VC giant Insight Partners warns thousands after ransomware breach

New York-based venture capital and private equity firm Insight Partners is notifying thousands of individuals whose personal information was stolen in a ransomware attack. The company disclosed the cybersecurity incident in February, when it said that a threat actor gained access to its network following a “sophisticated social engineering attack.” Two months later, Insight Partners confirmed that the attackers had also stolen sensitive data during the breach, including banking and tax information, personal information of current and former employees, information related to limited partners, as well as fund, management company, and portfolio company information.

Cyberattack disrupts check-in systems at major European airports

A cyberattack targeting check-in and boarding systems disrupted air traffic and caused delays at several of Europe’s major airports on Saturday. While the impact on travelers appeared to be limited, experts said the intrusion exposed vulnerabilities in security systems. The disruptions to electronic systems initially reported at Brussels, Berlin’s Brandenburg and London’s Heathrow airports meant that only manual check-in and boarding was possible. Many other European airports said their operations were unaffected.

British spies turn to dark web to recruit Russian agents, access secrets

British spies are to use the digital shadows of the dark web to recruit informants and allow them to receive secret information from agents in Russia and worldwide, Britain’s foreign ministry said on Thursday. The Secret Intelligence Service, Britain’s foreign spy agency known as MI6, is to use a dark web portal called Silent Courier, which will allow people to securely pass on details about illicit activities anywhere in the world, or offer their own services. “Today we’re asking those with sensitive information on global instability, international terrorism or hostile state intelligence activity to contact MI6 securely online,” MI6 chief Richard Moore will say when he formally announces the plans in a speech in Istanbul on Friday.

How to Gain Control of AI Agents and Non-Human Identities

We hear this a lot: “We’ve got hundreds of service accounts and AI agents running in the background. We didn’t create most of them. We don’t know who owns them. How are we supposed to secure them?” Every enterprise today runs on more than users. Behind the scenes, thousands of non-human identities, from service accounts to API tokens to AI agents, access systems, move data, and execute tasks around the clock. They’re not new. But they’re multiplying fast. And most weren’t built with security in mind. Traditional identity tools assume intent, context, and ownership. Non-human identities have none of those. They don’t log in and out. They don’t get offboarded. And with the rise of autonomous agents, they’re beginning to make their own decisions, often with broad permissions and little oversight.

OpenID Foundation sets new standards for real-time security event sharing

These specifications solve a critical gap that has left organizations vulnerable during the extended periods between user logins. Systems relying on federated identity had no way to receive security updates after initial login. Sessions often last days or weeks, during which user locations, device compliance, or organizational access may change dramatically. Organizations were forced to choose between disrupting users with constant re-authentication requests or accepting substantial security risks from outdated login information.