Dataproof Communications

Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification...

Elastic hackathon judge Nils Thomsen explains why Sydney’s Forge the Future hackathon is your chance to hack for good with AI. He seeks solutions with impact, innovation, and practical real-world use cases using the full Elastic Stack. - Read more

December 2025 witnessed a dramatic 120% increase in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 22 vulnerabilities requiring immediate remediation, up from 10 in November. The month was dominated by widespread exploitation of Meta's React Server Components flaw. What security teams need to know: React2Shell pandemonium: CVE-2025-55182 triggered a global exploitation wave with multiple threat actors...

Key Takeaways Effective ransomware detection requires three complementary layers: endpoint and extended detection and response (EDR/XDR) to monitor device-level activity, network detection and response (NDR) to catch lateral movement, and threat intelligence tools to provide context that enables efficient prioritization. The most valuable detection happens before ransomware encryption begins. Tools must identify precursor behaviors like reconnaissance, credential...

Prominent crime forum BreachForums has suffered a new and possibly fatal blow to its reputation after the revelation that a database of thousands of criminals using it was stolen months ago. News of the breach emerged publicly on January 9 when a zip archive containing a MySQL database of 323,986 BreachForums users appeared on shinyhunters,...

Researchers at Palo Alto’s Unit 42 have outlined a list of recommended security controls for vibe coding tools - Read more

Attackers have successfully infiltrated n8n’s community node ecosystem using a malicious npm package disguised as a legitimate Google Ads integration tool. The attack reveals a critical vulnerability in how workflow automation platforms handle third-party integrations and user credentials. The malicious package, named n8n-nodes-hfgjf-irtuinvcm-lasdqewriit, tricked developers into entering their Google Ads OAuth credentials through a seemingly authentic credential form. ...

Google patched high-severity CVE-2026-0628 in Chrome 143 and added Push API rate limits to curb notification spam, with penalties up to 14 days. The post Google Chrome Pushes Critical Security Update for 3B Users appeared first on TechRepublic. - Read more

C-suite executives are more concerned with risks arising from AI vulnerabilities and cyber fraud than ransomware, according to the World Economic Forum - Read more

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2025-8110 Gogs Path Traversal Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that...