News for today:
- New AI agents for email security. IRONSCALES announced its Winter 2026 release, with three specialized AI agents to strengthen an organization’s preemptive email security posture: Red Teaming, Phishing SOC, and Phishing Simulation. e.g., Red Teaming Agent performs the same OSINT reconnaissance your attackers do, scanning social media, press releases, and job postings to map your exposure. It then uses those findings to harden detection before a real attack arrives. Most threat intelligence protects against attacks someone else has already received. The Red Teaming Agent trains your defenses on attacks designed specifically for your organization. The release also includes email encryption enhancements, and better deepfake detection capabilities for Microsoft Teams. IRONSCALES
- Proof of cyber insurability via Sophos MDR. Customers using the Sophos MDR service now get access to verifiable cyber insurability data via a partnership with Spektrum Labs. Through the partnership, organizations can not only deploy Sophos MDR to help prevent attacks but also provide insurers with verifiable proof that their security controls are enabled, properly configured, and working as intended, all of which are known measures to lower cyber risk. This transforms security from a set of controls into a measurable, continuously validated operating discipline, and addresses persistent challenges facing organizations as cyber incidents continue to rise. Sophos
- Combating identity compromise via dark web monitoring. Commvault and CloudSEK announced a partnership so that CloudSEK’s dark web monitoring of compromised credentials integrates with Commvault’s cybersecurity and identity security solutions for Active Directory. This integration brings CloudSEK’s real-time Dark Web Credential Intelligence directly into Commvault’s Active Directory Vulnerability Assessments and Active Directory Advanced Audit and Anomaly Detection solutions. By correlating external credential exposure signals with internal identity telemetry, customers can identify exposed accounts early and take decisive action, including: disabling, locking, or resetting compromised credentials and rolling back malicious changes to Active Directory before attackers can escalate privileges, deploy ransomware, or exfiltrate sensitive data. Available mid-2026. Commvault
- LevelBlue partners get vulnerability and exposure management. Through a partnership with Tenable, MSSP and MSP partners of LevelBlue have access to expanded vulnerability and exposure management capabilities. Tenable-powered vulnerability and exposure management through LevelBlue gives MSSP and MSP partners a modern foundation for delivering high-value vulnerability and exposure management services. With stronger visibility, richer context, and a flexible path that adapts to client maturity, partners can support clients more effectively while expanding their own service portfolios. LevelBlue
- Disruption of the Tycoon 2FA MFA-bypass phishing service. TrendAI and other industry and law enforcement partners cooperated to disrupt the Tycoon 2FA MFA-bypass phishing service. TrendAI threat researchers had been tracking the platform’s infrastructure, campaigns, and operator behavior over an extended period. By November 2025, researchers had linked the operation to an actor using the monikers SaaadFridi and MrXaad, assessed to be the developer and primary operator behind the service. Historical activity showed earlier involvement in web defacement before pivoting to phishing kit development at scale. Detailed intelligence on tooling, infrastructure patterns, and operational behaviour was shared with Europol to support coordinated action. Trend Micro