • The number of newly formed ransomware groups increased by 30% in the year to October 2025 
  • Global vulnerability disclosures rose 21%, surpassing 35,000 
  • Early evidence of a nation-state group using AI agents to automate up to 90% of an intrusion 
  • Cybercriminals are increasingly shifting away from encryption toward faster, lower-cost data exfiltration attacks 
  • New white-label RaaS platforms enabling rapid launch of branded criminal operations 
  • Average ransom demands surged across multiple sectors, including 179% in financial services and 97% in manufacturing 
  • Nation-state threat actors associated with Russia, China, and Iran remain the top threats to the public sector, while North Korea-linked actors likely earned over $2 billion from cybercrime in 2025 

Industry Sector Companion Reports

In addition, the 2026 Global Cyber Risk Outlook includes companion reports focused on nine industry sectors, including energy, financial services and insurance, healthcare and pharmaceuticals, higher education, housing and construction, legal and professional services, manufacturing, public sector, and retail. Each companion report outlines sector-specific threat dynamics and practical considerations for strengthening cyber resilience. 

Quorum Cyber Teams With Microsoft

To help organizations interpret these findings and prioritize action, Quorum Cyber will host a live webinar on February 25 featuring Lesley Kipling, Chief Security Advisor at Microsoft, alongside Quorum Cyber’s Threat Intelligence leadership. The session will examine how evolving threat actor tactics intersect with modern cloud, identity, and AI-driven environments — and what security leaders should focus on to strengthen resilience heading into 2026.

The 2026 Global Cyber Risk Outlook reflects Quorum Cyber’s Microsoft-first approach to security, informed by deep visibility into cloud, identity, and AI-driven environments. Founded as a Microsoft-first security services provider, Quorum Cyber is a long-standing member of the Microsoft Intelligent Security Association (MISA) and holds all four Microsoft Security specializations: Cloud Security, Identity and Access Management, Information Protection and Governance, and Threat Protection. 

Leave a comment »

Palo Alto Networks Completes Chronosphere Acquisition

Posted in Commentary with tags on January 29, 2026 by itnerd

As enterprises increasingly rely on AI to run digital operations, protect assets, and drive growth, success depends on one critical factor: trusted, high-quality, real-time data. Palo Alto Networks® (NASDAQ: PANW), the global cybersecurity leader, today announced it has completed its acquisition of Chronosphere addressing a core challenge of the AI era: the inability to see and secure the massive data volumes running modern businesses.

Chronosphere, a Leader in the 2025 Gartner® Magic Quadrant™ for Observability Platforms,1 was purpose-built to handle this scale. While legacy tools break down in cloud-native environments, Chronosphere gives customers deep visibility across their entire digital estate. With this acquisition, Palo Alto Networks is redefining how organizations run at the speed of AI — by enabling customers to gain deep, real-time visibility into their applications, infrastructure, and AI systems — while maintaining strict control over data cost and value.

The planned integration of Palo Alto Networks Cortex® AgentiX™ with Chronosphere’s cloud-native observability platform will allow customers to apply AI agents that can now find and fix security and IT issues automatically — before they impact the customer or the bottom line. AI security without deep observability is blind; this acquisition delivers the essential context across models, prompts, users, and performance to move from manual guessing to autonomous remediation.

The Chronosphere Telemetry Pipeline remains available as a standalone solution, enabling organizations to eliminate the ‘data tax’ associated with modern security operations. By acting as an intelligent control layer, the pipeline can filter low-value noise to reduce data volumes by 30% or more and has been shown to require 20x less infrastructure than legacy alternatives. This will be key to Palo Alto Networks Cortex XSIAM® strategy, ensuring customers can scale their security posture—not their spending—as they transition to autonomous, AI-driven operations.

Leave a comment »

Black Kite Introduces ThreatTrace

Posted in Commentary with tags on January 29, 2026 by itnerd

Black Kite, the leader in third-party cyber risk management, today announced the release of ThreatTrace™, its new capability that improves threat detection using NetFlow and DNS telemetry to strengthen an organization’s visibility into third-party cyber risk. Black Kite is the first TPCRM vendor to incorporate this deep level of visibility into third-party cyber risk monitoring and ratings, enabling teams to proactively take targeted action with their vendors.

NetFlow and DNS telemetry have long been valuable data sources in the SecOps world for detecting suspicious activity and deepening cyber investigations. With the release of ThreatTrace™, risk teams can detect new IOCs and anomalies to act faster and stay ahead of third-party threats through: 

  • Stronger cyber intelligence with a new set of controls added under the IP Reputation risk category, informed by NetFlow and DNS telemetry
  • Broader IOC and anomaly detection, including botnet-related activity, reconnaissance/C2 communication, potential data exfiltration, and more
  • Greater supply chain visibility by uncovering new subdomains and connected third-party service providers.

With ThreatTrace™, TPRM teams can now proactively detect new indicators of compromise (IOCs) and anomalies, including:

  • Botnet Infection: Identifies IP addresses that have been blacklisted by multiple threat intelligence sources, indicating that an internal asset, like a server, IoT device, or workstation, is likely compromised and actively participating in malicious activity, such as spamming, DDoS attacks, or C2 operations.
  • Suspicious Outbound Activity: Detects active compromises by correlating DNS queries to high-risk domains (e.g., Tor sites, hacker forums, or C2 servers) with corresponding network traffic from the company’s IPs.
  • Active Threat Actor Targeting: Detects when known malicious IP addresses, such as botnets or C2 servers, are actively interacting with a company’s digital assets, indicating an organization is being targeted for reconnaissance or attack.
  • Traffic Baseline Deviation: Flags significant deviations from established traffic patterns, including unusual data volume spikes, connections to previously unseen high-risk IPs, and the use of abnormal ports, which are potential markers of data exfiltration.
  • Geopolitical and Service Risks: Identifies unauthorized services and suspicious data flows directed toward high-risk or sanctioned countries to detect both potential data leakage and compliance violations.

ThreatTrace™ leverages NetFlow and DNS telemetry to strengthen cyber intelligence, helping teams detect threats earlier and stay ahead of third-party cyber risk. To learn more, visit https://blackkite.com/solution-briefs/black-kite-threattrace.

Leave a comment »

Sophisticated Fraud Network Drains Canadians Bank Accounts Through Fake Government Sites

Posted in Commentary with tags on January 29, 2026 by itnerd

CloudSEK’s Global Threat Intelligence team has just uncovered a massive, evolving fraud operation targeting Canadian citizens through highly sophisticated impersonations of government services, Canada Post, and Air Canada. This isn’t your typical phishing scam – it’s a coordinated, multi-layered attack that’s exploiting the trust Canadians place in their public institutions.

Here’s what makes this urgent:

  • 70+ fake domains impersonating canada.ca traffic portals discovered on shared infrastructur
  • Threat actors are selling ready-made phishing kits on dark web forums for as little as $200-$300
  • The operation targets every major Canadian province – BC (PayBC), Ontario (ServiceOntario), Quebec, and beyond
  • Victims are losing banking credentials, credit card data, and Interac e-Transfer access
  • The “PayTool” group has evolved from simple scams to mimicking entire government payment ecosystems

What’s particularly alarming is the sophistication: victims aren’t immediately asked for payment. Instead, they are walked through a “validation phase” requesting ticket numbers or booking references – building false trust before harvesting financial data through fake payment gateways that perfectly mimic legitimate processors.

The report reveals how this Phishing-as-a-Service model is democratizing fraud, with underground forums showing threat actors actively selling Ontario driver’s license phishing kits that claim to include “14 bank pages.”

This is a story with real public safety implications. As tax season approaches and travel increases, Canadians need to know how these scams operate and how to protect themselves.

Full technical report available here: https://www.cloudsek.com/blog/pivoting-from-paytool-tracking-various-frauds-and-e-crime-targeting-canada

Leave a comment »

Android AI apps leak Google secrets the most with hundreds already breached 

Posted in Commentary with tags on January 29, 2026 by itnerd

The Cybernews research team has analyzed 1.8 million Android apps on the Google Play Store and found that most AI apps leak an average of five secrets. Analyzed apps are leaking hardcoded secrets and cloud endpoints, putting users at risk or, in some cases, even potentially allowing attackers to empty their digital wallets.

Key research takeaways:

  • 72% of analyzed Android AI apps contained at least one hardcoded secret.
  • On average, an AI app leaks 5.1 secrets, and 81.14% of the detected secrets were related to Google Cloud Project identifiers, endpoints, and API keys.
  • 68% of the hardcoded secrets pertained to Google Cloud Project Identifiers and API Keys.
  • LLM API Keys were mostly secured, with mainly low-risk LLM API Keys found hardcoded.
  • An investigation found that hundreds of AI apps had already been breached. 
  • Leaky instances of Firebase and Google Cloud Storage have already exposed over 200 million files, totaling nearly 730TB of user data.
  • Android AI apps exhibit similar dangerous tendencies to hardcoded secrets found in iOS apps, as Cybernews investigated in 2025.

Secrets already exploited

Cybernews researchers identified 285 Firebase instances missing authentication entirely, leaving them openly accessible to anyone. Collectively, these databases leaked 1.1GB of user data.

The team is sure that the instances were already compromised. In 42% of cases, the researchers found a table explicitly named “poc,” shorthand for “proof of concept.”

Google secrets were leaked the most

More than 81% of all detected secrets were related to Google Cloud projects. In total, researchers identified 197,092 unique secrets, averaging 5.1 per app, of which just 0.96 were not connected to Google.

The second most common category of embedded identifiers belonged to Facebook, primarily app IDs and client tokens, which are frequently hardcoded for analytics, login, and advertising integrations.

Please find the full Cybernews research article here.

Leave a comment »

Team Cymru’s Voice of the Cybersecurity Strategist Report Is Out

Posted in Commentary with tags on January 29, 2026 by itnerd

Team Cymru, the trusted intelligence partner to the world’s most targeted organizations, today released its Voice of Cybersecurity Strategist Report, exposing a critical disconnect between security ambition and real-world execution. Despite increased investment, many organizations still operate with limited visibility of critical external attack surfaces and active threat infrastructure, leaving blind spots where risk actually materializes. The results reveal meaningful gaps between perceived readiness and operational capability, particularly around external visibility, threat intelligence, and AI-driven security priorities.

Key findings include:

  • 50% of security practitioners say they experienced a major security breach in the past year
  • 72% of those breached say their threat hunting program played a key role in preventing or mitigating the breach
  • Only 38% report comprehensive, real-time visibility into threats beyond the network perimeter (45% report “good” visibility)
  • AI-enabled threats are the top emerging concern (22%), ahead of ransomware (20%) and cloud service vulnerabilities (17%)
  • 45% cite insufficient real-time threat intelligence as their biggest external threat intelligence gap
  • 60% allocate 20% to 40% of their threat intelligence budget to external threat intelligence and monitoring, and 32% allocate more than 40%
  • The ability to leverage AI is the top evaluation criterion for threat intelligence investments (52%)
  • AI-enhanced threat detection and response is ranked the most critical security capability (61%)

The report underscores a growing “confidence versus capability” gap across modern security infrastructures protecting critical infrastructure, government agencies, and civilian-reliant business operations.. While most respondents believe they have “good” visibility into threats beyond their perimeter, only 38% say that visibility is comprehensive and real-time. That shortfall matters more as attacks accelerate and adversaries expand beyond traditional boundaries.

At the same time, AI is reshaping both sides of the fight. AI-enabled threats ranked as the top emerging concern among respondents (22%), narrowly outpacing ransomware (20%). In response, organizations are prioritizing AI in their security strategy, with 52% naming the ability to leverage AI as their top criterion when evaluating threat intelligence investments, and 61% ranking AI-enhanced threat detection and response as the most critical capability for an effective security program. Yet the report also suggests many programs are still constrained by foundational data and integration issues, with 45% citing insufficient real-time threat intelligence as their biggest gap, and 42% pointing to challenges integrating external threat data with internal tools.

Investment and operating models are shifting toward external, technology-driven defense. 92% of respondents allocate at least 20% of their threat intelligence budget to external threat intelligence and monitoring, including 32% who allocate more than 40%. When it comes to resourcing, 44% report a mostly technology-focused approach to balancing tools and people, signaling a push toward automation, orchestration, and integrated workflows to increase team efficiency.

Measuring value is increasingly tied to proactive outcomes. The primary metric respondents use to assess external threat intelligence effectiveness is spotting threats before they affect the organization (27%), followed closely by faster threat detection (26%). When communicating to boards and executive leadership, respondents most often cite the number of incidents prevented or detected (50%) and mean time to detect and respond (50%), reflecting a focus on tangible outcomes and operational speed.

The report also highlights why progress can stall. The biggest challenge to funding threat intelligence initiatives is a focus on compliance requirements over threat-driven investments (26%), followed by competing priorities within the security program (23%) and limited executive understanding of external threats (22%). Looking ahead, the top planned strategic shift over the next 12 to 24 months is increasing the efficiency of the existing security team (45%), alongside aligning with increasing regulatory compliance (40%) and consolidating threat intelligence suppliers (39%).

Methodology

Team Cymru surveyed 121 information security, cybersecurity, and risk management leaders responsible for setting cybersecurity strategy, approving security technology investments, and managing security budgets and resources. The survey was conducted online via Pollfish using organic sampling beginning April 17, 2025 capturing perspectives across multiple industries.

To download the full Voice of the Cybersecurity Strategist report, visit here.

Leave a comment »

Canada’s Cybersecurity Moment of Truth

Posted in Commentary with tags on January 28, 2026 by itnerd

At the NKST IAM Conference in Toronto today, the Canadian Cybersecurity Network released its State of Cybersecurity in Canada 2026 report, signalling a fundamental shift in how cyber risk must be understood nationwide. The report finds that cybersecurity can no longer be viewed solely as a technical issue. It has become a core economic and national stability imperative, with digital trust now underpinning financial systems, public services, and the country’s competitiveness.

The 2026 State of Cybersecurity Report shows Canada facing rising digital risk as AI automation and interconnected systems reshape how attacks occur and how trust breaks down. Cybersecurity is no longer an IT issue. It is a leadership resilience and economic competitiveness challenge that will define how Canada protects critical systems recovers from disruption and maintains confidence in the digital age.

The 2026 findings show that Canada remains resilient, supported by strong talent, world-class research institutions, and a growing cybersecurity ecosystem. However, the report also highlights uneven maturity across the economy, particularly among small and mid-sized organizations, operational technology environments, identity verification practices, and crisis readiness. With attacks increasingly targeting trust, identity, and human decision-making rather than infrastructure alone, these gaps now represent systemic risk.

A central theme of the report is the erosion of traditional trust signals. Deepfakes, voice cloning, and AI driven social engineering now enable attackers to convincingly impersonate executives, employees, and institutions. As identity becomes the most targeted attack surface, purely technical defenses are no longer adequate. Verification must increasingly occur at the moment of action, not after harm has already occurred.

The report also shows that cyber incidents have shifted from isolated security events to full-scale business crises. Regulatory scrutiny, media exposure, and financial fallout now unfold alongside technical response efforts. Yet many organizations remain unprepared to operate under this pressure, even when formal response plans exist on paper.

Another key finding is the growing convergence of cybersecurity, insurance, and governance. Cyber insurers are emerging as active participants in prevention, shaping baseline security expectations and elevating board-level accountability. This dynamic is raising national cyber hygiene standards while exposing maturity gaps that can no longer be ignored.

Looking ahead, the report identifies agentic artificial intelligence and post quantum cryptography as defining forces in the next phase of Canada’s cyber posture. Autonomous systems are accelerating both offensive and defensive activity, compressing decision timelines beyond human response. At the same time, data harvested today may be decrypted in the future if quantum readiness lags.

The cover image of the report reflects this moment. A forward-facing Canadian moose stands alert and resolute, symbolizing a nation that is grounded, strong, and prepared to defend its systems, economy, and public trust in an increasingly contested digital environment.

Alongside the national report, the Canadian Cybersecurity Network is launching CCN Insights, a new intelligence series focused on emerging risks shaping digital trust. The first release, When AI Acts: Securing Autonomous Systems at Machine Speed, examines how autonomous AI, deepfakes, and synthetic identity are redefining enterprise risk. It is being unveiled this week at the IAM Conference.

State of Cybersecurity in Canada 2026 is designed to provide boards, executives, policymakers, and security leaders with a clear assessment of where Canada stands today, and the priority actions required to strengthen national resilience in the years ahead. Get the report here.

Leave a comment »

ServiceNow Expands Enterprise AI Footprint with Panasonic Avionics and Anthropic 

Posted in Commentary with tags on January 28, 2026 by itnerd

ServiceNow today announced an expanded relationship with Panasonic Avionics Corporation, a global leader for in-flight engagement. Panasonic Avionics will replace siloed legacy systems with ServiceNow CRM and Now Assist, integrated with Aria Billing Cloud and Tenon Marketing Automation, to modernize and unify sales, service, marketing, and billing formore than 300 airlines worldwide with real-time customer insights and AI-driven workflows. With this expansion, the ServiceNow AI Platform powers Panasonic Avionics across its enterprise, supporting IT, customer service, engineering, and HR.

The challenge: legacy systems limited real-time visibility across 300+ airlines

Panasonic Avionics has consistently been at the forefront of aviation innovation, delivering in-flight engagement services such as high-speed internet, seatback and personal-device entertainment, on-demand TV, and interactive maps. As the business grew, the company needed a single platform to replace legacy, siloed CRM and billing systems.

The solution: ServiceNow connects sales, service, and billing on a single AI-powered platform

ServiceNow CRM’s AI agents, data, and workflows connect Panasonic Avionics’ customer operations to drive better experiences while helping cut costs. ServiceNow Sales and Order Management for Telecommunications, including Logik.ai from ServiceNow’s configure-price-quote (CPQ) capabilities, replaces legacy systems to accelerate deal configuration and speed the sales process from opportunity to order fulfillment. Now Assist, ServiceNow’s native AI experience, delivers AI-powered case resolution, proactive service recommendations, and self-service automation to help Panasonic Avionics address airline customer needs faster and improve operational efficiency.

Integrations with Aria Billing Cloud via the Aria Billing Studio for ServiceNow app, along with Tenon Marketing Automation, extend ServiceNow’s ability to provide complete lead-to-cash capabilities. By unifying pricing, billing, and marketing on the ServiceNow AI Platform, Panasonic Avionics gains a real-time, end-to-end view of customers and services. This enables faster sales response, streamlined service delivery, and AI-driven insights across the business.

Building on a long-standing partnership

In 2019 Panasonic Avionics implemented ServiceNow Customer Service Management to accelerate self-service, increase productivity, and speed up issue resolution. With the added CRM and Now Assist capabilities, ServiceNow has become the foundation of Panasonic Avionics’ enterprise platform, supporting the company across IT, HR, service, and engineering with plans to deliver additional AI-powered experiences.

Leave a comment »

« Older Entries