OpenText Cybersecurity Launches New Capabilities to Create Trusted Foundation for AI

Posted in Commentary with tags on October 29, 2025 by itnerd

 OpenText today announced new cybersecurity capabilities designed to help enterprises embed AI into everyday security work and enforce governance and compliance at scale. OpenText™ Cybersecurity unifies defenses across identity, data, applications, SecOps, and forensics, putting AI directly in the flow of work with OpenText™ Core Threat Detection and Response for behavioral analytics, OpenText™ Core Identity Foundation for advanced permission settings and access protection, and OpenText™ Application Security Aviator auto-remediation during application testing.  Along with OpenText Data Privacy and Protection for advanced encryption, these advanced new cybersecurity capabilities in CE 25.4 strengthen compliance with built-in controls (GDPR, HIPAA, PCI DSS) and ensure enterprise AI runs on security that is adaptive, governed, and trusted.

New innovations include:

  • Get AI Ready with Simplified Identity and Access for Hybrid Environments
    With OpenText Core Identity Foundation, organizations can unify identity and access across on-premises, cloud, and legacy environments without costly infrastructure overhauls. SaaS-based Zero Trust controls and enforces least-privilege access by fully managing all the edge identity stores across disparate environments as part of the Identity-as-a-Service (IDaaS) vision.
  • Put AI in Context with Secure Software Delivery Powered by AI Auto-Remediation
    Development teams can fix vulnerabilities in minutes instead of days with OpenText Application Security Aviator 25.4. Automated, validated code fixes reduce security debt and embed protection directly into DevSecOps workflow through the Fortify Command Line Interface (fcli).
  • Secure, Governed, Compliant with Proactive Threat Detection and Built-In Compliance
    OpenText Core Threat Detection and Response bring behavioral analytics into the SOC. OpenText Data Privacy and Protection is advanced encryption service that protects sensitive data at rest, in transit, and as it feeds AI. And if you’d like to gain expert help, OpenText Managed Security Services can bring Managed Extended Detection and Response (MxDR) and PCI-DSS attestation services to help security teams detect threats faster, respond in real time, and meet regulatory requirements with less operational overhead. For organizations seeking expert support, OpenText Managed Security Services can bring Managed Extended Detection and Response (MxDR) and PCI-DSS attestation services to help security teams detect threats faster, respond in real time, and meet regulatory requirements with less operational overhead.

The new capabilities are currently available with OpenText Cloud Editions 25.4.

Additional Resources

  • To explore OpenText™ Application Security Aviator 25.4 or request a personalized demo, click here.
  • For more information on OpenText™ Core Identity Function or to request a personalized demo, click here
  • To learn more about OpenText™ Managed Security Services, click here.
  • Learn more about OpenText™ Core Threat Detection and Response (TDR) here.
  • Learn more about OpenText™ Data Privacy and Protection Foundation (Voltage) here.

Leave a comment »

AI-Assisted Management Drives Latest SUSE Linux Release

Posted in Commentary with tags on October 29, 2025 by itnerd

The industry’s first enterprise Linux that integrates agentic AI is SUSE Linux Enterprise Server (SLES) 16, announces SUSE , a global leader in enterprise open source solutions.  This release provides deeper visibility, insights and automated management to streamline operations, reduce operational costs and time troubleshooting and create a faster time to market for mission critical applications. 

SLES 16 introduces agentic AI, with an implementation of the Model Context Protocol (MCP) standard. The SUSE Linux agentic AI implementation gives enterprises a secure, extensible way to connect AI models with external tools and data sources, while preserving freedom to choose and extend their preferred AI providers without lock-in. It provides a resilient and secure foundation, combining long-term lifecycle guarantees and enterprise-grade automation. 

SUSE Linux Enterprise Server (SLES) The First AI-Ready Linux for Agentic AI

SLES 16 introduces a framework for embedding intelligence directly into the OS. 

  • Integrated Agentic AI and MCP: SLES 16 implements the MCP (Model Context Protocol) standard and provides MCP host and server components, as tech preview, to seamlessly integrate AI operations. It enables AI-powered local administration through the simplified, browser-based interface Cockpit web console, the default configuration management tool for SLES 16,  and the command line, reducing operational overhead. 
  • Bridge to any LLM: The platform connects to any Large Language Model (LLM) provider.
  • Future-Ready Architecture: The SUSE linux of agentic AI implementation uses an extensible, standards-based architecture ready for the next generation of agentic AI. 

Additional Features 

  • A Predictable, Simpler and Longer Lifecycle: One of the longest support timeframes in the market, a 16 year total lifecycle,  backs the SLES 16 codestream. This makes it the first and only enterprise Linux with a support commitment that makes it post-2038 ready, guaranteeing support after that critical date without requiring disruptive upgrades. 
  • Instant Rollback:  Administrators can instantly roll back nearly any modification, from a system upgrade, a software patch, to a single configuration edit. Now enabled by default in cloud images, this provides a surgical, OS-level recovery option that is far faster and more granular than traditional VM-level snapshots.
  • Reproducible Builds: SLES 16 is the first Enterprise Linux distribution built with reproducible builds, giving customers the unprecedented ability to independently verify and even rebuild their enterprise Linux distribution from source while remaining fully supported by SUSE. This ultimate level of transparency and control, combined with Software Bills of Materials (SBOMs), is part of a development process evaluated for the highest security certifications (EAL4+) in the Linux market.
  • Reduced Skills Gap: The mainstream components in SLES 16 shrinks the skills gap when moving from other distributions. ·

Availability

SLES 16, including the SUSE Linux Agentic AI implementation, is available to all SUSE customers and partners starting today. 

Also available today, the SUSE Linux product family launches with a suite of tailored solutions to meet specific enterprise needs, ensuring there is an adapted Linux for every workload. This comprehensive launch includes:

  • SUSE Linux Enterprise Server for SAP applications 16: Available for mission-critical SAP environments, providing a secure, high-performance foundation optimized for SAP HANA and S/4HANA workloads.
  • SUSE Linux Enterprise High Availability Extension 16: Designed to ensure maximum business continuity, this extension provides automated failover and clustering to protect essential services and prevent downtime.
  • SUSE Linux Micro 6.2: Perfect for workloads needing a more resilient OS, like edge, embedded and other dispersed deployments, this resilient-by-design, transactional, and immutable OS enables an image-based mode perfect for predictable, automated DevOps at scale.

For details, please visit www.suse.com/server  and the SLES 16 blogpost.

Leave a comment »

Acronis Announces Cyber Protect Local to Deliver Unified Cyber Resilience for On-Premises and Sovereign IT/OT Environments

Posted in Commentary with tags on October 29, 2025 by itnerd

 Acronis today announced the launch of Acronis Cyber Protect Local, a solution delivering natively integrated cyber resilience for on-premises, sovereign private cloud, and air-gapped IT and operational technology (OT) environments. Designed for organizations where cloud deployment is not an option, the solution combines robust backup, rapid recovery, cybersecurity, and endpoint management in a single platform, enabling agile, resilient, and compliant IT and OT operations while reducing costs and operational complexity.

Built on Acronis’ proven cyber protection expertise, Acronis Cyber Protect Local keeps the data securely within the customer’s perimeter, ensuring full data sovereignty and regulatory compliance. The solution supports legacy systems and modern hypervisors including Windows XP, OT/ICS environments, Nutanix, Proxmox, VMware, and Hyper-V to ensure complete coverage across mixed infrastructures. Customers benefit from strong backward compatibility, one-click self-service recovery, and expanded workload portability for virtual and hyper-converged environments.

Users also gain the advantage of natively integrated endpoint security and management, including automated discovery of unmanaged devices via Device Sense™, helping reduce tooling complexity while enhancing operational efficiency. P2V, V2V, and cross-platform recovery are simplified, with no need for separate agent installations, enabling organizations to migrate workloads seamlessly while maintaining protection.

By consolidating multiple tools into a single platform, Acronis Cyber Protect Local reduces complexity and significantly improves IT professional productivity while enhancing operational efficiency and reducing the cost of ownership. AI-driven automation, anomaly detection, self-service recovery, cross-platform migration, and SIEM integration enable both IT and non-IT users to respond rapidly to threats and disruptions.

Key capabilities include:

  • Unified cyber resilience: Backup, recovery, cybersecurity, and endpoint management in a single agent and single console.
  • Data sovereignty: Keeps management and data within customer perimeter to ensure compliance.
  • Comprehensive workload support: Covers legacy OS, OT/ICS, and modern virtualization platforms for complete protection across hybrid and mixed environments.
  • AI-driven automation: Streamlines management, anomaly detection, and remediation.
  • Self-service recovery: Empowers users to recover data and systems independently, improving resilience.
  • Cross-platform agility: Enables seamless migration and recovery across diverse environments.

With Acronis Cyber Protect Local, organizations gain proactive, active, and reactive defense layers purpose-built for environments where cloud connectivity is limited or prohibited. This local-first innovation extends the reach of Acronis’ global cyber protection technology to enterprises, industrial organizations, and multi-site entities that require secure, disconnected deployment options.

To learn more about how Acronis Cyber Protect Local protects on-premise environments, visit the blog: https://www.acronis.com/en/blog/posts/built-for-control-acronis-cyber-protect-local-simplifies-sovereignty-and-compliance/

For more information about Acronis Cyber Protect Local, visit: https://www.acronis.com/en/products/cyber-protect/licensing/local

Leave a comment »

DH2i Launches Hands-On Tutorial for Building a Test Lab for SQL Server 2025 on Kubernetes Using Minikube

Posted in Commentary with tags on October 29, 2025 by itnerd

 DH2i today announced the release of a new hands-on tutorial titled, “Build a Test Lab for SQL Server 2025 on Kubernetes Using Minikube” that provides developers, database professionals, and other IT professionals with a practical, self-paced tool for experimenting, testing, and learning about Kubernetes and DH2i’s DxOperator technology.

In DH2i’s new tutorial, minikube serves as the foundation for building a personal, hands-on Kubernetes lab environment – right on the user’s own personal laptop, and in doing so, it provides:

 Accessible learning environment:

  • Users can explore Kubernetes concepts without needing access to a corporate or cloud cluster
  • It spins up a single-node Kubernetes cluster locally, so users can experiment freely without risking production systems

 Skills development & other practical applications:

  • Users naturally gain familiarity with Kubernetes fundamentals as they create clusters, deploy containers, and execute kubectl commands
  • These same skills are also directly applicable when managing enterprise-scale clusters on platforms like Amazon EKS and Azure Kubernetes Service

Tutorial Resources:

Video: https://dh2i.com/deploy-sql-server-ag-dxoperator-minikube/

Blog: https://dh2i.com/blog/build-sql-server-kubernetes-test-lab-minikube/

1 Comment »

Foxit Authorized as a CVE Numbering Authority (CNA)

Posted in Commentary with tags on October 29, 2025 by itnerd

Foxit today announced that it has been authorized as a CVE Numbering Authority (CNA) by the Common Vulnerabilities and Exposures (CVE) Program.

This designation officially authorizes Foxit to assign CVE Identifiers (IDs) and publish CVE Records for security vulnerabilities found in its products, greatly simplifying the process for coordinated disclosure and patching for its global customer base, including enterprise and government clients.

Taking Control of the Vulnerability Lifecycle

As a newly certified CNA, Foxit will directly help uphold the global standard for vulnerability detection. This status emphasizes the company’s dedication to proactive security, transparency, and compliance with strict federal and international compliance regulations.

Key Benefits of Foxit’s CNA Status:

  • Faster Response: Direct control over ID assignment significantly reduces the time between vulnerability discovery and official public notification.
  • Enhanced Transparency: The ability to issue official CVE Records provides customers and security analysts with clearer, standardized information about vulnerabilities affecting Foxit products.
  • Streamlined Collaboration: Foxit can now coordinate the disclosure process more effectively with independent security researchers, ensuring proper credit and protecting users from zero-day exploits.

Commitment to the Global Security Community

The CVE Program, sponsored by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), is a global effort to identify, define, and catalog publicly known cybersecurity vulnerabilities. Foxit joins hundreds of organizations worldwide participating in this effort.

Foxit is dedicated to fostering a more secure ecosystem and encourages security researchers to continue reporting potential vulnerabilities through its established disclosure channel at www.foxit.com/support/security.

Leave a comment »

Has HSBC USA Been Pwned?

Posted in Commentary with tags on October 29, 2025 by itnerd

Hackers allegedly breached HSBC USA and stole customers’ records, including bank account numbers and transaction details. A threat actor posted screenshots and data samples on a dark web leak forum. The alleged stolen database contains names, addresses, Social Security numbers (SSNs), dates of birth, phone numbers, email addresses, transaction histories, stock orders, and bank account numbers.

Researchers who analyzed the provided sample suggest the data may be legitimate and appear recent. HSBC has acknowledged a recent denial-of-service (DoS) attack, but the bank denies any customer data was accessed or lost.

Ignas Valančius, Head of Engineering at the cybersecurity company NordPass, comments:

“If true, this could be one of the most dangerous attacks in recent years. We have seen a lot of cyber incidents recently in the retail, aviation, and automotive industries. However, these were primarily related to ransom demands and mostly impacted breached companies. Some of them were even forced to stop their activities. In this alleged attack on HSBC USA, personal customer data could have been stolen along with financial information. Similar cases proved that from there, it’s only a small step to financial fraud — or, even worse, identity theft.”

“The data hackers allegedly obtained allow malicious actors to empty accounts, take out loans, open fraudulent accounts, file fake tax returns, or use the stolen personal information for further fraud or cyber attacks, such as spearphishing. Attackers could also attempt to use the data to impersonate legitimate institutions.”

“If we look at cold numbers only, the financial impact of this attack will likely be noticeably lower than those of some recent, widely discussed incidents, like the Jaguar Land Rover incident. However, the attack on HSBC may result in personal tragedies and cyber harassment for businesses that had used HSBC services.”

“HSBC, ranked among the biggest banks in the world, has been reducing its retail banking operations in the US and focusing on corporate clients recently. It has largely exited the U.S. mass retail banking sector. As a result, the retail data might be older than the hackers claim. Regardless, it would be prudent for all bank customers, both business and private, to change their passwords and activate multi-factor authentication (MFA) on online banking platforms and apps if they have not done so already. I would also advise to maintain heightened vigilance for phishing emails. After such attacks, phishing, spearphishing, CEO fraud, and other social engineering attacks typically increase.”

This is potentially a scary hack. This will need to be watched closely as the fallout from this could be massive.

Leave a comment »

Fortra Launches DSPM Solution to Protect Data From Endpoint to Cloud  

Posted in Commentary with tags on October 29, 2025 by itnerd

Fortra announced today the launch of its new Data Security Posture Management (DSPM) solution to enable organizations to discover, classify, and protect sensitive data across their hybrid cloud. Fortra DSPM expands the company’s comprehensive security portfolio by addressing one of the most critical challenges facing modern enterprises: maintaining visibility and control over data in increasingly complex, distributed environments. 

As organizations increasingly embrace hybrid cloud architectures, sensitive data continues to proliferate across countless shadow repositories, applications, and environments. The modern threat landscape demands that businesses not only know where their critical data resides, but also understand how it’s being accessed, used, and protected. Traditional data protection approaches fall short in today’s dynamic threat environments, creating dangerous blind spots that cybercriminals are quick to exploit. 

Fortra DSPM delivers automated data discovery across on-premises, cloud, and hybrid environments, intelligent classification of sensitive information, and continuous monitoring of data security posture. By providing real-time insights into data risks and compliance gaps, the solution enables security teams to proactively address vulnerabilities before they can be exploited.  

The DSPM solution integrates seamlessly with Fortra’s existing security portfolio, providing customers with a unified approach to protecting their infrastructure and data assets. 

 

Leave a comment »

Vanta State of Trust 2025: AI Threats Outpace Security Expertise

Posted in Commentary with tags on October 29, 2025 by itnerd

Vanta today released its third annual State of Trust Report, an in-depth analysis uncovering global trends in AI, security, compliance, and trust from a survey of 3,500 IT and business leaders across the U.S., U.K., France, Germany and Australia.

Today, 72% of organizations say the security risks for their company have never been higher—a 17 point increase from 2024 when 55% said the same. As AI-driven cyber threats proliferate, organizations admit they can’t keep up, with a majority (59%) of business and IT leaders warning that AI cyber threats are advancing faster than their security team’s expertise to deal with them. In the past year, half of all organizations reported an increase in AI-generated phishing (49%), AI-powered malware (48%), and AI-driven identity theft or fraud (47%). 

On the other hand, companies leveraging AI agents to protect against AI-cyber attacks is increasing sharply, with 8 in 10 leaders currently using AI agents or planning to this year. However, AI usage doesn’t match the understanding of the technology—particularly when it comes to agents with nearly two-thirds (65%) saying their use of agentic AI outpaces their understanding of it. 

Agentic AI adoption is high, but control is low

To combat the surge of new attack vectors, security teams are trusting agentic AI with everything from decision-making to security strategy. But a lack of governance threatens to do more harm than good:

  • 79% of leaders are currently or planning to use AI agents to protect against AI-cyber attacks
  • 61% say they trust agentic AI to override human decision-making in certain scenarios like suspending a risky browser extension or session when a policy violation is detected 
  • 71% of teams feel comfortable with agentic AI giving input on security strategy
  • But AI usage doesn’t match understanding—nearly two-thirds (65%) say their use of agentic AI outpaces their grasp of it 
  • A mere 48% have developed a framework for granting or limiting autonomy in AI systems

Security theater is getting in the way of real protection 
The security paradox of AI means that as customers demand more proof of security, many teams are spending more time proving security, rather than improving it.

While 8 in 10 believe improving security and compliance directly boosts customer trust, leaders say their organizations only spend half of what they should on security—dedicating 10% of IT budgets to security vs a 17% ideal. This amounts to 12 working weeks per year spent on compliance related tasks (vs 11 last year), and 9 working weeks per year on vendor security reviews and risk assessments (vs 7 last year).

As a result, 61% say they spend more time proving security rather than improving it, with 64% saying today’s security frameworks feel like ‘security theater’.

AI banishes cybersecurity team burnout
Amid growing compliance pressure, AI is both a relief valve and a reinvention tool. It’s helping overburdened teams do more with less, automating manual tasks and freeing up time for meaningful security work:

  • 76% of security and compliance leaders say AI and automation tools are reducing burnout and improving day-to-day productivity
  • 95% believe AI and automation have improved security team effectiveness
  • 1 in 2 say that risk assessments and incident response times are faster and more accurate with AI

Vantacon 2025: How AI is rewriting trust 

On November 19, Vanta will host VantaCon 2025: How AI is Rewriting Trust, bringing together security’s brightest minds for a half-day of keynotes and panels exploring how AI is transforming trust, risk and compliance.

Speakers including Alex Stamos, CSO at Corridor & Professor at Stanford, Former Chief of Security at Facebook; Jason Clinton, CISO, Anthropic; Jason Priest, VP, Security / CISO, 1Password; Mandy Matthew Lead Security Risk Program Manager, Duolingo and Andrew Becherer, CISO, Sublime Security. 

To learn more, visit https://www.vanta.com/vantacon

Methodology
In July 2025, quantitative research conducted by Sapio Research was commissioned by Vanta to understand the challenges and opportunities businesses are facing when it comes to security and trust management. Vanta and Sapio Research co-designed the questionnaire and surveyed the behaviors and attitudes of 3,500 business and IT leaders across the U.S., UK, France, Germany and Australia. 

For consistency with prior years’ analyses, the data presented here and in the global report reflects a subset of 2,500 respondents from the U.S., U.K., and Australia. Tracking data from the 2024 State of Trust Report has also been included, sample sizes in 2024 were 1,000 in the UK and U.S. and 500 in Australia.

Leave a comment »

Polygraf AI Closes $9.5M Funding to Scale Its Secure AI Solutions for Enterprise Defense and Intelligence

Posted in Commentary with tags on October 29, 2025 by itnerd

Polygraf AI, based in Austin, Texas, announced the closing of their $9.5M seed round led by Allegis Capital and participation from Alumni Ventures, DataPower VC, Domino Ventures and previous investors to accelerate their mission to bring clarity and trust to enterprise AI. The latest round of funding will fuel product expansion, R&D, and go-to-market efforts focused on enterprise, defense and intelligence sectors. This investment in Polygraf AI comes at a critical moment for AI and cybersecurity intersection as high-stakes environments are leaving black-box AI solutions in-search for on-prem, explainable and auditable AI tools.

Technology pioneer Yagub Rahimov, co-founder and CEO of Polygraf AI, announced the company’s new funding today at the Techcrunch Disrupt in San Francisco to an audience of investors, business leaders, startup-founders and AI innovators.

As enterprises accelerate AI adoption to automate workflows, organizations face unprecedented risks from data leakage, shadow AI operations, deepfakes, and other synthetic threats. Polygraf’s proprietary Small Language Models (SLMs) offer an innovative multi-dimensional AI Security layer, one that protects not only data, but also the integrity of decisions, communications, and content produced by AI systems. Gartner, Inc. predicts that by 2027, organizations will implement small, task-specific AI models, with usage volume at least three times more than those of general-purpose large language models (LLMs).

Over the past year, Polygraf AI has experienced rapid growth across defense, financial services, insurance and healthcare niches, where data privacy and compliance are paramount. Running on as little compute power as 8Gb Ram and 1.3 Ghz CPU, Polygraf’s locally deployed AI modules have been credited with reducing deepfake fraud attempts, exposing insider risks, and providing actionable intelligence in mission-critical environments.

Polygraf’s innovations have been recognized by major industry events and media. In 2025, Polygraf AI was named Best in Show at SXSWBest Insurtech/Fintech at Summerfest Tech, and recognized as the Top AI & Data Product by Products That Count. The company was also recently selected as one of the Top 10 Cybersecurity Startups at TechCrunch’s 2025 Battlefield 200, joining the ranks of the world’s most promising early-stage innovators

Security and compliance teams face growing regulatory pressure and a major increase in AI-driven attacks; Polygraf AI addresses these challenges with its proprietary SLM stack. These SLMs not only detect risks but also explain their decisions, support compliance audits, and align with strict data-sovereignty requirements. With this funding round, the company aims to expand their MSP (Managed Services Providers) & SI (System Integrators) base and to bring SLM’s to more enterprises.

Leave a comment »

Akira Ransomware Group Takes Credit For Pwning 8K Technologies

Posted in Commentary with tags on October 29, 2025 by itnerd

A ransomware group called Akira today took credit for a September 2025 data breach at BK Technologies, a manufacturer of wireless communication devices for police, military, and government agencies.

Commenting on this is Rebecca Moody, Head of Data Research at Comparitech

“Akira is one of this year’s most dominant ransomware strains with over 550 claims to date. We have confirmed 55 of these attacks and nine of these are also on US manufacturers. Across these nine attacks, seven of the companies involved have reported data breaches. This highlights how Akira not only seeks to encrypt systems but is doubling up on its chances of securing a ransom by also stealing data. 

In the case of BK Technologies, we know disruption was minimal but that key data (including that of former and current employees) has been breached. We don’t yet know how many people have been impacted in this breach but anyone potentially impacted should be on high alert for any potential phishing messages and should monitor their accounts for any unauthorized activity.”

Akira is one of a number of ransomware groups that seems to be out there claiming victims left and right. This illustrates why you need to make sure that you’re not the next victim.

Leave a comment »

« Older Entries
Newer Entries »