CrowdStrike Adds Real-Time Identity Control With SGNL Deal

Michael Novinson • January 9, 2026

With the $740M acquisition of SGNL, CrowdStrike aims to deliver dynamic access control for human and nonhuman identities. The real-time enforcement layer expands CrowdStrike's identity capabilities amid a market shift toward zero standing privilege and agentic workforce security.

Agentic AI

From Threat to Response: How CIS MDR Protects SLTTs with Intelligence, Agility, and Action

Artificial Intelligence & Machine Learning

Why Palo Alto Is Eyeing a $400M Buy of Endpoint Vendor Koi

Latest

Artificial Intelligence & Machine Learning

ISMG Editors: Lack of MFA Keeps Fueling Cloud Data Breaches

Anna Delaney • January 9, 2026

In this week's panel, four ISMG editors discussed how basic security failures are still opening the door to major breaches, how researchers are rethinking data protection in the age of AI and the implications of robots with artificial intelligence patrolling national borders.

Cyberwarfare / Nation-State Attacks

Salt Typhoon Hackers Hit Congressional Emails in New Breach

Chris Riotta • January 9, 2026

U.S. officials are probing a suspected Chinese cyber campaign tied to Salt Typhoon that breached congressional staff email systems supporting national security committees, exposing sensitive discussions and raising concerns about unclassified federal network defenses.

Data Privacy

Illinois Notifies 700,000 of Misconfiguration Breach

Marianne Kolbasuk McGee • January 9, 2026

The Illinois Department of Human Services is notifying more than 700,000 people of a breach involving "incorrect privacy settings" left in place for several years that exposed online data pertaining to Medicare, Medicaid and rehabilitation services recipients.

Artificial Intelligence & Machine Learning

Healthcare Chatbots Provoke Unease in AI Governance Analysts

Rashmi Ramesh • January 9, 2026

When an AI chatbot tells people to add glue to pizza, the error is obvious. When it recommends eating more bananas - sound nutritional advice that could be dangerous for someone with kidney failure - the mistake hides in plain sight.

Governance & Risk Management

Key Areas of Convergence for IT-OT Security in Energy Sector

Brian Pereira • January 9, 2026

While IT and OT environments were traditionally seen as two separate parts of the organization, security teams can use common tools and practices to protect both areas, said Joe Doetzl, head of cybersecurity at Hitachi Energy. The company designated a single leader for IT-OT environments years ago.

Governance & Risk Management

No Rest in 2026 as Patch Alerts Amass for Cisco, HPE and n8n

Mathew J. Schwartz • January 9, 2026

The new year is off to a fresh start on the vulnerability and exploit alert front: Cisco has patched a critical Identity Services Engine; cybersecurity officials warn that an HPE OneView vulnerability is being actively exploited; and proof-of-concept exploits drop for n8n automation software.

Critical Infrastructure Security

Cyber Retaliation Risks Rise After US-Venezuela Operation

Chris Riotta • January 8, 2026

Federal cybersecurity officials are warning of a likely uptick in retaliatory cyber activity from China and Russia-linked threat actors after the U.S. military raid in Venezuela, urging infrastructure operators to brace for disruptive probing and attacks.

Artificial Intelligence & Machine Learning

ChatGPT Health: Top Privacy, Security, Governance Concerns

Marianne Kolbasuk McGee • January 8, 2026

OpenAI is rolling out a new version of ChatGPT dedicated to health that the company said will also "securely" connect users' medical records and wellness apps to better personalize responses. OpenAI says more than 230 million people each week ask ChatGPT wellness and health related questions.

Cybercrime

Breach Roundup: Firewalls Headed for Obsolescence

Pooja Tikekar • January 8, 2026

This week, Moody's said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches.

Geo Focus: The United Kingdom

Britain Debuts Early Revamp of Government Cyber Action Plan

Mathew J. Schwartz • January 8, 2026

The British government has unveiled a new plan for improving cybersecurity protections and resilience capabilities across its IT estate. While lauding the move toward increased accountability, some see a lack of the required funding or enforcement needed to make the plan a reality.

Blockchain & Cryptocurrency

Cryptohack Roundup: Alleged Fraud Kingpin Deported to China

Rashmi Ramesh • January 8, 2026

This week, an alleged fraud kingpin deported to China, Bitfinex hacker gained early release, Unleash Protocol's $3.9M hack, TRM tied crypto thefts to the LastPass breach, Trust Wallet's link to the Sha1-Hulud attack, Flow's NFT loan fallout, Ledger's data exposure and Kontigo reimbursements.

Cryptocurrency Fraud

Australia's Scams Framework Criticized Over Major Exclusions

Suparna Goswami • January 7, 2026

Australia's proposed Scams Prevention Framework leaves key scam-enabling entities outside its initial scope, raising questions about whether the model can deliver the consumer protection it promises.