Major crypto exchange leak exposes user wallets, passwords

Posted in Commentary with tags on October 28, 2025 by itnerd

The Cybernews research team has discovered an unprotected MongoDB database leaking massive amounts of sensitive information. The dataset, attributed to crypto trading platform NCX, revealed several data collections that, when combined, reveal over five million records.

Many businesses utilize MongoDB to handle large swaths of unstructured data. However, NCX appears to be plagued with a common issue: databases are left unprotected without authentication, often due to human error. 

The exposed information includes:

  • Full names, usernames, and dates of birth;
  • Email addresses; 
  • Links to user-uploaded identity documents (KYC);
  • Two-factor authentication (TFA) codes and URLs;
  • Internal API keys; 
  • IP addresses;
  • Hashed passwords;
  • Profile photo URLs;
  • Secret keys (obfuscated or encoded);
  • Wallet addresses and related blockchain transaction info;
  • Deposit/withdrawal history, currency types, block statuses;
  • Admin support logs and Help Center communications.

The Cybernews team responsibly disclosed the issue to the company immediately after discovering the leaky database. However, the company did not react to multiple attempts to reach out. 

For more information, here’s the full report: https://cybernews.com/security/ncx-exchange-data-leak-wallets-exposed/

Leave a comment »

SellYourMac Expands to Canada

Posted in Commentary with tags on October 28, 2025 by itnerd

SellYourMac.com (SYM), a reCommerce and IT asset transition service company committed to reusing, repurposing, and recycling used Apple products, today announced the launch of SellYourMac Canada, now available at www.sellyourmac.ca. Canadian customers can now easily and securely sell their used Apple devices for top value while contributing to sustainability and responsible e-waste management.

Part of the Other World Computing family of companies, SYM Canada buys and sells used Apple computers, iPhones, iPads, and accessories. Its mission is to help reduce the amount of e-waste hitting landfills and dumps, and help individuals, schools, businesses, and other organizations offset the high costs of upgrading to newer electronic devices by purchasing their old ones. Because SYM deals solely with Apple products, it is more accurate than its competitors in assessing and pricing these products, enabling SYM to pay more than the competition.

Products purchased by SYM include Apple MacBook, MacBook Pro, MacBook Air, iMac, Mac Pro, Mac Mini, Cinema Display, iPhone, iPad, iPod, and Apple TV. SYM no longer purchases pre-Intel-based Apple computers. However, SYM will responsibly recycle these devices with the help of its r2 and e-Stewards certified (zero-landfill) recycling partners. To learn more, please visit: https://www.sellyourmac.ca/

Leave a comment »

DH2i Achieves Dual Red Hat Certifications for SQL Server High Availability Across RHEL 9.6 and OpenShift

Posted in Commentary with tags on October 28, 2025 by itnerd

 DH2i today announced two major Red Hat certifications that solidify its position as the gold standard for SQL Server high availability across hybrid infrastructure.

DxEnterprise Certified for Red Hat Enterprise Linux (RHEL) 9.6

DH2i’s flagship high availability (HA) platform DxEnterprise® is now officially certified for Red Hat Enterprise Linux (RHEL) 9.6, enabling organizations to deploy and cluster SQL Server across bare metal and virtual machines (VMs) with Red Hat-validated confidence.

With this certification, now visible in the Red Hat Ecosystem Catalog, organizations gain:

  • Certified HA automation across physical and virtual environments

Fully automatic failover, intelligent load balancing, and integrated monitoring

  • Built-in Zero Trust Network Access (ZTNA) with Software-Defined Perimeter (SDP) tunneling

Eliminates the need for VPNs and locks down workloads at the application level

  • Freedom to mix SQL Server versions and OS platforms

Cluster Windows and RHEL-based SQL Server instances under one HA framework

DxOperator Now Certified for Red Hat OpenShift

DH2i’s DxOperator, its SQL Server operator bundled with DxEnterprise and preferred by Microsoft for Kubernetes deployments, is now officially certified for Red Hat OpenShift. You can find it in the Red Hat Ecosystem Catalog here.

This certification enables customers to:

  • Streamline SQL Server container deployment on OpenShift within DxEnterprise’s HA framework

Including fully automated failover for SQL Server Availability Groups in OpenShift, a capability no other high availability solution delivers

  • Deploy SQL Server containers in a sidecar configuration (one container image for DxEnterprise, and a separate container image for SQL Server within the same pod) No custom image support headaches to deal with
  • Stretch SQL Server OpenShift clusters across clouds, regions, and sites using secure SDP tunnels

Unified HA Across Bare Metal, VMs, and Containers

With DxEnterprise certified for RHEL 9.6 and DxOperator certified for OpenShift, DH2i unlocks the unparalleled ability to mix and match instances, containers, platforms, and infrastructure for organizations.

In other words, Red Hat users leveraging DH2i’s technology can cluster RHEL 9.6 nodes alongside SQL Server containers in OpenShift – all within a single unified HA framework managed from one control plane.

Quick Start Resources

1 Comment »

Flamingo Launches from Stealth to Transform the $380B MSP Market with AI-Powered Open Source Platform

Posted in Commentary with tags on October 28, 2025 by itnerd

Flamingo, a Miami-based startup, today launched from stealth with OpenFrame, a platform combining AI automation with open-source infrastructure to rewrite the economics of managed service providers (MSPs), companies that provide IT support to small and medium-sized businesses. Over 1,000 MSPs have already joined Flamingo’s waitlist ahead of launch, representing roughly 3% of the managed services market, with more than 150 early adopters actively testing and collaborating through Flamingo’s Slack community.

The $380 billion MSP industry is stuck in a profit squeeze. Most providers operate on razor-thin 8–12% net margins, caught between steep vendor fees consuming 25–35% of revenue and labor costs eating another 25–35% for repetitive tasks like password resets, disk alerts, and troubleshooting. Flamingo built OpenFrame to flip that equation and empower MSPs to break free from vendor lock-in and scale profitably.

Traditional MSP platforms focus exclusively on either software infrastructure or automation, but can’t address the underlying economics. Legacy vendors provide comprehensive tooling but at steep costs that compress margins. Meanwhile, open-source alternatives exist but require significant technical expertise to deploy and integrate, making them inaccessible to most MSPs. The siloed nature of these approaches prevents MSPs from solving both the vendor cost problem and the labor efficiency problem simultaneously.

OpenFrame combines the freedom of open source with the efficiency of autonomous AI agents. Its duo, Fae and Mingo, automates both customer-facing and back-end operations, from password resets to threat detection, turning MSPs into lean, high-margin software-like businesses. Fae handles client-side tasks like password resets, low disk space warnings, and system patches, while Mingo manages MSP operations including threat detection, suspicious process monitoring, and routine maintenance. Unlike traditional AI assistants that only provide recommendations, these agents take action autonomously but require technician approval for sensitive operations, striking a balance between automation and oversight.

OpenFrame will be available in two deployment options: self-hosted for complete control at no cost, or managed services with per-device pricing. At launch, the platform will include:

  • Remote Monitoring and Management (RMM)
  • Remote Access and Mobile Device Management (MDM)
  • Integrated SIEM
  • Free beta access through February 2026

Flamingo previously raised $2.2 million in pre-seed funding led by Focal VC and Array VC. With this launch, the company will expand its team and grow its sales, support, and engineering operations to serve the growing waitlist of over 1,000 MSPs. The company’s community-driven approach, including its active Slack community of 150+ members and OpenMSP, the community platform launched in July 2025, has accelerated rapid adoption of its technology.

Leave a comment »

How Tray.ai is Solving AI’s Next Big Governance Challenge

Posted in Commentary with tags on October 28, 2025 by itnerd

Tray.ai, the platform for building smart, secure AI agents at scale, today announced Agent Gateway, a new capability in the Tray AI Orchestration platform. IT teams use Agent Gateway to build governed, maintainable MCP (Model Context Protocol) servers and MCP tools on Tray and publish them via MCP for stable and secure agent use across the stack. 

As enterprises race to extend agents with new capabilities, shadow MCP servers and tools are being developed in JavaScript, Python and with ad-hoc scripts and services, often without IT visibility or required guardrails. As Gartner® noted in its September 2025 report, Innovation Insight: MCP Gateways1, “Enterprises are left trying to balance the enthusiasm for adopting MCP, at the cost of governance, against a more risk-averse approach to adoption, at the risk of missing the innovation boat.”

Tray Agent Gateway provides a managed environment for creating MCP servers and tools with defined policies, permissions and versioning, so IT can maintain security and compliance, reduce shadow MCP development and prepare the agent ecosystem for emerging standards like A2A (Agent-to-Agent).

Tray Agent Gateway delivers governance for evolving AI standards

Agent Gateway provides the interoperability for MCP and other emerging protocols that IT teams use to bring rigor, governance and observability to the enterprise agent stack. Teams can define, test, version and document MCP services, apply scope and guardrails and share them selectively across their agent landscape.

Three core ways to use MCP are supported by Agent Gateway:

  • Build composite MCP tools: Teams can create sophisticated composite tools in Merlin Agent Builder and publish them as MCP services. These tools can perform complex tasks or entire processes end-to-end and connect to and take action across any system, from apps to other AI services. Tray Guardian is used to embed guardrails, and users can mitigate unpredictable agent behavior by encoding business rules for consistent, auditable outcomes.
  • Publish connector-backed MCP tools: Tray’s library of 700+ managed connectors can now be published as MCP tools, instantly giving MCP-enabled agents secure reach across CRM, ERP, HR, analytics and other apps, all with the governance enterprises expect.
  • Consume external MCP servers: Tray Agents can securely consume external MCP servers while IT gains centralized visibility, logging and auditability.

Centralized governance and control at enterprise scale

Agent Gateway gives IT centralized command over Tray-built MCP servers and tools developed across the organization. By defining MCP servers within Tray Workspaces and Projects, teams can decide which MCP tools are exposed and under what conditions, so each MCP deployment aligns with enterprise policies and security scope. 

Every MCP tool and execution is instrumented in Tray Insights Hub, logged and versioned for traceability. This creates a complete audit trail that can be streamed to observability platforms such as Datadog or Splunk, giving IT clear oversight without slowing delivery. With clearly defined ownership, version control and documentation, IT can maintain governance across hundreds of agents and tools, replacing fragmented, ad hoc development with a single managed environment.

Together, Tray Agent Hub and Tray Agent Gateway are part of Merlin Agent Builder, creating a single environment for teams to build, govern and scale enterprise agents. Agent Hub provides the composable building blocks for agent creation, while Agent Gateway delivers governance and control over how those tools are developed, shared and maintained. With both capabilities in one experience, Merlin Agent Builder is now the one-stop environment for designing, deploying and managing agents securely at enterprise scale.

Future-proof architecture for multi-agent interoperability

Agent Gateway is built as a multi-protocol capability, supporting MCP today and engineered for Google’s A2A and future agent-to-agent interoperability standards. With this architecture, Tray Agents can communicate, delegate and collaborate with third-party agents while maintaining enterprise consistency and control.

By unifying governance across protocols, Agent Gateway future-proofs the enterprise tech stack, giving teams confidence that their AI orchestration strategy will remain compatible as new standards emerge.

For more information:

Leave a comment »

If You Have A Gmail Account, Chances Are That You’ve Been Pwned

Posted in Commentary with tags , on October 27, 2025 by itnerd

This is big. And this is really, really bad. Around 183 million Gmail accounts have pwned. Which is as far from trivial as a hack could get.

The breach was revealed after the website URLs, email addresses, and passwords were added to the Have I Been Pwned (HIBP) database, which allows users to enter their stolen credentials to see if their information has been leaked.

According to Troy Hunt, who owns the website, the stolen data included ‘stealer logs and credential stuffing lists’, which are essentially huge databases of stolen logins that cybercriminals use to make unauthorised access attempts.

Erich Kron, CISO Advisor at KnowBe4, has provided the following commentary. 

“The significant volume of passwords that are compromised annually should be a very motivating factor in enabling Multi-Factor Authentication (MFA) and should drive people to consider the importance of securing accounts, especially email accounts.

Email accounts are the nexus of our digital identity, allowing us to sign up for accounts and to reset passwords for accounts that we may already have. For a bad actor, the ability to reset passwords to retail and banking accounts is the ultimate prize, and for the victim, a nightmare.  

In addition to giving bad actors the ability to reset passwords, they also know that people have the bad habit of reusing passwords across a myriad of services including their banking and financial services. The theft of these credentials can allow cybercriminals to easily empty bank and retirement accounts, and fund some extreme shopping sprees.

People should be very careful about protecting their accounts by keeping them unique and applying MFA whenever possible. Tools such as password vaults can be instrumental in securing accounts and being able to remember even the most obscure password when needed.”

Now would be a really good time to change your Gmail password as well as implementing MFA. Because like I said earlier, this is a bad as it gets.

1 Comment »

KnowBe4 Student Edition Achieves Milestone of One Million Students Trained

Posted in Commentary with tags on October 27, 2025 by itnerd

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human and AI agent risk management, today announced it has reached a milestone of one million students trained through the KnowBe4 Student Edition. The KnowBe4 Student Edition security awareness training, designed for students 16 and older, tackles crucial topics like phishing and credential theft, sextortion and doxing, oversharing and digital privacy, and financial and campus scams. It prepares students to be cyber-ready today and in their future careers while also protecting them and their institutions from current attacks.

Find more information on the KnowBe4 Student Edition here.

Ben Syn, director, university and career education, KnowBe4 will speak on a panel at the Educase Conference on Tuesday, October 28 at 2:15 p.m. Central Time on the topic of “Beyond Borders: Transforming Student Cybersecurity from Obligation to Campus Culture.” The session will provide actionable strategies for improving student engagement rates, transforming cybersecurity awareness from mundane compliance to a vibrant campus culture. KnowBe4 also has a booth at the event #961.

Additionally, KnowBe4 offers a complimentary Interactive Cybersecurity Activity Kit designed for children aged five to 15 years old. This kit offers a fun and engaging way for parents and educators to teach the basics of online safety.

Leave a comment »

Voice AI searches up by 147%, impersonation scams up by 148%: coincidence or correlation?

Posted in Commentary with tags on October 27, 2025 by itnerd

A new analysis by Cybernews reveals a potential link between AI innovation and the surge in cybercrime. Google Trends data shows global searches for “free voice AI” skyrocketed by 147% since August 2024 – just as AI impersonation scams jumped 148%.

The findings point to a dangerous shift: while overall phishing complaints have dropped by 40% since 2021, average financial losses keep climbing. AI may be making scams more convincing – and more profitable.

With voice generation tools like ElevenLabs surpassing a $5 billion valuation and deepfake tech becoming mainstream, Cybernews warns that AI may be silently fueling the next wave of cybercrime.

For more information on this, here’s the full report: https://cybernews.com/ai-news/ai-influence-on-crime-cybercrime-losses-soar-as-searches-for-free-voice-ai-surge-by-147/ 

Leave a comment »

Dispersive Completes HIPAA Compliance Examination

Posted in Commentary with tags on October 27, 2025 by itnerd

Dispersive today announced the successful completion of an independent HIPAA compliance examination conducted by Johanson Group LLP. The examination evaluated Dispersive’s virtual networking platform against the requirements defined in the HIPAA Audit Program.

This milestone reinforces Dispersive’s commitment to protecting sensitive clinical, operational, research, and patient data across distributed networks. In particular, healthcare providers, telemedicine platforms, pharmaceutical companies, clinical research organizations (CROs), and critical infrastructure environments.

Dispersive’s stealth networking platform obfuscates and splits traffic across multiple dynamic network paths, making communications extremely difficult to detect, intercept, or disrupt. The result is an overlay network that provides zero-trust access, multi-path resilience, and quantum-resistant encryption that does not require organizations to rip and replace their existing infrastructure.

Healthcare organizations are increasingly prioritizing architectures that:

  • Isolate sensitive systems and clinical workloads
  • Protect remote care delivery and hybrid workforce access
  • Reduce ransomware and OT/IoT exposure
  • Support secure multi-cloud and AI-assisted workflows
  • Ensure continuity during outages and degradation events

Dispersive’s HIPAA examination underscores the company’s continued investment in compliance, secure-by-design networking, and trust for regulated industries.

Leave a comment »

One in Three Canadians Targeted by Scam Texts in Just Three Months: Equifax

Posted in Commentary with tags on October 27, 2025 by itnerd

Canadians are facing a flood of scam attempts, with one in three reporting fraudulent job or CRA-related texts in the past three months alone, according to new research from Equifax Canada. 

The Equifax Cybersecurity Survey, reveals a growing preparedness gap in what to do in cases of scams or fraud. Nearly two-thirds of Canadians surveyed say they would contact the police if their identity was stolen, and half would reach out to a credit bureau. Of those surveyed, 79 per cent stated they would contact their bank, however nine per cent admit they wouldn’t know what to do at all.

One in four Canadians surveyed also reported receiving scam emails, while a further 13 per cent admit to clicking on a fraudulent link, and six per cent say they have already had their identity stolen.

The survey also shows a near-universal sense of risk with 97 per cent of those surveyed saying that protecting themselves online is important, and 93 per cent report that protecting their family online is important:

  • 82 per cent worry about children being taken advantage of online.
  • 75 per cent worry about their information being hacked from their personal computer.
  • 71 per cent worry about someone using technology to trick them into giving away personal information.
  • 61 per cent worry about someone impersonating them on social media.

Protecting yourself and your family
The best defence against scams is educating yourself and being cautious.

  • Verify everything: Independently verify unsolicited requests. Government agencies/banks will never ask for personal info via email/text, or demand gift cards/cryptocurrency. For businesses, go directly to their official website if an account issue is suspected.
  • Don’t be pressured: Legitimate organizations allow time for verification.
  • Build a shield: Use strong passwords and logins, secure your Wi-Fi and be careful what you share.
  • Educate yourself: Stay informed about current scams.

Equifax surveys over the past decade illustrate how fraud and scam threats have evolved. In 2015, just over half of Canadians (53 per cent) felt vulnerable to identity theft. By 2023, more than eight in ten (81 per cent) said they did. Today, nearly all Canadians place importance on protecting themselves (97 per cent) with the threat of fraud increasingly immediate and direct, arriving on the devices Canadians use every day.

  • Scam exposure is widespread: 31 per cent of Canadians surveyed received fraudulent job texts and 29 per cent received CRA or banking scam texts in the last three months.

  • Risky links: 13 per cent surveyed had clicked a scam link, and 15 per cent had received romance scam messages on social media.

  • Top protections Canadians want: With fraud and scams on the rise, 31 per cent of Canadians surveyed think they need to do more to protect themselves online. When thinking of online security tools, respondents cited the following tools as most important: secure VPN and anti-virus software, password managers, credit monitoring, parental controls, and social media and dark web monitoring.

*The Equifax Cybersecurity Survey was conducted online by Leger between September 19 and 22, 2025, with a nationally representative sample of 1,521 Canadians. For comparative purposes, a probability sample of this size would yield a margin of error of ±2.5 per cent, 19 times out of 20.

Leave a comment »

« Older Entries
Newer Entries »