Nexthink today announced the launch of Nexthink Spark, the world’s first personal IT agent powered by real-time DEX data.
Built on the Nexthink Infinity platform, Spark is a personalized, context-aware, fully autonomous AI agent that reaches employees and resolves IT issues before they impact work. Unlike traditional virtual agents that primarily route or log tickets, Spark is designed to fix issues at first contact.
Already in use by more than 25 of Nexthink’s most DEX-mature customers, Nexthink Spark is fundamentally reforming IT support services. Traditional approaches to IT support have failed, with ticket volumes continuing to rise, employee satisfaction stalled, and costs mounting to around 4% of global IT spend. Consequently, businesses have had to choose between overstaffing IT service teams or accepting chronic employee frustration and decreased productivity.
Nexthink Spark offers a third way forward. After a very broad early adopter program involving thousands of employees Spark achieved a 77% first contact resolution rate, more than five times the industry average of 15%. This was paired with a major reduction in lost productivity time, as Spark was able to autonomously resolved L1 issues in less than 2 minutes on average.
Key features of Nexthink Spark include:
Personalization: Leverages real-time endpoint telemetry to understand each employee’s digital journey, delivering the right resolutions through the right conversations at the right moment.
Context-aware intelligence: Uses live signals from the Nexthink Infinity platform to understand issues as they occur and apply the most relevant remediation in real time.
End-to-end automation: Executes fixes using native DEX remote actions and workflows, resolving issues autonomously without complex integrations or external orchestration.
Governance and guardrails: Built with enterprise-grade controls that allow IT teams to define policies, approve actions, and continuously train models to adapt safely to the organization.
To learn more about Nexthink Spark and how it helps organizations reduce IT support costs while improving employee productivity, visit Spark | Nexthink.
RegScale today announced its second annual State of Continuous Controls Monitoring (CCM) Report, building on last year’s landmark study with expanded insights into how organizations are adapting to rising regulatory pressure and increasing security demands.
This year’s data shows that 83% of organizations report moderate or major delays caused by manual compliance work, with 53% dedicating the equivalent of one full-time employeeexclusively to evidence collection — just one of dozens of manual GRC workflows. As security and risk frameworks multiply and regulatory expectations accelerate, teams are facing the highest operational stress levels recorded to date.
Key Findings from the 2026 Report
85% of organizations report delaying or eliminating legacy GRC activities due to resource constraints.
44% have postponed control testing and monitoring, while 33% have postponed policy updates and governance reviews with 25% citing a lack of skilled employees as a major barrier.
AI Adoption Rising, Yet Full Automation Remains Rare:
95% of organizations have implemented some level of automation in GRC.
Only 4% have achieved full end-to-end automation.
Only 28% monitor their security controls continuously in real- time, while 72% still rely on periodic assessments.
64% report significant or transformational improvement from AI adoption.
The 2026 report underscores a pivotal trend: real-time compliance and security are becoming indistinguishable requirements. Organizations that rely on manual evidence collection, fragmented data, and periodic control checks face increased exposure and higher operational costs, particularly as AI-driven threats accelerate.
Beyond workforce strain and automation maturity, the report examines board-level reporting and metrics, industry-specific compliance challenges, regulatory complexity, and how organizations are evolving governance models to support continuous assurance. Together, these insights provide a broader view of how compliance programs are being reshaped to meet rising expectations from regulators, executives, and businesses.
To explore the full findings of the 2026 State of Continuous Controls Monitoring Report, please download the full report or attend the exclusive webinar on January 27, 2026, where industry experts will share actionable guidance on strengthening compliance operations, improving automation maturity, and building a more resilient security posture.
Methodology:
The 2026 State of Continuous Controls Monitoring Report is based on a survey conducted in September and October 2025 among 253 InfoSec leaders, including CISOs, CIOs, Chief Risk Officers, and VPs and Directors of Security. Respondents were surveyed from organizations with more than 1,000 employees and across a range of industries, including financial services, healthcare, tech, retail, government, business services, manufacturing, and more.
Posted in Commentary with tags ATTOM on January 20, 2026 by itnerd
ATTOM today announced it has acquired key assets of ResiShares, including its analytics platform and proprietary technology. By combining these assets with ATTOM’s national property data, the acquisition strengthens ATTOM’s analytics and technology foundation and reinforces the company’s ongoing investment in data, analytics, and AI-driven innovation for clients across the entire real estate ecosystem.
Founded to support sophisticated investment and operating workflows, ResiShares built a scalable, modular analytics platform that integrates proprietary forecasting models, quantitative research, and advanced tooling. It was founded by industry veterans Michael Greene, Alex Villacorta, Dan Glaser, and Michael Cook, and reflects deep expertise across data science, quantitative research, and real-world asset operations.
ATTOM will evolve this technology into enterprise grade analytics products, bringing new tools and deeper insights to a broad range of clients across the real estate industry and beyond, including financial services firms, insurers, technology companies, government agencies, and data-driven enterprises.
ResiShares’ technology includes proprietary price and rent forecasts, neighborhood-level performance analytics, and advanced modeling designed to surface trends, risk, and opportunity across markets. Combined with ATTOM’s national data assets, these capabilities enable clients to apply more advanced analytics to their own use cases across industries.
By integrating these capabilities into its broader platform, ATTOM will accelerate product development and deliver expanded, AI-powered insights that support decision-making across industries and business applications.
Posted in Commentary with tags Ivo on January 20, 2026 by itnerd
Contracting has become one of the most strained workflows for in-house teams. An increasing number of contracts must be reviewed accurately, but resources are stretched thin. In addition, critical business insights are locked within contracts without easy ways to extract them. To meet this challenge, Ivo, the AI-powered contract intelligence platform that removes tedious contract review and transforms contracts into reliable business intelligence for enterprises, is today announcing a $55M Series B funding round led by existing investor Blackbird, with participation from existing and new investors Costanoa Ventures, Uncork Capital, Fika Ventures, GD1 and Icehouse Ventures.
Since its last funding round, the company has grown annual recurring revenue by 500%, increased total customers by 134 percent, and expanded adoption within the Fortune 500 by 250 percent.
The new capital will support product development and scaling as the company deepens its reach across the hundreds of organizations that already rely on Ivo, including Uber, Shopify, Atlassian, Reddit, and Canva.
Ivo is purpose-built for in-house teams that need both reviews with surgical accuracy as well as visibility into their complete contract library. The company’s AI-powered contract review solution, Ivo Review, allows users to complete reviews in a fraction of the time; customers report saving up to 75 percent of the time that manual review would demand. The product standardizes a company’s positions and precedents using playbooks built and implemented by lawyers. This means that every contract is reviewed accurately, consistently, and efficiently, critical for large and globally distributed teams.
Ivo Intelligence gives companies visibility into every single one of their agreements in seconds without having to rely on manual input or metatagging. Contracting teams can now answer business-critical questions of their contracts within minutes, rather than taking months of manual review. The system also automatically identifies connections between agreements and highlights standard legal positions, allowing contracting teams to operate with greater clarity and control.
Ivo’s long term vision is to elevate contracts into strategic assets for every business and to make the experience of working with them effortless. As the platform expands, the company aims to bring clarity, speed, and intelligence to contracting so that teams across the enterprise can operate with greater confidence and insight.
Posted in Commentary with tags Specops on January 20, 2026 by itnerd
Specops Software has published its annual Breach Password Report 2026. With credential abuse remaining one of the most reliable and scalable initial access methods available to attackers, this report dives deeply into a year’s worth of malware-stolen credentials.
The data in this research comes from the Outpost24 Threat Intelligence Team, finding that over 6 billion stolen passwords were captured during 2025. The research takes a look at which credential-stealing malware was most prolific in the year, what length passwords were most commonly compromised, as well as which base words were most often used in compromised passwords, and more.
Daily Dark web and others have been covering claims that first surfaced earlier this month that Brightspeed has been pwned. The latest news is that there are aspects of this incident that have not yet been explored in public reporting. Suzu Labs independent analysis suggests the risk profile may extend beyond a simple customer-record exposure.
Dark web monitoring shows Brightspeed customer credentials circulating in infostealer markets before the breach claims surfaced publicly.
That sequencing matters.
When credential compromise predates an alleged breach, attackers can correlate datasets in ways that accelerate fraud, phishing, and account takeover, even absent confirmed exfiltration.
There is also unexamined context around the threat actor involved. Prior activity attributed to this group shows a focus on cloud and development environments, not just consumer databases, raising questions about investigative scope and why confirmation timelines in cases like this are rarely straightforward.
Suzu Labs CEO Michael Bell offers this analysis.
Additional context examined:
The actor behind the claims has previously targeted cloud and development environments, suggesting potential exposure beyond customer records.
Infostealer-derived customer credentials linked to Brightspeed were circulating prior to the breach claims, increasing the likelihood of correlated fraud.
The timing of litigation and public pressure may be influencing disclosure pace more than investigative readiness.
Additional intelligence:
1. Crimson Collective’s Track Record: Brightspeed isn’t Crimson Collective’s first high-profile target. Dark web monitoring shows this group has also claimed:
Red Hat (October 2025): 570 GB compressed data from 28,000+ internal GitLab repositories, including Customer Engagement Reports with infrastructure designs, authentication tokens, and database connection strings
Nintendo: Production assets, developer files, and backups
Nissan: Similar repository-focused attack
This pattern matters. Crimson Collective targets cloud-hosted environments and development infrastructure, not just customer databases. If the Brightspeed claims are legitimate, the attack surface may extend beyond customer PII.
2. Infostealer Logs Already Circulating: Multiple Vidar infostealer logs containing Brightspeed customer credentials are already being sold on Russian Market and similar platforms. These logs predate the breach claims and show compromised credentials for:
Discord, Spotify, Roblox accounts
Verizon Wireless logins
Netflix, Peacock streaming services
Various gaming platforms
This creates a compounding problem where customers whose credentials were already compromised through infostealers now face potential exposure of their billing and account data from the alleged breach. Cross-referencing these datasets gives attackers a more complete picture for identity theft and account takeover.
3. Brightspeed IPs in SOCKS Proxy Lists: Brightspeed IP addresses appear in active SOCKS proxy lists being sold on dark web forums. This could indicate:
Compromised customer devices being used as proxy nodes
Broader infrastructure compromise beyond customer data
On the breach claims themselves:“Crimson Collective has a track record. They hit Red Hat’s GitLab instance in October and claimed 570 GB from 28,000 repositories. They’ve gone after Nintendo and Nissan. This group targets cloud environments and development infrastructure, not just customer databases. If the Brightspeed claims are legitimate, the exposure may go deeper than customer PII.”
On the infostealer:“The timing here is worth noting. Vidar infostealer logs containing Brightspeed customer credentials were already circulating on Russian Market before this breach was announced. Now those same customers potentially have their billing addresses and payment history exposed. Cross-reference the two datasets and you have everything needed for convincing phishing campaigns or identity theft.”
Re the class action timing: “A class action lawsuit filed three days after unverified breach claims is aggressive. Brightspeed hasn’t confirmed data exfiltration. The plaintiffs are betting the claims are legitimate, or they’re positioning early to lead the litigation if confirmation comes later. Either way, it puts pressure on Brightspeed to disclose faster than they might want to.”
Investigation challenges: “Brightspeed is in a difficult position. They can’t confirm or deny without completing forensics, but every day of silence lets the narrative build. Crimson Collective knows this. The Telegram posts and data samples are designed to create pressure. The company has to balance thorough investigation against reputational damage from appearing unresponsive.”
Broader telecom risk: “Telecom providers are high-value targets for a reason. They have billing relationships with millions of customers, which means names, addresses, payment methods, and service records all in one place. The data is valuable for fraud, and the customer base is large enough that even unverified breach claims generate headlines.”
Summary: “Crimson Collective has a track record. They hit Red Hat’s GitLab in October, claimed 570 GB from 28,000 repositories. They’ve targeted Nintendo and Nissan. This group goes after cloud environments and development infrastructure, not just customer databases. If the Brightspeed claims are legitimate, the exposure may extend beyond customer PII. The other angle: Vidar infostealer logs with Brightspeed customer credentials were already circulating before this breach was announced. Cross-reference those with billing data and you have everything needed for targeted phishing or identity theft.”
On 12-29-25 we see bright speed credentials being listed for sale. Then a little over a week later we see big breach news.
Posted in Commentary with tags Hacked on January 19, 2026 by itnerd
Nicholas Moore, of Springfield, Tennessee, plead guilty to hacking the U.S. Supreme Court’s electronic filing system and breaching the AmeriCorps U.S. federal agency and the Department of Veterans Affairs after bragging and posting victims’ info and screenshots on Instagram. Using stolen credentials, he also accessed the Supreme Court’s restricted electronic filing system at least 25 times between August and October 2023 and used the same compromised credentials to log in.
Jim Routh, Chief Trust Officer at Saviynt, commented:
“Three stakeholder groups support the current practice of two-factor authentication (ID + Password + OTP) used by the majority of enterprises:
Auditors (internal and external)- because it is well known and established, making auditing practices scalable
Regulators- there is a great deal of precedent for these controls, along with methods for testing the effectiveness in each enterprise
Threat actors- It takes less skill and effort to use a compromised credential vs. attempting to attack system vulnerabilities
“It is not clear why more enterprises don’t choose passwordless authentication methods that are available, although the cost of this change is certainly a factor to consider. However, with an average industry cost of $10.2 million for breach remediation and recovery, it seems the business case for moving to advanced authentication is practical. This eliminates the need for storing passwords and risking their compromise.
“As long as enterprises continue with current authentication methods, they will deal with the costs of recovery and remediation from the use of compromised credentials. Most threat actors don’t brag about their exploits on Instagram, but if they did, social media users would be overloaded with exploit claims.”
I have to agree. Passwordless options should be the direction that most if not all organizations go towards. It would make life so much secure.
Government-imposed internet shutdowns introduced in 2025 alone reached 2.5 billion people — about a third of the world’s 8.2 billion population, Surfshark’s annual study shows.
Key insights:
2025 began with 47 internet restrictions imposed by 22 countries.
Throughout the year, 81 new restrictions were introduced across 21 countries, 29% increase compared to 2024.
Asia continues to lead the world in internet censorship cases. The governments of 10 Asian countries imposed 56 new restrictions.
India remained the country with the most internet restrictions (24).
Social media was targeted in 21 out of 81 internet restrictions introduced in 2025, a slight increase from 18 social media restrictions in 2024.
Telegram was the most-restricted social media platform in 2025.
Posted in Commentary on January 19, 2026 by itnerd
OVHcloud today announced Backup Agent, a new managed backup solution, available for every Bare Metal customer in partnership with Veeam, the global leader in data resiliency.
In its July 2025 Market Guide for Disaster Recovery as a Service, Gartner® estimates that ‘a significant portion (70%) of organizations are poorly positioned in terms of disaster recovery (DR) capabilities, with 66% likely suffering from “mirages of overconfidence.”’.
In a digital world where data is key and risks abound, OVHcloud Backup Agent provides resiliency for customers whose backup solution is too complex or expensive, or simply not currently in place.
Backup Agent: easy-to-use encrypted and immutable backups OVHcloud Backup Agent includes a free licence based on Veeam technology for the backup agent. Harnessing Veeam’s recognized expertise in data protection, Backup Agent offers the best level of data protection. In line with our Trusted Cloud commitment, data is managed only by OVHcloud.
Accessible from the OVHcloud control panel or the OVHcloud API, Backup Agent can be set up in 10 minutes or less. Data is stored in a geographically distant site from the physical Bare Metal server. For an enhanced level of security, backups are encrypted and immutable and use OVHcloud’s Object Storage solution with a 99,9% SLA on 1-AZ.
Use cases for OVHcloud Backup Agent include restoring files or systems that were mistakenly deleted or recovery of data from ransomware or malware attacks. New features will roll-out in months to come, including agentic consumption through MCP (Model Context Protocol) facilitating access to invoicing and usage data for AI agents.
Up to 6x cheaper than the competition, all with data protection OVHcloud’s new Backup Agent benefits from compelling pricing, with no egress fees or data retrieval fees. The monthly pricing is similar to our Object Storage Standard 1-AZ offer at 0,007 Euros excl. VAT per Gigabyte with zero licensing costs attached to the software agent. On average, and compared to the competition, OVHcloud Backup Agent is up to 6x times cheaper.
OVHcloud Backup Agent is built on OVHcloud’s proven infrastructure expertise, delivered from energy-efficient data centers. Data security and protection are backed by internationally recognized standards, including ISO27001 certification, and by a strong European approach to data sovereignty, helping customers maintain control over where their data is stored and how it is accessed.
Zero-cost Backup Agent for Bare Metal OVHcloud Backup Agent is available now in all OVHcloud data centers across Europe for Bare Metal Customers.
OVHcloud Backup Agent is expected to roll out to customers in APAC and Canada during the first quarter of this year.
Suzu Labs has just published “When Grid Data Goes Dark Web” which is new research detailing the dark web posting in Jan. 2026 of 139 gigabytes of valuable data from a U.S. power infrastructure company. The data lets an adversary identify vulnerable transmission corridors, understand redundancy patterns, and/or map critical interconnection points.
The asking price? 6.5 bitcoin (~$600K US).
The seller explicitly noted the data was “suitable for infrastructure analysis, modeling, risk assessment, or specialized research.”
What the Data Contains
The breach targeted an engineering firm that provides surveying and design services to electric utilities. The stolen files include:
800+ LiDAR point cloud files mapping transmission corridors
High-resolution orthophotos of substations
MicroStation design files with line configurations
Vegetation analysis along rights-of-way
Suzu Labs CEO Michael Bell notes:
“For a utility or engineering firm, this is operational data. For an adversary, this is reconnaissance gold. The files map exactly where power lines run, how they’re configured, what vegetation threatens them, and where substations connect to the grid.
“This wasn’t a sophisticated attack on industrial control systems. It wasn’t a supply chain compromise or zero-day exploit. According to public reporting on the same threat actor, the likely access method was testing infostealer-harvested credentials against cloud file-sharing platforms.
“Someone at the company had their browser credentials stolen by commodity malware. Those credentials weren’t protected by MFA. This actor has listed data from 50+ organizations across 15 countries. Aviation. Healthcare. Government. Construction. Critical infrastructure is one target category among many. The common thread is opportunistic access via stolen credentials and absent MFA.”
Nexthink Spark Resolves 77% of IT Issues at First Contact
Posted in Commentary with tags Nexthink on January 20, 2026 by itnerdNexthink today announced the launch of Nexthink Spark, the world’s first personal IT agent powered by real-time DEX data.
Built on the Nexthink Infinity platform, Spark is a personalized, context-aware, fully autonomous AI agent that reaches employees and resolves IT issues before they impact work. Unlike traditional virtual agents that primarily route or log tickets, Spark is designed to fix issues at first contact.
Already in use by more than 25 of Nexthink’s most DEX-mature customers, Nexthink Spark is fundamentally reforming IT support services. Traditional approaches to IT support have failed, with ticket volumes continuing to rise, employee satisfaction stalled, and costs mounting to around 4% of global IT spend. Consequently, businesses have had to choose between overstaffing IT service teams or accepting chronic employee frustration and decreased productivity.
Nexthink Spark offers a third way forward. After a very broad early adopter program involving thousands of employees Spark achieved a 77% first contact resolution rate, more than five times the industry average of 15%. This was paired with a major reduction in lost productivity time, as Spark was able to autonomously resolved L1 issues in less than 2 minutes on average.
Key features of Nexthink Spark include:
To learn more about Nexthink Spark and how it helps organizations reduce IT support costs while improving employee productivity, visit Spark | Nexthink.
Leave a comment »