Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Over the past two years, we’ve watched a steady wave of acquisitions reshape the privileged access market. For many security leaders, that wave has now hit home. Your PAM vendor has been acquired, absorbed into a larger platform, and suddenly the roadmap you once relied on feels less certain. This moment is easy to dismiss as “business as usual.” It is also one of the rare points where it actually makes sense to step back and reassess your PAM strategy with fresh eyes.

KnowBe4 Threat Labs recently examined a sophisticated dual-vector campaign that demonstrates the real-world exploitation chain following credential compromise. This is not a traditional virus attack. Instead of deploying custom viruses, attackers are bypassing security perimeters by weaponizing the necessary IT tools that administrators trust. By stealing a “skeleton key” to the system, they turn legitimate Remote Monitoring and Management (RMM) software into a persistent backdoor.

For those of you who are like me, when I first heard about the new EU AI Act, I had flashbacks to the implementation of the General Data Protection Act (GDPR) back in 2018. There are certainly a lot of similarities with the EU leading the way in consumer protections that will likely lead to more, similar legislation across the globe. I’m also reminded of the iPhone when it was introduced in the consumer market and bled into the workplace (I for one held onto my Blackberry for as long as I could).

A widespread phishing campaign is targeting LinkedIn users by posting comments on users’ posts, BleepingComputer reports. Threat actors are using bots to post the comments, which impersonate LinkedIn itself and inform the user that their account has been restricted due to policy violations. The comments contain links to supposedly allow the user to appeal the restriction.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! The clue is in the name and complete isolation because, well, it will be breached before you can blink.

Regulators view operational resilience as a top priority. This is not surprising as according to Sophos, in 2024 nearly two-thirds of energy, oil, gas, and utilities organisations reported ransomware attacks, with average recovery costs rising to around $3 million. This is a clear reminder that real-world disruptions are already affecting the sector.

Security teams today aren't struggling with a lack of data, they're struggling with a lack of clarity. Sensitive data now lives and moves across endpoints, SaaS applications, cloud infrastructure, and AI systems. Understanding where that data is, how it's used, and when it becomes risky has never been more important — or more difficult.

Imagine a new city that promises cheap housing and ultra-modern infrastructure. People move in, only to discover that the roads are constantly jammed, power cuts happen every evening, water pressure drops without warning, and there are no cameras or sensors to detect where things are breaking. There is no central control room to test changes safely before the next “improvement” hits the streets. It does not matter how attractive the city looked on paper.

On January 21, 2026, Cisco released fixes for a high-severity vulnerability impacting Cisco Unified Communications products that is under active exploitation, tracked as CVE-2026-20045. The flaw arises from improper input validation of user-supplied data in HTTP requests to the web-based management interface of affected devices.

Cybersecurity teams are no longer circling an AI bubble. Rather, they are staffing inside it, buying within it, and getting measured by it. This matters because bubbles create a predictable trap: expectations are set higher than teams truly can deliver. Cato Networks CEO Shlomo Kramer recently told Business Insider the market is experiencing an AI bubble driven by heavy investment and AI-driven profit improvements, which he expects to unwind. A correction will not pause attacker activity.