Archive for May 20, 2026

Averlon Launches Precog to Stop Exploitable Risk Before It Reaches Production

Posted in Commentary with tags on May 20, 2026 by itnerd

Averlon today announced Precog, a predictive remediation capability that identifies exploitable risk in proposed code and infrastructure changes and delivers the fix to developers before the change reaches production. Precog addresses a widening gap: AI is accelerating both code delivery and vulnerability discovery, and security teams can no longer manage risk only after it lands in production.

The need for this shift is becoming urgent. Google Cloud’s Mandiant M-Trends 2026 report found that mean time to exploit collapsed from 63 days in 2018 to an estimated minus seven days in 2025, meaning exploitation now often begins before a patch is available. New frontier models such as Claude Mythos and GPT-5.5-Cyber are making it increasingly clear that AI will compress the time required to discover, validate, and exploit vulnerabilities. The result is a widening gap between the speed at which risk is discovered and exploited, and the speed at which security teams can triage and fix it.

The industry is converging on a new operating model: Remediation Operations, or RemOps. The premise is simple: finding risk and closing risk are different problems. Security teams do not need more alerts; they need a way to understand what is truly exploitable, prioritize by business impact, and drive safe fixes through developer workflows.

Averlon’s Remediation Operations platform addresses the full lifecycle of risk reduction: ingesting security findings, determining what is truly exploitable, prioritizing by business impact, and driving agentic remediation through developer workflows. The platform has helped customers reduce remediation time by up to 90 percent and alert noise by up to 95 percent, helping security teams move from backlogs of thousands of findings to the handful that need fixing.

With Precog, Averlon extends that model earlier in the lifecycle by preventing exploitable risk before it becomes production exposure. Unlike security scanners that flag findings based on generic severity scores, Precog evaluates whether a proposed change would actually be exploitable in the customer’s real environment, accounting for internet reachability, exposed services, and existing compensating controls. This contextual analysis means Precog surfaces the changes that genuinely create exposure, not the long tail of theoretically risky findings that wouldn’t be exploitable in production. Precog integrates into CI systems such as GitHub, evaluating proposed changes before they reach production.

When risky changes are detected, Precog identifies the issue, explains the exploitable path, and generates a remediation directly in the developer workflow. Developers receive the proposed fix at the same time they are notified of the risk, reducing friction between security review and software delivery.

Read the research and see Precog in action:

Leave a comment »

SIOS Technology Returns with Season 2 of “Don’t Fail Me Now,” Spotlighting IT Resilience in Action

Posted in Commentary with tags on May 20, 2026 by itnerd

SIOS Technology today announced the launch of Season 2 of its podcast series, Don’t Fail Me Now. Created for IT leaders, architects, and decision-makers, the podcast focuses on practical ways to reduce downtime, advance HA/DR initiatives, and support resilient, always-on systems.

Season 2 includes five weekly episodes, each 15–30 minutes long, with SIOS experts and industry guests sharing firsthand insights, best practices, and strategies for maintaining availability across complex environments. All episodes from Season 1 are also available on demand for listeners who want to catch up on earlier discussions.

Episodes will be released weekly on Spotify, YouTube, and Apple Podcasts.

Season 2 Lineup

  • Episode 1: Protecting the Protectors: High Availability for Security and Compliance Platforms – Justin Chandler, senior solutions engineer at Cimcor, Inc., explores how file integrity monitoring, compliance automation, and high availability work together to eliminate blind spots. He discusses reducing alert fatigue, enforcing secure configuration baselines, and preventing data loss during outages, as well as trends in automation, containerization, and DevSecOps.
  • Episode 2: Behind the Scenes of Award-Winning Customer Support at SIOS – Sandi Hamilton, director of product support engineering at SIOS Technology, shares insights on building and leading a global 24×7 customer support team, prioritizing critical outages, collaborating across teams, and maintaining the human element in an AI-driven world.
  • Episode 3: Why SQL Server Audits Go Wrong, and How to Prevent – Shawn M. Upchurch, founder and CEO of UpSearch, explains why traditional SQL Server audits fall short, how visibility gaps form in virtualized and hybrid environments, and what continuous governance looks like to avoid unexpected costs.
  • Episode 4: Building the Future of High Availability – Devin Haynes, product owner at SIOS Technology, discusses how the SIOS product roadmap is shaped by customer feedback, market trends, and emerging technologies such as automation and AI, and what it takes to build resilient software.
  • Episode 5: Why High Availability Matters in Video Surveillance – Chebel Bou Chebel, technology partner manager at Milestone Systems, explores how modern video management platforms are scaling, the role of partner ecosystems, and why designing for failure is essential in high-risk and regulated environments.

IT professionals can subscribe to Don’t Fail Me Now and listen on all major platforms:

Leave a comment »

Major arcade game maker leaks nearly 19 million user records, ranging from full names to unique IDs

Posted in Commentary with tags on May 20, 2026 by itnerd

On March 19th, the Cybernews team discovered three exposed servers containing data for Wahlap users. Wahlap is a China-based arcade maker, one of the largest in the world, partnering with gaming giants such as Sega, Warehouse of Games, Timezone, and others. 

Here are the key findings:

  • In total, 18.9 million records were left exposed online, covering Wahlap members’ identifiers, gaming behavior data, asset information, customer snapshots, and application logs. 
  • According to our team, the data most likely leaked via Wahlap’s WeChat mini programs. WeChat mini programs are lightweight applications that run inside the WeChat ecosystem. 
  • The exposed information can be broadly put into five index categories: Wahlap members data, members’ gaming behavior data, Wahlap asset data, consumer snapshot data, and other indices.

We have reached out to Wahlap and will update this article once we receive a reply. Several days after the discovery, the team noticed that the exposed cluster was no longer publicly accessible.

For more information, here’s the full report: https://cybernews.com/security/wahlap-arcade-game-maker-data-leak-wechat

Leave a comment »

Cybersecurity climbs the SMB agenda, as AI pressure exposes resilience gaps

Posted in Commentary with tags on May 20, 2026 by itnerd

Cybersecurity is considered one of the top strategic priorities for small and medium sized businesses (SMBs) worldwide, but many organizations remain exposed to attacks despite rising investment, according to new research commissioned by Sage, the leader in accounting, financial, HR and payroll technology for SMBs.

The study, conducted by IDC and titled SMBs in the Age of AI: Navigating cyber complexity and building resilience, based on a global survey of 2,210 SMBs, found that over half (52%) rank cybersecurity and data protection among their top business priorities for the next 12 months, second only to growth (59%) and well ahead of scaling AI adoption (33%). Six in ten SMBs (60%) also expect to increase cybersecurity spending over the same period.

Despite this momentum, many SMBs remain vulnerable to cyber-attacks, with one in two experiencing an incident or data breach in the last year. This highlights a resilience gap between SMBs prioritizing cybersecurity and the realities of how effectively it is embedded in day-to-day operations.

The findings point to three gaps holding SMBs back:

  • Security is prioritized but not embedded day-to-day: Only 13% of micro businesses and 21% of small businesses describe their cybersecurity approach as proactive, compared with 48% of medium sized organizations, leaving smaller firms more vulnerable to disruption.
  • Tools are in place but not consistently applied: Most SMBs report using baseline protections such as email security (79%), endpoint protection (67%) and regular patching and data backup (71%). Yet far fewer carry out staff training and phishing simulations (50%), train employees consistently or test incident response plans (36%), limiting the real world effectiveness of these investments when incidents occur.
  • Third party and SaaS risk is expanding faster than oversight: As SaaS platforms become central to operations, security monitoring often remains infrequent. Among micro businesses, 43% do not conduct regular or continuous monitoring of third-party vendors, creating blind spots across increasingly complex digital ecosystems.

AI accelerates pressure on already stretched security 
AI adoption is intensifying cybersecurity pressure for SMBs, with readiness lagging behind risk. Eight in ten (81%) of SMBs are not prepared or remain in the early stages of preparedness for AI-related threats, while nearly a quarter (22%) have yet to implement dedicated protections for AI applications.
 
The gap is even more pronounced among smaller firms. Among micro businesses, 84% say they are either unprepared or only at an early stage of readiness, with many lacking specific safeguards as AI use grows.

The gaps are pronounced by business size too. The research found that 63% of medium-sized businesses see AI as a business opportunity, but only 23% of small businesses and 9% of micro businesses agree. 

For SMB customers, Sage is focused on making cybersecurity more accessible by embedding security into the design of everyday software from the outset, backed by continuous testing, secure coding practices aligned to OWASP standards, and ongoing security training for engineers. Sage also works with industry bodies, partners and government initiatives, including the UK Government’s Software Security Ambassadors Scheme, to support practical, accessible cybersecurity approaches that strengthen resilience across the wider SMB ecosystem.

Methodology

IDC conducted a custom survey of 2,210 SMBs across eight geographies: Canada (300), France (330), Germany (330), Portugal (100), South Africa (150), Spain (200), United Kingdom (300), and United States (500).

Software Security Ambassadors Scheme

Sage is a participant in the UK Government’s Software Security Ambassadors Scheme, led by the Department for Science, Innovation and Technology. The initiative brings together industry leaders to champion the adoption of the Software Security Code of Practice, helping to strengthen software supply chain security and improve cyber resilience across the UK economy.

As part of the scheme, Sage works alongside government and industry partners to promote secure-by-design principles, share best practice, and support the development of practical, accessible approaches to cyber security for businesses of all sizes.

Learn more about the Software Security Ambassadors Scheme here

Learn more about Trust and Security with Sage here

Leave a comment »

8 in 10 IT professionals report their organization experienced a web-based security incident in the past year

Posted in Commentary with tags on May 20, 2026 by itnerd

NordLayer has released the Why Browser Security Can’t Wait: Web-based Threats Report 2026. The findings show that as work applications increasingly shift to the browser, attackers are shifting with them — 82% of surveyed IT professionals report their organization experienced a web-based security incident in the past year, with half describing the impact as moderate or severe.

Organizations that experienced significant-impact incidents follow distinct patterns: They more often allow bring-your-own-device (BYOD) policies (85% vs. 60% overall), have employees who primarily use their own devices (51% vs. 31%), rely more extensively on SaaS tools (56% vs. 31%), and have established fully or primarily remote work policies (35% vs. 17%).

Expectations vs. reality

Despite frequent incidents, 73% of IT professionals say their organization is well prepared — yet their own responses tell a different story. Coverage is modest and uneven: Data loss prevention (DLP) tools lead at just 53%, with other browser security controls trailing below that mark. Nearly all IT professionals report that their organizations are concerned about web-based threats (98%), and most expect escalation — 81% foresee greater sophistication and 73% anticipate more incidents over the next few years.

“There’s a clear gap between recognizing the threat and knowing how to address it,” says Buinovskis. “Concern is high, but awareness of which controls actually solve browser-specific risks is low. Much of the initial confidence most likely comes from having general security controls in place, yet they rarely adequately cover risks in the browser.”

NordLayer’s analysis of 504 unique, highest rated and most reviewed applications listed on  51 unique software categories on Gartner® Peer Insights™, a community-driven software review platform, found that 100% of the applications were browser accessible and 78.8% were browser only (Full methodology located here). Meanwhile, data analyzed by NordLayer and NordStellar, a threat exposure management platform, shows that infostealer malware harvested around 1.8 million credentials and nearly 68.8 billion cookies in 2025, peaking in November.

“Hackers don’t hack anymore, they just log in,” says Buinovskis. “Stolen cookies and credentials grant immediate access without raising alarm bells — a login looks legitimate. It’s low risk, high reward, and as reliance on web-based SaaS grows, so does the value of stolen data. Attackers will keep exploiting this until organizations secure the browser as a critical boundary.”

Practical steps to protect the browser

Buinovskis highlights three priorities for organizations looking to strengthen browser security.

1. Establish observability. Security administrators need visibility into what SaaS tools employees are using, what browser extensions are installed, and whether employees are visiting malicious or unauthorized websites. This minimizes shadow IT and reduces the risk of accidental malware downloads or data exposure.

2. Proactively block threats. Use domain name system (DNS) filtering to block access to malicious content or specific website categories like AI tools or gambling, and deploy data loss prevention (DLP) tools to restrict file uploads, downloads, and copy/paste functions — especially where employees handle personal or financial data.

3. Adopt a zero-trust approach. “Trust can’t be considered inherent — every user needs to be verified,” says Buinovskis. “Applying zero trust allows security administrators to implement network segmentation at the browser level, ensuring employees only access necessary resources and infiltrators are denied entry.”

To read the full Why Browser Security Can’t Wait: Web-based Threats Report 2026, please visit: https://nordlayer.com/browser-research-report/.

Leave a comment »

78% of Organisations Say Legacy Systems Are Their Biggest Quantum Security Risk

Posted in Commentary with tags on May 20, 2026 by itnerd

Certes has released new research highlighting a disconnect between quantum risk awareness and organizations’ ability to act on it. The Emerging PQC Imperative report reveals that 78% of organizations identify legacy systems as their greatest quantum security risk, yet most are doing little to address it. These environments remain difficult to secure and even harder to upgrade, leaving critical data increasingly exposed.

The report also found that nearly three-quarters (74%) of organizations view edge and IoT environments as a major quantum security risk, highlighting the growing exposure across distributed infrastructures. These environments are often difficult to upgrade or standardize, which can make them a critical weak point when it comes to implementing the cryptographic changes required for post-quantum readiness.

At the same time, 73% of organizations are actively evaluating the impact of “harvest now, decrypt later” attacks, recognizing that data stolen today could become a future breach once quantum capabilities mature.  While evaluation is commended, it stops short of actually protecting the data at risk. 

Despite near-universal recognition of the threat posed by quantum computing, just 11% of organizations are confident they can achieve post-quantum readiness within expected timelines, highlighting a significant execution gap as businesses struggle to move from planning to meaningful action. While awareness is high, many organizations still lack the confidence, funding, and practical path required to respond effectively.  And with legacy applications being the Achilles Heel for most companies – a weak point that can be simply rectified with the right security solutions – these statistics highlight that there is a huge gap in terms of understanding the problem at hand and actions being taken to protect critical data from exposure, and in turn helping protect businesses from massive financial, judiciary and reputational penalties.

The study independently conducted by Freeform Dynamics and commissioned by Certes, is based on responses from 200 senior IT and security leaders across the UK and US, including CISOs, CIOs, and other decision-makers from large organizations spanning sectors such as financial services, healthcare, manufacturing, and the public sector.

Other key findings from the report include:

  • Only 2% are fully confident in achieving full crypto agility – Most organizations lack the ability to adapt cryptography at scale, leaving them exposed to both current and future threats.
  • Nearly all respondents (97%) said they are not fully confident they can meet crypto agility timelines – Despite widespread awareness, confidence in delivering long-term quantum resilience remains critically low.
  • 91% cite mitigation of material business risk as a key driver – Quantum risk is now firmly viewed as a core business issue, not just a technical or security concern.
  • Just one in four (25%) have a dedicated budget to act on quantum security – Strategic intent is in place, but without funding, most initiatives are failing to progress beyond early-stage planning.

Quantum computing is widely expected to render much of today’s encryption ineffective. While timelines remain debated, regulators and standards bodies are already setting milestones, with expectations for initial quantum-safe readiness by 2030 and broader transition by 2035. At the same time, the growing threat of “harvest now, decrypt later” attacks means sensitive data is already at risk today, as adversaries collect encrypted information with the intention of decrypting it in the future.

Certes Launches v7 to Bridge the Quantum Readiness Gap

To help organizations move from awareness to action, Certes recently launched v7, a powerful extension of its Data Protection and Risk Mitigation (DPRM) platform. Designed to deliver quantum-safe data protection and crypto-segmentation for any application, over any infrastructure, anywhere, v7 marks a new era of future-proof data protection, enabling PQC today for legacy applications, hybrid cloud, AI, and the edge, while keeping data protected even when infrastructure and identities are compromised. Unlike traditional tools that demand network redesigns or application rewrites, v7 can typically be deployed in days rather than months, without requiring application refactoring or major infrastructure changes.

Centralized, per-flow policies are automatically enforced across hybrid, multi-cloud, on-premises, and edge environments, designed to deliver quantum-safe protection at scale while minimizing additional operational complexity. For organizations looking to close the execution gap, v7 delivers six strategic outcomes: faster deployment, simplified operations, stronger breach resilience, regulatory compliance, future-proof cryptography, and automated policy enforcement across distributed environments.

v7 is available as part of the Certes DPRM platform. For more information visit: https://pages.certes.ai/v7-blueprint-for-quantum

Leave a comment »

Today Is Customer Service Day

Posted in Commentary on May 20, 2026 by itnerd

Customer support has always been important, but it is now increasingly recognized as one of the most critical functions within any organization because it is often the first meaningful interaction a customer has with a brand and the moment that determines whether they stay loyal or walk away for good. At the same time, rapid advances in AI and digital technology are transforming customer support through faster response times, greater personalization, automation, and the ability to serve customers at far greater scale. As a result, customer support now sits at the center of some of the biggest trends shaping business today, including AI adoption, workforce transformation, customer expectations, operational efficiency, and digital trust.

Richard Copeland, CEO, Leaseweb USA, and Estelle Azemard, CEO, Leaseweb Canada, had this to say on this topic:

Richard Copeland, CEO, Leaseweb USA:

“Customer support isn’t just about opening tickets and waiting for answers. In today’s AI and always-on economy, support has become part of the infrastructure strategy itself. That’s one reason more organizations are moving toward hybrid cloud models and providers that offer real expertise close to where their data lives. Customers want performance and flexibility, but they also want accountability, accessibility, and people who understand their business, their region, and the regulations they operate under.

That’s why customer support has become one of the most business-critical functions inside any company – a smart company, that is. When the stakes are high, these are the people your customers rely on the most! Successful businesses recognize this… and treat support that way by recruiting top talent, investing in training, rewarding performance, and retaining experienced experts long term. Frankly, if a company still sees customer support as a cost center, they’re already behind. The business organizations that win over the next decade will combine exceptional people with technologies like voice AI to deliver faster, smarter, more responsive experiences at global scale.”

Estelle Azemard, CEO, Leaseweb Canada:

“Indeed, customer service in today’s cloud and AI economy goes far beyond uptime and response times. It means companies are under increasing pressure to control where their data physically lives, who can access it, and which country’s laws govern it. Different countries and regions have different privacy, security, and data residency requirements, so businesses can’t always just put everything into one large public cloud environment and forget about it. Customers want partners who not only understand infrastructure, but also understand the legal, operational, and regulatory realities of the regions they serve.

Ultimately, of course, from high tech to coffee and donuts, regardless of the industry, customer service and the customer experience (CX) are what drive the business forward. When problems arise, expectations are high, or loyalty is on the line, these are the people customers depend on. Not surprisingly, those organizations that invest in top talent, continuous training, and long-term expertise retention as part of their core strategy, while not taking support teams for granted, are often the strongest and most successful. It means creating real career paths, offering competitive pay, meaningful bonus structures, and title growth that reflects the value these professionals bring to the business every day.

At the end of the day, yes, technology matters, but CX still comes down to whether you can reach knowledgeable people who genuinely understand your requirements, goals, and the challenges you’re facing, and can meet and overcome them accordingly.”

Leave a comment »