Why Palo Alto Is Eyeing a $400M Buy of Endpoint Vendor Koi

Michael Novinson • January 6, 2026

Palo Alto Networks is in talks to buy Washington D.C-based endpoint security startup Koi for $400 million. Koi is focused on securing extensions, AI models, code packages and containers, and its differentiation lies in mapping, assessing risk and govern the software landscape at enterprise scale.

►

Access Management

How AI Agents Are Driving New Risks in Identity Security

Latest

Cryptocurrency Fraud

Australia's Scams Framework Criticized Over Major Exclusions

Suparna Goswami • January 7, 2026

Australia's proposed Scams Prevention Framework leaves key scam-enabling entities outside its initial scope, raising questions about whether the model can deliver the consumer protection it promises.

Standards, Regulations & Compliance

Orthopedic Practice Pays $500K Settlement to NYS in Hack

Marianne Kolbasuk McGee • January 7, 2026

An upstate New York orthopedic practice has agreed to pay state regulators a $500,000 settlement and implement stronger security practices following a 2023 hack involving the theft of 650,000 individuals' sensitive information. Cybercrime group INC Ransom reportedly claimed credit for the incident.

Artificial Intelligence & Machine Learning

Poison Pill Defense Protects Proprietary AI Data From Theft

Rashmi Ramesh • January 7, 2026

Chinese and Singaporean researchers have developed a defense mechanism that poisons proprietary knowledge graph data, making such stolen information worthless to thieves who attempt to deploy it in unauthorized artificial intelligence systems.

Recruitment & Reskilling Strategy

Proof of Concept: What's Broken in Cybersecurity Hiring?

Anna Delaney • January 7, 2026

In the latest "Proof of Concept," Chase Cunningham, CSO, Demo-Force.com, and Brandy Harris, director, CyberEd.io, joined ISMG editors to examine why cybersecurity hiring continues to fail. Despite a growing talent pipeline, outdated frameworks and unrealistic expectations block progress.

Agentic AI

Zero Trust for the Age of Autonomous AI Agents - Part 1

Amar Naik • January 7, 2026

Zero trust was built for humans, not autonomous AI agents. As organizations adopt agentic AI at scale, human-centric security assumptions break down - creating a paradox between utility and least privilege that traditional zero trust models cannot resolve.

Endpoint Security

FCC Loses Lead Support for Biden-Era IoT Security Labeling

Chris Riotta • January 6, 2026

UL Solutions has exited its role as lead administrator of the FCC's Cyber Trust Mark, leaving the flagship consumer IoT labeling program without oversight just months after internal security reviews raised concerns over foreign influence in program management.

Critical Infrastructure Security

Threats to Critical Infrastructure Expected to Intensify

Tony Morbin • January 6, 2026

Attacks against critical infrastructure are expected to increase in scope and intensity including hacks on operational technology systems. State actors are now looking for ways to cause damage and disrupt operations, rather than simply steal secrets, according to cybersecurity experts.

Artificial Intelligence & Machine Learning

Nvidia Bets on Reasoning AI for Self-Driving Cars

Rashmi Ramesh • January 6, 2026

Nvidia CEO Jensen Huang launched Alpamayo, an open reasoning AI model family for autonomous vehicles, and Rubin, a six-chip platform promising AI tokens at one-tenth prior costs. Mercedes Benz CLA will feature the technology in the US this year.

3rd Party Risk Management

Conduent Hack Victim Count Soars by at Least 50%

Marianne Kolbasuk McGee • January 6, 2026

The victim tally of a 2024 hacking incident at back office services provider Conduent again soared after a new regulatory disclosure by the company, in this case to Texas authorities. The company told Lone Star state officials the breach affected nearly 14.8 million Texans, alone.

Missing MFA Strikes Again: Hacker Hits Collaboration Tools

Mathew J. Schwartz • January 6, 2026

Dozens of organizations that use real-time content collaboration platforms appear to have lost not only credentials but also terabytes of hosted data to information-stealing malware being wielded by an initial access broker with a sideline in auctioning large volumes of stolen data.

Cyberwarfare / Nation-State Attacks

Trump, the US and a Blackout: What Cut Off Venezuela's Grid?

Chris Riotta • January 5, 2026

Uncertainty surrounds a Caracas blackout that coincided with a U.S. raid to capture Venezuela President Nicolas Maduro, with analysts weighing the plausibility of U.S. forces using cyber as a tool in layered, covert action amid the historic operation.

Artificial Intelligence & Machine Learning

Evolution Beats Big Bang Migration in IAM

Tom Field • January 5, 2026

Anshita Mittal, vice president of delivery and senior technical architect with IDMExpress, explains why evolving identity systems incrementally delivers faster results and lower risks than big bang migrations, even when AI implementation isn't feasible.