Archive for March 11, 2026

CISA issues urgent directive on Cisco SD-WAN vulnerabilities that are being actively exploited 

Posted in Commentary with tags on March 11, 2026 by itnerd

There is a new urgent directive from the CISA released this morning which is Emergency Directive 26-03, warning that threat actors are actively exploiting vulnerabilities in Cisco Catalyst SD-WAN systems used across federal networks. The directive requires agencies to immediately inventory affected systems, collect forensic artifacts, apply patches, and hunt for signs of compromise. 

The vulnerabilities include CVE-2026-20127, a critical authentication bypass flaw (CVSS 10) that could allow an unauthenticated attacker to gain administrative access to SD-WAN infrastructure and potentially manipulate network configurations. 

Bobby Kuzma, Director of Offensive Operations at ProCircular had this to say:

“CISA has clear reason to believe that these vulnerabilities have been, and likely continue to be, exploited by threat actors to compromise government systems and networks. The requests for artifact collection and submission make it clear they’re working to identify the scope of the threat. While contractors and civilian organizations are not required or requested to follow similar collection steps, if you have Cisco SD-WAN appliances in your environment, this is a good time to collect artifacts and review patch statuses and logs.”

Once again it’s time to patch all the things. Though this time around, this patching exercise is pretty urgent and should be done without delay.

Leave a comment »

Equinix Unveils Distributed AI Infrastructure

Posted in Commentary with tags on March 11, 2026 by itnerd

At its inaugural AI Summit, Equinix, Inc. unveiled its Distributed AI infrastructure—a bold new approach to power the next wave of AI innovation, including agentic AI. Today’s announcement includes a new AI-ready backbone to support distributed AI deployments, a global AI Solutions Lab to test new solutions, and Fabric Intelligence to better support next-generation workloads for enterprises.

Fabric Intelligence AI-Driven Network Automation

As businesses look to deploy next-generation AI tools, such as AI agents, enterprises need to rethink their existing IT architecture. Equinix’s Distributed AI has been engineered from the ground up to support the scale, speed and complexity of modern intelligent systems—including the evolution from static models to autonomous, agentic AI capable of reasoning, acting and learning independently. Unlike traditional applications, AI is inherently distributed, with distinct infrastructure requirements for training, inferencing and data sovereignty. Meeting these needs requires a new kind of infrastructure—globally distributed, deeply interconnected and built for performance at scale. With a fully programmable, AI-optimized network linking 270+ data centers across 77 markets, Equinix is uniquely positioned to unify these environments across geographies, enabling intelligent systems to operate reliably, securely and everywhere they need to be.

Key announcements from Equinix’s inaugural AI Summit include:

Fabric Intelligence:

  • A software layer that enhances Equinix Fabric®, an on-demand global interconnection service, with real-time awareness and automation for AI and multicloud workloads.
  • Available in Q1 2026, Fabric Intelligence integrates with AI orchestration tools to automate connectivity decisions, taps into live telemetry for deep observability, and dynamically adjusts routing and segmentation to optimize performance and simplify network operations. By making the network responsive to workload demands, Fabric Intelligence helps enterprises reduce manual effort, accelerate deployment and keep pace with the scale and speed of AI.

AI Solutions Lab at Equinix Solution Validation Center® facilities: 

  • Equinix is launching a global AI Solutions Lab across 20 locations in 10 countries, giving enterprises a dynamic environment to collaborate with leading AI partners.
  • Available today, enterprises can use the AI Solutions Lab to connect to the expansive Equinix AI partner ecosystem. This collaboration can help to de-risk AI adoption, co-innovate solutions, and to move faster from idea to operational AI deployment.

Expansion of Equinix’s AI ecosystem:

  • Now one of the most comprehensive vendor-neutral AI ecosystems in the industry, with more than 2,000 partners worldwide, making next-generation AI inferencing services discoverable and actionable through the new Fabric Intelligence.
  • Providing enterprises access to cutting-edge technology, including the GroqCloud™ platform in Q1 2026, to enable direct, private access to leading-edge inference platforms without custom builds—so they can connect and scale AI services faster with enterprise-grade performance and security.

With Equinix’s Distributed AI infrastructure, enterprises will be able to support use cases like real-time decision-making for predictive maintenance in manufacturing, dynamic retail optimization and faster fraud detection in financial services. By enabling AI at the edge and across regions, Equinix helps organizations run scalable, compliant and low-latency AI workloads wherever they’re needed. These products are expected to become available in the first quarter of 2026.

Leave a comment »

Kyndryl provides Canadian enterprises with a fast, secure path to move and modernize mission-critical legacy systems on Microsoft Azure

Posted in Commentary on March 11, 2026 by itnerd

Kyndryl today announced the availability of Kyndryl Cloud Uplift, formerly Skytap, in Microsoft Canadian data center regions. This expansion provides Canadian enterprises a fast, low-risk, self-serve way to move and modernize mission-critical legacy applications on Microsoft Azure while keeping data in Canada.

While cloud has become a key driver of business agility, Canadian leaders face operational and regulatory complexity as they try to modernize without disrupting critical systems. According to the Kyndryl Readiness Report, 67% of leaders say innovation is delayed by foundational technology issues, and 81% are increasingly concerned about the geopolitical risks of storing and managing data in global cloud environments, with 60% changing cloud strategies in response.

Kyndryl Cloud Uplift addresses these realities by enabling enterprises to replicate and run IBM Power (AIX, IBM i, Linux) on Microsoft Azure without re-architecting or rewriting applications so they can reduce migration risk while maintaining performance and day‑to‑day operations. And because Kyndryl Cloud Uplift is available in Microsoft Canadian data center regions, organizations can keep data within Canada as they modernize and adopt modern cloud services and AI at their own pace.

Canada is the fifth geographic region to offer Kyndryl Cloud Uplift following the acquisition of Skytap in May 2024, reinforcing Kyndryl’s commitment to delivering locally compliant solutions with global deployment options to customers. Canada marks the fourteenth Microsoft data center region where Kyndryl Cloud Uplift is available.

Learn more about Kyndryl’s hybrid cloud services portfolio.

Leave a comment »

New Liquibase research: AI & Production Databases interact in 96.5% of organizations, governance automation lags 

Posted in Commentary with tags on March 11, 2026 by itnerd

Liquibase, the leader in Database Change Governance, today released the 2026 State of Database Change Governance Report, new research on how enterprises are managing database change as AI becomes embedded across production systems, analytics, and delivery pipelines. The report finds that AI interaction with enterprise databases is now widespread, while governance automation and consistent enforcement have not kept pace with the speed and scale of change. (The report and graphic are linked at bottom.)

For CIOs, the issue is not that AI touches production data. The issue is whether the organization can prove control at the database layer when change is frequent, environments are heterogeneous, and AI introduces new pathways for change and access. At AI scale, manual governance struggles to keep up. That is where risk compounds and then surfaces as data quality failures, audit friction, and outcomes leaders cannot explain.

Key survey findings:

  • AI interaction: 96.5% of respondents report at least one AI or LLM interaction with their production databases, including analytics and reporting, training pipelines, internal copilots, and AI-generated SQL.
  • Change velocity: 68.1% deploy database changes weekly or faster, including 10.8% deploying multiple times per day and 18.8% deploying daily.
  • AI-era risk: 64.3% cite data quality issues as a top AI-related risk, and 46.5% cite ungoverned AI-generated SQL as a key concern.
  • Estate complexity: Organizations report an average of five database and data platform types, and 29.1% manage ten or more database types.
  • Governance gap: Only 28.1% report database change governance that is standardized and consistently enforced, while 42.3% remain at Ad hoc or Emerging. Only 7.7% report fully automated governance using policy as code with real-time enforcement.
  • Audit pressure compounds the challenge. The report finds 95.3% of respondents undergo multiple compliance or database audits per year, with more than one in five facing seven or more audits annually.

The report highlights a widening operating gap. Enterprises are shipping database change continuously across diverse platforms, while governance often depends on documentation, manual review, and fragmented evidence. In an AI era, those approaches do not scale. As AI automations and AI-generated changes increase, the cost of inconsistent enforcement rises, and the blast radius of a single unmanaged change expands across downstream analytics and AI systems.

What customer behavior telemetry shows at AI scale:

Anonymized Liquibase Secure product telemetry, separate from the survey results, reveals the following.

  • Governance is the default: 99.25% of Liquibase Secure sessions run with governance enabled, a necessary baseline as AI increases the volume of proposed change.
  • Standardization enables automation: Nearly 86% of observed changelog activity is in XML and YAML, supporting machine-readable change definitions that AI-scale delivery can validate and enforce.
  • Controls must exist before CI: About 90% of sessions run outside CI, reinforcing that as AI accelerates change, governance has to shift left into the developer workflow.
  • Adoption starts with proof: Reporting is among the most exercised capabilities, reflecting early demand for audit-ready traceability as AI makes decisions harder to defend without evidence.

A practical roadmap and scorecard for CIOs

Beyond the survey findings, the report provides a staged operating model for moving from ad hoc database change to standardized, enforced, and observable governance, without slowing delivery. It also introduces a CIO-ready scorecard that pairs reliability metrics (MTTD and MTTR) with coverage metrics for automated controls, audit evidence, and AI-governed change, so leaders can measure progress and risk reduction over time.

Here’s a link to a summary of the 2026 State of Database Change Governance Report.

Leave a comment »

Flashpoint Releases 2026 Global Threat Intelligence Report

Posted in Commentary with tags on March 11, 2026 by itnerd

Flashpoint today announced the release of its 2026 Global Threat Intelligence Report (GTIR), providing security leaders from threat intelligence and vulnerability management teams to physical security professionals and the CISO’s office with a proprietary data-driven, ground-truth view of the converging threats defining today’s hybrid risk environment.

Powered by Flashpoint’s Primary Source Collection (PSC), the 2026 GTIR reveals a sharp rise in AI-related discussions, signaling a rapid shift from criminal curiosity to the active development of malicious agentic frameworks. At the same time, the mechanics of cybercrime have shifted from breaking in to logging in, as attackers leverage stolen session cookies to operate as legitimate users. As technical defenses against encryption harden, ransomware groups are pivoting to the path of least resistance: human trust and identity compromise. Meanwhile, the patching window continues to collapse, with mass exploitation of zero-day vulnerabilities occurring in as little as 24 hours after discovery.

Cybercrime Has Entered the Era of Total Convergence

Between late 2025 and early 2026, adversaries rapidly accelerated adoption of agentic AI frameworks capable of orchestrating autonomous attack chains — automating reconnaissance, phishing generation, credential testing, and infrastructure rotation all without direct human control. This dramatically lowers the cost of experimentation and increases the speed of exploitation.

The 2026 GTIR identifies four converging forces reshaping the global threat landscape:

  • Agentic AI Operationalization — Autonomous systems capable of executing
    end-to-end attack chains at machine speed, increasing both the volume and intensity of
    cybercrime
  • Identity as the Primary Exploit Vector — Billions of compromised credentials fueling
    credential-based intrusions beyond the boundaries of organizational oversight and
    control
  • Compression of the Exploitation Window — Vulnerabilities weaponized within hours
    of disclosure before organizations can understand their exposures or begin to respond
  • The Evolution of Extortion — Ransomware shifting toward identity-driven and
    insider-enabled models, enhancing its effectiveness

Together, these dynamics form a single, high-velocity threat ecosystem where automation,
identity compromise, and vulnerability exploitation reinforce one another.

AI-Related Illicit Activity Surged 1,500% in a Single Month

Flashpoint identified a 1,500% rise in AI-related illicit discussions between November and December 2025 from 362,000 mentions to more than 6 million, signaling a rapid transition from experimentation to operationalized malicious AI frameworks.

Threat actors are actively developing autonomous systems capable of scraping data, rotating infrastructure, adjusting messaging, and learning from failed attempts without continuous human oversight. These agentic systems dramatically increase iteration speed and reduce operational friction for attackers.

Identity Has Become the Primary Exploit Vector

Flashpoint observed over 11.1 million machines infected with infostealers in 2025, generating an inventory of 3.3 billion compromised credentials and cloud tokens.

As a result, the mechanics of cybercrime have shifted from “breaking in” to “logging in.” Attackers now leverage stolen session cookies, tokens, and legitimate credentials to bypass traditional security perimeters entirely, turning digital identity into the connective tissue of modern exploitation. The reality of identity data and the potential for its automation necessitate a shift in how organizations must view their attack surface. Infostealers have shown that it is no longer limited to corporate infrastructure; it now includes employee browsers, personal devices, SaaS platforms, and third-party access.

The Window Between Vulnerability Disclosure and Exploitation Is Vanishing

Vulnerability disclosures increased by 12% year-over-year, with one-third (33%) of disclosed vulnerabilities having publicly available exploit code.

Several high-impact vulnerabilities were mass exploited within hours of disclosure, compressing remediation timelines and raising the stakes for exposure management. In this environment, organizations cannot rely solely on reactive patching cycles; they must incorporate early-warning intelligence to anticipate weaponization trends.

Ransomware Is Pivoting Toward Pure-Play Identity Extortion

Ransomware incidents rose by 53% in 2025, with RaaS groups responsible for more than 87% of attacks.

Rather than relying exclusively on encryption payloads, threat actors are increasingly targeting identity and human trust by recruiting malicious insiders, abusing authorized access, and leveraging credential theft to extort organizations without deploying traditional ransomware binaries.

Who should read the 2026 GTIR?

The report is designed for CISOs, threat intelligence teams, vulnerability management leaders, fraud and risk teams, and executive decision-makers seeking a strategic view of converged cyber and hybrid threats.

Read the full report here: https://flashpoint.io/resources/report/flashpoint-global-threat-intelligence-report-2026

Leave a comment »

New HP Report Highlights SMB Print Security Gap: 57% say print security is a low priority while trusting printers by default

Posted in Commentary on March 11, 2026 by itnerd

HP today released The Workflow Wakeup report, which takes a comprehensive look at how everyday technologies, including printers, can help small businesses improve security and prepare for the future of work.

Despite growing concern among Enterprise IT leaders, print security remains one of the most overlooked weaknesses in SMB cyber defenses. A new global study of 800 IT Decision Makers and 2,400 knowledge workers shows that 57% of SMBs say print security is a low priority in cybersecurity strategies.

The findings come as print-related risk continues to rise. Separate research from Quocirca showed that 56% of SMBs have reported at least one print-related loss of data in the past year, underscoring how easily this “assumed safe” part of the IT estate can become an exposure point.

Key findings from HP’s SMB study include:

  • Policies don’t work or are bypassed: Over half (55%) of SMBs see users trying to bypass print rules or restrictions, while 60% worry existing document processes could lead to a data or privacy issue. A further 50% lack visibility into who prints what and where, while 45% are unsure if print security meets industry compliance standards.
  • Print security assumed: 66% of knowledge workers assume printers on the office network are secure, while 50% don’t think of printers as a security threat. However, 37% do worry about printing confidential information and the wrong person finding it.

Despite low prioritization, 69% of SMBs acknowledge print security needs improvement, and 65% frequently worry about the security risks outdated systems pose. Their top five printer security concerns include:

  1. Cybersecurity risks linked to connected printers
  2. Confidential documents being left at the printer
  3. Cloud vulnerabilities related to scanned documents
  4. Unauthorized access to print files or queues
  5. Misprinting, misfiling, or mishandling materials

The data also suggests these risks are addressable when organizations put the right controls in place. Of SMBs that have adopted smart printing technology, 88% say that smart printing has made their organization more secure. Respondents cite three key reasons: providing clearer visibility into printing and scanning activity across users and locations (89%), meeting compliance and security standards (86%), and enforcing smart rules and restrictions more effectively (85%).

Please visit this blog to learn more about the security findings: https://www.hp.com/us-en/newsroom/blogs/2026/security-threat-small-business-at-risk

Leave a comment »

Russia-linked hackers breach Signal and WhatsApp accounts

Posted in Commentary with tags on March 11, 2026 by itnerd

Reuters is reporting that Russia-linked hackers have breached the messaging accounts of officials, journalists, and activists using apps including Signal and WhatsApp, according to a warning issued by the Dutch government. Something that I have covered here in the past.

Authorities say the campaign involved targeted account takeovers that allowed attackers to access private communications and potentially monitor sensitive conversations. The activity highlights how threat actors can gain access to messaging platforms without breaking encryption by compromising accounts or exploiting weaknesses in how applications and devices are trusted.

Mark Mazur, Field CTO, Approov Mobile Security had this to say:

“Account takeover attacks often exploit applications’ failure, particularly messaging applications, to accurately assess the risk of tampered mobile applications and devices.

“Security teams need to treat mobile applications and the devices they run on as potential sources of threats. Cloning and modifying an app downloaded from an app store, on a rooted or jailbroken device is an increasing risk due to AI-powered reverse engineering. RASP, Attestation and cryptographically signed API messages should be used in mobile applications to minimize these risks.”

Having strict policies on the use of personal for business use, as well as using MDM products to manage apps on devices and detect jailbroken devices are some ways to keep users safe. Organizations should look at options like those to mitigate the potential threat that this scenario poses.

1 Comment »