Archive for March, 2026

« Older Entries
Newer Entries »

Secure.com Speaks To Reducing Open Source Dependency Risks

Posted in Commentary with tags on March 10, 2026 by itnerd

Today, Uzair Gadit, Founder & CEO of Dubai-based Secure.com ( https://www.secure.com/ ), published new analysis: “Open Source Dependency Risk Management,” which begins with the reminder that most apps today run on open source code, and 84% of those codebases carry at least one known security vulnerability.

He discusses why open source dependency risk management is important to SMBs, MSSPs and enterprises alike, noting that:

  • Scale makes manual tracking impossible,
  • Attackers know developers trust open source, 
  • Regulatory pressure is rising,
  • Unfixed vulnerabilities compound over time, and
  • License misuse can cost millions. 

In addition to examining some common risks of O/S dependencies, such as security vulnerabilities,  malware injections, transitive dependencies and unmaintained code, the analysis offers specific risk reduction recommendations.

These include enforcing a quality gate on coding, and effective tracking to measure open dependency risks over time, as well as their severity and the organization’s resolution speed.

The recommendations are timely, given that Sam Sabin of Axios reported today that volunteers “who keep open-source software running and secure are being flooded with reports from an unlikely source: autonomous AI agents… The vast majority of this software is maintained by volunteers who were already struggling to keep up with the deluge of reports about security flaws. Now, maintainers tell Axios their inboxes are being inundated by a wave of AI-written reports that lack specific details and legitimate errors.

Open Source Dependency Risk Management: Most apps today run on open source code — and 84% of those codebases carry at least one known security vulnerability:  https://www.secure.com/blog/open-source-dependency-risk-management

Leave a comment »

New SolarWinds CVE Continues Patch-Bypass Pattern

Posted in Commentary with tags on March 10, 2026 by itnerd

The CISA and NVD have published a new critical vulnerability affecting SolarWinds Web Help Desk tracked as CVE-2025-26399 which involves deserialization of untrusted data that could allow remote code execution.

What makes this vulnerability particularly notable is that it appears to be a bypass of a previous SolarWinds patch
tracked as CVE-2024-28988 which itself was a bypass of an earlier fix which was tracked as CVE-2024-28986. Security researchers are already pointing out that this creates a concerning pattern of patch bypasses tied to the same vulnerability class.

Bobby Kuzma, Director of Offensive Cyber Operations, ProCircular

“The newly disclosed CVE-2025-26399 vulnerability in SolarWinds Web Help Desk is especially troubling because it appears to be a patch bypass of a previous critical flaw — which itself was already a bypass of an earlier patch for essentially the same vulnerability class. When vulnerabilities repeatedly reappear through patch bypasses, it suggests the underlying root cause may not have been fully addressed. As security professionals sometimes joke, if developers are being forced to patch just enough to break the exploit instead of fixing the root issue, they should blink twice and we’ll send help. The humor reflects a real problem: partial fixes can leave organizations exposed to the next iteration of the same flaw.”

SolarWinds related vulnerabilities just will not seem to die. That’s bad for anyone who is responsible for defending organizations as their lives will be pretty miserable.

Leave a comment »

March Patch Tuesday Commentary From Fortra

Posted in Commentary with tags on March 10, 2026 by itnerd

By Tyler Reguly, Associate Director, Security R&D, Fortra

I’m sure that everyone will be talking about CVE-2026-26118 today. After all, it contains those magical three letters MCP – Must Create Panic! The old adage has changed a little these days to become, “AI sells,”, so that’s what everyone needs to talk about. The reality is that there’s an update available, this was never publicly disclosed, and Microsoft lists exploitation as less likely. So, instead of trying to create panic, I’m going to keep a level head and say that this is a great reminder for all CSOs to make sure they know how AI is being used within their organization. Instead of worrying about a single CVE that we don’t really need to talk about, look at your organizations AI policy, look at your tooling, and look at how your data is flowing. If you know that, you’re fine. If not, shadow AI might be the actual reason that you need to panic and that’s not a Patch Tuesday thing, that’s just an everyday thing.

Let’s agree to call this the month of no 0-days. I’m sure some people will try to call the two publicly disclosed vulnerabilities 0-days, but they’re wrong… and let’s just leave it at that. Instead, let’s talk about how even the publicly disclosed vulnerabilities are pretty much nothingburgers this month. We have CVE-2026-21262, which is a privilege escalation in SQL Server, but you have to already be an authenticated SQL user to exploit this. The other, CVE-2026-26127, is a .NET denial of service. Neither of these are very important. Neither of them should stress anybody out.

In total this month, we have 83 Microsoft CVEs and 10 non-Microsoft CVEs and I don’t see a lot of reasons for people to stress. The only CVE above an 8.8 is CVE-2026-21536, a 9.8 in Microsoft Devices Pricing Program, a vulnerability that is marked as no customer action required because it is already updated. The messaging this month should be, “Apply your patches after you finish your testing cycles.” There’s nothing that requires rushing patches, nothing that requires panic… this is just a nice, quiet Patch Tuesday (and I definitely won’t regret using the Q-word).

The only thing that people may want to pay close attention to is the Azure vulnerabilities. As I’ve mentioned before, the cloud ecosystem doesn’t really handle patching well… it’s a relatively immature process and the way that Microsoft handles these products really demonstrates that. The CVE impacting Azure Linux Virtual Machines (CVE-2026-23665) or the multiple CVEs impacting Azure IoT Explorer require pretty non-standard patching mechanisms and those may require a little additional effort from IT teams. CSOs should ensure that they have solid asset inventories around the deployment of cloud related systems and tools, so that admins know where these things exist and when they need to be fixed. This is the best way to empower your sys admins and security teams on a quiet month like this.

Leave a comment »

ESET Research: One of Russia’s most notorious groups, Sednit, resurges with spyware in Ukraine

Posted in Commentary with tags on March 10, 2026 by itnerd

ESET researchers recently traced the reactivation of Sednit through their modern toolkit, which is centered on two paired implants, BeardShell and Covenant, each using a different cloud provider for resilience. This dual‑implant approach enabled long‑term surveillance of Ukrainian military personnel and has been in use since April 2024. In 2016, the US Department of Justice linked the Sednit group to Unit 26165 of the GRU, a Russian Federation intelligence agency within the Main Intelligence Directorate of the Russian military.

ESET’s account of modern Sednit activities begins with SlimAgent, an espionage implant discovered on a Ukrainian governmental machine by CERT-UA in April 2024. SlimAgent is a simple yet efficient spying tool capable of logging keystrokes, capturing screenshots, and collecting clipboard data. Within its telemetry ESET identified previously unknown samples with code similar to SlimAgent, which were deployed as early as 2018 – six years before the Ukrainian case – against governmental entities in two European countries. Thus, SlimAgent appears to be an evolution of the Xagent keylogger module, which has been deployed as a standalone component since at least 2018. Xagent is a custom toolset used exclusively by the Sednit group for more than six years.

SlimAgent was not the only implant found on the Ukrainian machine in 2024; BeardShell – a much more recent addition to Sednit’s custom arsenal – was deployed there as well. BeardShell is a sophisticated implant capable of executing PowerShell commands within a .NET runtime environment, while leveraging the legitimate cloud storage service Icedrive as its Command & Control channel. The shared use of a rare obfuscation technique, combined with its co-location with SlimAgent, leads ESET to assess with high confidence that BeardShell is part of Sednit’s custom arsenal.

Since the initial 2024 case, Sednit continued deploying BeardShell through 2025 and into 2026, primarily in long-term espionage operations targeting Ukrainian military personnel. To maintain persistent access to these high-value targets, Sednit systematically deploys another implant alongside BeardShell: Covenant, the final component of its modern arsenal. Covenant is an open-source .NET post exploitation framework and provides over 90 built-in tasks, supporting capabilities such as data exfiltration, target monitoring, and network pivoting.

Since 2023, Sednit developers have made a number of modifications and experiments with Covenant to establish it as their primary espionage implant, keeping BeardShell mainly as a fallback in case Covenant encounters operational issues, such as the takedown of its cloud-based infrastructure. Sednit has successfully relied on Covenant for several years, particularly against selected targets in Ukraine.

For instance, in 2025, our analysis of Sednit-controlled Covenant cloud drives revealed machines that had been monitored for more than six months. In January 2026, Sednit also deployed Covenant in a series of spearphishing campaigns exploiting the CVE 2026 21509 vulnerability, as reported by CERT UA.

The sophistication of BeardShell and the extensive modifications made to Covenant demonstrate that Sednit’s developers remain fully capable of producing advanced custom implants. Furthermore, the shared code and techniques linking these tools to their 2010-era predecessors strongly suggest continuity within the development team.

For a more detailed analysis of Sednit’s latest arsenal, check out the latest ESET Research blogpost ” Sednit reloaded: Back in the trenches ” on WeLiveSecurity.com

Leave a comment »

Salesforce Disrupts Contact Center as a Service (CCaaS) with Agentforce

Posted in Commentary with tags on March 10, 2026 by itnerd

For most enterprises, the promise of AI-driven service is currently blocked by a “middleware mess”—a patchwork of disconnected voice tools and CRM data that forces customers to repeat themselves and agents to hunt for information.

Today, Salesforce is closing this intelligence gap with the launch of Agentforce Contact Center. This is the industry’s first agentic platform to treat voice, digital channels, AI, and CRM as a single, unified nervous system built directly into the Salesforce core.

Why this is the new industry standard for the Agentic Enterprise:

  • Native, Not Bolted-On: Unlike legacy CCaaS competitors that require complex integrations, we’ve embedded native telephony and unified routing directly into the CRM.
  • One “Unified Brain”: AI and human agents operate from the same real-time customer history. When a case scales from AI to human, the handoff is seamless with full transcript context.

You can read more here: https://www.salesforce.com/news/stories/agentforce-contact-center-announcement/

Leave a comment »

Ericsson and Future Technologies Expand Collaboration to Scale Enterprise Wireless Infrastructure for Industrial AI

Posted in Commentary with tags on March 10, 2026 by itnerd

Ericsson and Future Technologies Venture, LLC today announced an expanded collaboration to accelerate deployment of enterprise wireless and private 5G networks across industrial and critical infrastructure sectors in North America.

The collaboration builds on more than 13 years of joint engagement between the companies and reflects a shared conviction: enterprise wireless is becoming a foundational layer enabling AI-driven modernization across physical industries.

As organizations deploy AI into real-world environments; from manufacturing plants and logistics networks to energy infrastructure and transportation systems, they require secure, resilient, and deterministic connectivity capable of supporting real-time data movement between connected devices, edge computing platforms, and centralized cloud systems.

Industrial environments are simultaneously experiencing rapid growth in connected devices, including sensors, cameras, autonomous systems, vehicles, and mobile workers generating operational data that powers AI-driven automation and decision-making.

This shift is creating a growing gap between AI compute capacity and the enterprise networks designed to support it. Many traditional enterprise connectivity architectures were not built to deliver the scale, reliability, and real-time performance required for modern AI-enabled operations.

To address these requirements, organizations are increasingly deploying cellular technologies, including private 5G and enterprise wireless WAN (WWAN), to provide secure, deterministic connectivity across complex operational environments.

Through the expanded collaboration, Ericsson will provide enterprise wireless and private cellular technologies while Future Technologies delivers systems integration expertise spanning strategy, architecture, deployment, and lifecycle services.

Future Technologies will serve as a systems integrator for enterprise wireless transformation initiatives, helping organizations design and deploy modern connectivity environments across sectors including energy, manufacturing, transportation, logistics, and enterprise campus environments.

Ericsson and Future Technologies have collaborated for more than 13 years across thousands of deployments throughout North America. The partnership builds on more than $150 million in cumulative joint engagement value, spanning public cellular modernization, private cellular deployments, industrial wireless WAN initiatives, and large-scale enterprise connectivity transformation programs.

The companies have already collaborated on enterprise wireless deployments supporting manufacturing environments, industrial facilities, and large-scale sports and entertainment venues where secure connectivity enables real-time operational data and advanced digital applications.

Future Technologies also operates advanced customer validation environments including its Atlanta-based Living Lab and Lab-on-Wheels mobile demonstration platform. These environments allow enterprises to test real-world connectivity architectures, validate operational use cases, and accelerate pilot-to-production deployment timelines.

As industries accelerate adoption of AI-driven operational technologies, scalable wireless infrastructure is emerging as a strategic foundation for modern industrial environments.

Leave a comment »

Terra Security Redefines Penetration Testing for the AI Era with Terra Portal & Appoints Anna Sarnek as Vice President of Business & Strategy

Posted in Commentary with tags on March 10, 2026 by itnerd

Terra Security, a pioneer in Agentic Offensive Security, today announced the launch of Terra Portal™, its agentic desktop app that serves as an execution layer for pentesters to direct and oversee AI-driven testing in live production environments. Terra Portal reduces the discovery-to-fix cycle for vulnerabilities from the industry average of nearly three months to a matter of hours without sacrificing safety or compliance. As a result, customers can now remediate critical findings well below the Cybersecurity and Infrastructure Agency’s (CISA) 15-day requirements.

Fully autonomous testing tools promise efficiency but introduce security risks and inaccuracies in production environments. Traditional pentesting tools force testers into manual workflows, limiting scalability. Terra Portal resolves this tension by enabling autonomous pentesting to scale through human-governed AI execution.

At the core of Terra Portal is a human-governed, agentic workflow featuring two distinct types of AI agents, each with different responsibilities, operating under different constraints, and governed differently by design. Ambient AI agents autonomously handle recon, code review, test case generation, reachability analysis, pentests, exploitability validation, documentation, and remediation. When complexity, risk, or organizational guardrails require expert judgment, pentesters engage with Copilot AI agents to conduct approved, controlled exploitation and reporting.

For service providers, Terra Portal enables a shift from one-off, project-based engagements to continuous, offensive security services. AI agents autonomously handle execution, while pentesters retain oversight at critical decision points. This model allows providers to support significantly more clients per tester and deliver faster turnaround times, improving customer satisfaction and retention. Governance remains intact, minimizing operational and reputation risk.

Terra Portal integrates natively with Terra’s broader agentic penetration testing platform. The platform uses a coordinated swarm of autonomous AI agents to continuously scope environments, discover attack surfaces, generate hypotheses, and validate vulnerabilities. When those agents encounter limits, the gateway allows human testers to operate within the same agentic workflow, preserving full context and dramatically increasing efficiency.

Early access to Terra Portal is available now. 

The company also announced today the appointment of Anna Sarnek as Vice President of Business & Strategy. Sarnek has served as a strategic advisor to Terra over the past year, helping shape the company’s strategic direction, growth trajectory, and ongoing partnership with Amazon Web Services (AWS).

Sarnek brings more than 15 years of experience spanning cybersecurity, enterprise IT, and cloud partnerships. A trusted advisor to the security community, she most recently led Cyber Startup and Venture Capital Business Development at AWS, where she managed key cyber investor and priority founder relationships to help early and growth-stage companies build strong foundations for scale. With this background, Anna is well-positioned to bridge the gap between Terra and its stakeholders, ensuring the company’s strategies remain closely aligned with evolving market demands and industry trends.

As Vice President of Business & Strategy, Sarnek will complement Terra’s organic momentum by focusing on product innovation, growth strategy, and industry partnerships, leveraging technology companies, the channel, MSSPs, and consulting firms. Drawing on her background in consulting and strategic business development, she will orchestrate alignment across Terra’s business units and partners, ensuring platform strategy, partner feedback, go-to-market execution, and long-term growth move forward in lockstep.

Terra’s approach reflects a broader belief that modern security outcomes require alignment across people, process, and technology. By investing early in trusted ecosystem relationships, from hyperscalers to leading consulting and red teaming firms, Terra is establishing a foundation for comprehensive solutions that resonate with CISOs, executive decision-makers, and frontline practitioners.

Leave a comment »

SIOS Technology Earns Multiple Industry Honors 

Posted in Commentary with tags on March 10, 2026 by itnerd

SIOS Technology Corp.today announced it has received three prestigious industry recognitions highlighting executive leadership, customer success excellence, and outstanding support performance.

Masahiro Arai, Chief Operating Officer of SIOS Technology, has been named to the South Carolina 500 by the SC Biz News. The South Carolina 500 honors the most influential business leaders across the state, recognizing executives who drive economic growth, innovation, and community impact. Arai’s inclusion reflects his leadership in expanding SIOS’ global presence and advancing its high availability solutions to support mission-critical enterprise environments.

In addition, SIOS Technology’s Vice President of Customer Success, Cassius Rhue, has been named a Silver Stevie® Award winner in the Customer Service Leader of the Year Individual category in the 2025 Stevie Awards for Sales & Customer Service. The Stevie Awards for Sales & Customer Service recognize outstanding achievements by contact centers, customer service, business development, and sales professionals worldwide. Rhue was honored for his leadership in building a high-performing customer success organization focused on proactive engagement, rapid response, and measurable customer outcomes.

Further underscoring the company’s commitment to customer excellence, SIOS Technology was named a Silver winner for Support Department of the Year in the 2025 Best in Biz Awards. The Best in Biz Awards recognize companies, teams, and executives for outstanding performance and innovation across industries. The Support Department of the Year award acknowledges SIOS’ dedication to delivering responsive, expert-level support that ensures customers maintain continuous uptime for their critical applications and databases.

SIOS Technology provides high availability and disaster recovery solutions that protect mission-critical applications in physical, virtual, cloud, and hybrid environments. By combining application-aware intelligence with expert customer engagement, SIOS helps enterprises minimize downtime, reduce operational risk, and maintain business continuity in increasingly complex IT landscapes. With these latest recognitions, SIOS continues to demonstrate leadership not only in technology innovation, but also in customer-centric execution and operational excellence.

Leave a comment »

Hammerspace and Secuvy Partner to Make At-Scale Data AI-Ready, Fast and Safe, Across On-Premises and Cloud

Posted in Commentary with tags on March 10, 2026 by itnerd

Hammerspace, the high-performance data platform for AI anywhere, today announced a partnership with Secuvy to deliver a “Data-First” approach that turns raw data into secure AI outcomes. Together, the companies unify distributed unstructured data into a global namespace and continuously discover, classify, catalog, and control it across on-premises and cloud. 

Enterprise AI is hitting a hard wall, not just with compute demands, but also due to data sprawl and rising costs with no proven ROI. Unstructured data is fragmented across edge sites, legacy NAS systems, high-performance file systems, object stores and multiple clouds, often governed inconsistently. AI pipelines amplify risk by pulling from large, diverse datasets that may include confidential information. Without continuous discovery and classification, organizations risk exposing sensitive data in AI pipelines, losing track of what was used, and missing high-value insights. 

Together, Hammerspace and Secuvy keep data continuously AI-ready as it changes, so governance and access controls stay current from PoC to production.

  • Hammerspace provides the performance and orchestration layer so AI pipelines can reach distributed file and object data in place and move only what’s needed to the right compute at the right time.
     
  • Secuvy adds the intelligence layer, continuously identifying sensitive data and associated risks so privacy and governance controls can be applied consistently across hybrid and multi-cloud environments.

mage: The Integration of Hammerspace and Secuvy: A Data-First Model that Makes Data AI-Ready

Benefits of Hammerspace and Secuvy Partnership

Hammerspace and Secuvy enable a true Data-First model that makes data AI-ready. The integrated platform understands what the data is, where it lives, and the risk it carries, then controls how it’s used and where it can move, without forcing enterprises to rearchitect projects. Copying data drives up costs and increases risk: when data is duplicated across systems, governance breaks down and auditing, tracking, and securing it becomes difficult, allowing sensitive data to slip into AI pipelines without clear lineage or policy enforcement.

With the Hammerspace + Secuvy “Data-First” integration, organizations can make data AI-ready and enable:
 

  • One Global View – Unify distributed unstructured data into a global namespace across edge, on-premises, and multi-cloud
  • Sensitive Data Visibility – Continuously discover and classify sensitive data (PII/PHI/financial/IP) across file and object stores before it enters AI pipelines
  • Policy-Controlled Access – Catalog and control data in place using policies based on data attributes and risk
  • Continuous Compliance – Maintain consistent security and audit controls as data moves across sites and clouds—without copy-first silos
  • Just-In-Time Data – Move only what’s needed, when it’s needed, with intent-based data movement to compute
  • Use What You Have – Leverage existing storage as the foundation and free data to be processed wherever GPUs are available


Learn More:

Leave a comment »

Attackers weaponizing VS Code and Cursor tasks to silently infect developer systems

Posted in Commentary with tags on March 9, 2026 by itnerd

Researchers from Abstracts ASTRO research team have uncovered new developments in the evolving “Contagious Interview” campaign, showing how attackers are increasingly abusing developer tools—including Visual Studio Code and the AI coding editor Cursor AI Code Editor—to silently execute malware on developer machines. Here is the blog post: Contagious Interview: Evolution of VS Code and Cursor Tasks Infection Chains Part 2.

ASTRO analysts detail how attackers are embedding malicious commands into IDE task configuration files. When a developer opens a cloned repository and approves the standard workspace trust prompt, the tasks execute automatically which triggers multi-stage infection chains without requiring the victim to run code manually.

Key findings from the research include:

  • New payload staging infrastructure: Attackers are shifting from previously exposed hosting platforms to GitHub Gists, URL shorteners, and Google Drive to stage malicious scripts and payloads.
  • Developer-focused social engineering: Malicious repositories disguised as interview projects or legitimate development tools execute automatically when opened in an IDE.
  • Multi-stage infection chains: Initial task execution downloads additional loaders and can ultimately deploy infostealers or backdoors targeting browser credentials, crypto wallets, and system data.
  • Evasion tactics: Some payloads are hidden off-screen in configuration files or masquerade as legitimate GPU or driver tooling to avoid detection.

The report also outlines detection opportunities for security teams, including monitoring IDE-spawned shell commands, suspicious use of URL shorteners in configuration files, and unusual process chains involving Node.js and Python runtimes.

Given the growing use of AI-assisted development environments and the trust developers place in their toolchains, researchers warn this technique could become a major new software supply-chain attack vector.

The first blog post about Contagious Interview is here:: https://www.abstract.security/blog/contagious-interview-evolution-of-vscode-and-cursor-tasks-infection-chains.

Leave a comment »

« Older Entries
Newer Entries »