In 2022, the median time between initial access and the secondary threat hand-off was 8 hours. At RSAC 2026, Mandiant put the new number on the main stage: 22 seconds. That one stat explains everything that got announced in San Francisco this year.

This episode of Tech Updates is a full RSAC 2026 recap — the product flood, the agentic AI pivot, and the six predictions every CISO and senior engineer should be tracking over the next 12 months.

⏱ CHAPTERS

0:00 — Intro

0:03 — Cold open: the 22-second attacker hand-off

0:31 — Segment 1: Agentic AI, for real this time

2:20 — Agent Identity & Runtime Control

3:35 — Agentic SOC & the Death of the SIEM

5:09 — AI-Generated Code Security

5:43 — Post-Quantum, Quietly

6:36 — Palo Alto's Full Stack

6:55 — The Cryptographers' Panel

8:10 — Six Predictions for the Next 12 Months

10:45 — The honest takeaway

🔑 VENDORS & PRODUCTS COVERED

• Cisco DefenseClaw · Duo IAM for agents

• Microsoft Entra ID + Foundry guardrails

• Teleport Beams (per-agent Firecracker micro-VMs)

• 1Password Unified Access (Anthropic, Cursor, GitHub, Perplexity, Vercel)

• Astrix Security · shadow agent coverage

• Databricks Lakewatch — agentic SIEM

• Google Cloud Triage & Investigation Agent

• Accenture + Anthropic Cyber.AI

• CrowdStrike Charlotte AI AgentWorks

• SentinelOne Prompt AI Agent Security

• Secure Code Warrior Trust Agent: AI

• Black Duck Signal

• ZeroTier Quantum (hybrid PQC transport)

• Palo Alto Prisma AIRS 3.0 · Agentic SASE · Prisma Browser for Business

• pQCee crypto-agile CNG

• SandboxAQ AQtive Guard

• Acalvio 360 Deception

🎤 KEY QUOTES

"With chatbots you worry about getting the wrong answer. With agents you worry about taking the wrong action." — Jeetu Patel, Cisco

"AI will kill the SIEM in 2026." — Ali Ghodsi, Databricks CEO (CNBC)

"The cryptographic algorithms have really held up over the last 25 years. You can't say that about a lot of areas within cybersecurity." — Paul Kocher, 25th Cryptographers' Panel

"We're spending more on cybersecurity than ever before, but the breaches keep happening. Something is fundamentally broken about how we've approached this problem." — Karl Van den Bergh, Illumio

🎯 SIX PREDICTIONS FOR THE NEXT 12 MONTHS

1. Non-human identity becomes the primary identity problem

2. MCP is now part of the attack surface — treat it like an API gateway

3. The SOC gets automated, or it gets outrun

4. Prompt injection is the new SQL injection

5. Post-quantum is closer than you think (CNSA 2.0 deadlines are real)

6. Active defense and deception are coming back

📚 SOURCES

Mandiant M-Trends 2026 · RSAC 2026 official press releases · SecurityWeek daily roundups · Help Net Security · Futuriom · Google Cloud blog · Lumu Technologies recap · Biometric Update · Govtech Lohrmann column · Hive Pro disclosure of Operation Olalampo + Rust-based Char backdoor

🎧 LISTEN & SUBSCRIBE

Spotify · Apple Podcasts · YouTube

techupdates.it-learn.io

New episode every week.

#RSAC2026 #AgenticAI #Cybersecurity #SIEM #ZeroTrust #PostQuantum #InfoSec #CISO #MCP #PromptInjection #AIAgents #RSAConference

Malware isn't just "a virus." It's a whole ecosystem of tools designed to damage, steal, spy, and extort — and in 2026 it's more dangerous than ever. This episode is your complete field guide.

WHAT IS MALWARE?

Malware (malicious software) is any program intentionally designed to harm a system, steal data, or gain unauthorized access. It's not accidental — it's engineered.

THE 5 MAJOR TYPES

Viruses & Worms

Viruses attach to clean files and spread when a user runs them. Worms self-replicate without any user interaction — ILOVEYOU (2000) infected 50 million machines in 10 days.

Trojans & Ransomware

Trojans disguise themselves as legitimate software. Ransomware encrypts your files and demands payment — Colonial Pipeline paid $4.4M in 2021. Double extortion is now standard: pay or we publish your data.

Spyware & Keyloggers

Spyware silently monitors your activity. Keyloggers capture every keystroke — passwords, credit cards, everything. Pegasus (NSO Group) targeted journalists and world leaders via a single missed call.

Rootkits & Botnets

Rootkits hide deep in the OS or firmware — the only guaranteed fix is a full OS wipe. Botnets turn your device into a zombie for DDoS attacks, spam, and crypto mining. Mirai (2016) infected IoT cameras and routers, then took offline Twitter, Netflix, Reddit, and Amazon.

HOW MALWARE GETS IN

- Phishing emails — #1 delivery method

- Drive-by downloads — visit a compromised site, malware auto-downloads

- Malvertising — malicious ads on legitimate websites

- USB drops — infected drives left in public places

- Unpatched vulnerabilities — no user interaction needed

- Supply chain attacks — SolarWinds (2020) hit 18,000 organizations including US government agencies

DEFENSE IN DEPTH — 7 LAYERS

01. Patch everything — OS, apps, firmware

02. Endpoint protection / EDR — behavioral detection catches what signatures miss

03. Email filtering + sandboxing — detonate attachments before delivery

04. Least privilege access — limits blast radius

05. 3-2-1 Backups — 3 copies, 2 media types, 1 offsite, immutable

06. Security awareness training — humans are the #1 attack surface

07. Network segmentation / Zero Trust — never trust, always verify

2024–2026 THREAT TRENDS

- Ransomware-as-a-Service (RaaS): criminals rent malware like a SaaS subscription — no coding required

- AI-powered malware: better phishing, polymorphic evasion that adapts to bypass defenses

- IoT explosion: billions of unpatched smart devices are easy targets

- Nation-state attacks: Stuxnet, Flame, Triton, Pegasus — government-grade malware in the wild

- Average ransomware attack cost in 2024: $4.5 million (downtime, recovery, legal)

- Reminder: paying the ransom does NOT guarantee you get your files back

THE BOTTOM LINE

Malware is intentional. Understanding how each type works is the first step to defending against it. No single tool protects you — layers do.

New episode every week. Subscribe on Spotify, Apple Podcasts, or YouTube.

techupdates.it-learn.io

Tech Updates — Ransomware in 2026: Industrial Extortion and How to Fight Back

Ransomware isn't just encryption anymore. In 2026, it's a full extortion operation — and it's getting more aggressive as fewer victims pay up.

What's changed: Ransomware-as-a-Service has effectively lowered the barrier to entry for cybercrime, and in 2026 it's the dominant engine driving the threat landscape. Huntress Groups now layer encryption with data theft, DDoS attacks, and direct victim harassment. Many groups are skipping encryption entirely in 2026 — focusing purely on data exfiltration, which puts organizations under immediate legal and reputational pressure even if systems stay online. Level

Three attack scenarios covered in this episode:

• Credential-based intrusion — Stolen logins, no MFA, AD enumeration, Kerberoasting, domain takeover, backup destruction, then encryption
• Hypervisor compromise — Unpatched ESXi vulnerabilities, VM datastore encryption, snapshot manipulation, bundled DDoS
• AI-assisted data-only extortion — Deepfake phishing, silent exfiltration, no encryption, no early alerts

Key defenses: Phishing-resistant MFA (FIDO2/passkeys) · Privileged Access Management · EDR/XDR with behavioral rules · Immutable/air-gapped backups (3-2-1-1-0 rule) · Network microsegmentation · Zero Trust Network Access · Aggressive patching prioritized by the CISA KEV catalog · Rapid EDR auto-quarantine on encryption indicators

📎 Resources & Further Reading

🔗 CISA StopRansomware Guide — https://www.cisa.gov/stopransomware 🔗 CISA Known Exploited Vulnerabilities (KEV) Catalog — https://www.cisa.gov/known-exploited-vulnerabilities-catalog 🔗 Verizon 2025 Data Breach Investigations Report — https://www.verizon.com/business/resources/reports/dbir/ 🔗 Ransomware Trends 2026 (Huntress) — https://www.huntress.com/ransomware-guide/ransomware-trends 🔗 Ransomware Statistics & Facts 2026 (TechTarget) — https://www.techtarget.com/searchsecurity/feature/Ransomware-trends-statistics-and-facts 🔗 Top 10 RaaS Operations 2026 (Cyber Sierra) — https://cybersierra.co/blog/top-ransomware-operations-2026/ 🔗 10 New Ransomware Groups of 2025 (Cyble) — https://cyble.com/knowledge-hub/10-new-ransomware-groups-of-2025-threat-trend-2026/

Description / Summary:

Phishing remains the #1 initial access vector in 2026, now supercharged by generative AI, voice cloning, and multimodal deception. This episode dissects classic phishing, spear-phishing, smishing (SMS), vishing (voice), and emerging AI variants (hyper-personalized content, real-time voice synthesis, deepfake video calls).

We walk through realistic attack scenarios with indicators of compromise (IOCs), attack chains, and living-off-the-land techniques—then deliver layered, modern defenses: phishing-resistant MFA, behavioral analytics, zero-trust controls, DMARC enforcement, and AI-native detection.

Key Takeaways:

Modern phishing uses perfect grammar, OSINT personalization, and urgency manipulation—no typos needed.

AI variants generate tailored messages in seconds, clone voices from public audio, and simulate live video calls for multi-million BEC fraud.

Core attack chains: credential harvesting → token/session replay → lateral movement or ransomware.

Strongest defenses: FIDO2/passkeys (phishing-resistant), behavioral EDR rules (block anomalous process spawning), strict DMARC p=reject, continuous posture checks, and multi-vector simulated attacks.

Organizations must assume AI acceleration—prioritize cryptographic MFA, URL rewriting/sandboxing, and verification protocols over awareness alone.

Links

Classic & Spear-Phishing Scenarios:

Microsoft Defender for Office 365 – Phishing Attack Chain Examples – https://learn.microsoft.com/en-us/defender-office-365/anti-phishing-protection

Proofpoint 2025 State of the Phish Report (attack trends & indicators) – https://www.proofpoint.com/us/resources/threat-reports/state-of-the-phish

Smishing & Vishing (including quishing):

CISA – Smishing and Vishing Guidance (technical indicators & mitigations) – https://www.cisa.gov/news-events/news/smishing-and-vishing

FBI Internet Crime Complaint Center (IC3) – Business Email Compromise & Voice Impersonation Alerts – https://www.ic3.gov/Media/Y2026/PSA250301

AI-Enhanced Phishing & Deepfakes:

Google Cloud Blog – AI-Powered Phishing Detection & Voice Cloning Risks (2026) – https://cloud.google.com/blog/topics/threat-intelligence/ai-enhanced-phishing-2026

Dark Reading – Deepfake Video Calls Enable Record BEC Losses (case studies) – https://www.darkreading.com/cyberattacks-data-breaches/deepfake-video-calls-business-email-compromise

Defenses & Phishing-Resistant MFA:

NIST SP 800-63B – Digital Identity Guidelines (FIDO2 & phishing-resistant authenticators) – https://pages.nist.gov/800-63-3/sp800-63b.html

Yubico – Implementing Phishing-Resistant MFA (practical deployment guide) – https://www.yubico.com/authentication-standards/fido2/

Summary:

In this fast-paced technical roundup, we cover three high-impact cybersecurity developments from the last 7 days (Feb 28–Mar 4, 2026): escalating Iranian-linked cyber operations amid U.S.-Israel strikes, CISA's addition of an actively exploited VMware Aria Operations command injection flaw to the KEV catalog, and the University of Hawaiʻi Cancer Center's disclosure of a 2025 ransomware attack exposing up to 1.2 million individuals' sensitive data.

We break down attack vectors, indicators of compromise, exploitation mechanics, and immediate defensive steps—essential listening for SOC teams, incident responders, and risk managers navigating blended threats, virtualization vulnerabilities, and long-tail data extortion.

Geopolitical Cyber Escalation (Iran-linked activity post-Feb 28 strikes):

Canadian Centre for Cyber Security Threat Bulletin – https://www.cyber.gc.ca/en/guidance/cyber-threat-bulletin-iranian-cyber-threat-response-usisrael-strikes-february-2026

Palo Alto Networks Unit 42 Threat Brief (phishing campaign details) – https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026

VMware Aria Operations Vulnerability (CVE-2026-22719):

CISA Known Exploited Vulnerabilities Catalog Addition – https://www.cisa.gov/news-events/alerts/2026/03/03/cisa-adds-two-known-exploited-vulnerabilities-catalog

Broadcom Security Advisory VMSA-2026-0001 – https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

University of Hawaiʻi Cancer Center Ransomware Breach:

Official UH Cancer Center Notice of Cyberattack – https://www.hawaii.edu/news/2026/02/27/notice-of-cyberattack-uh-cancer-center

HIPAA Journal Coverage (impact and timeline details) – https://www.hipaajournal.com/university-of-hawaii-cancer-center-ransomware-data-breach

Description / Summary:

In this technical deep dive, we examine leading products for microsegmentation at the application and workload level—essential for stopping lateral movement in hybrid, multi-cloud, and containerized environments. As breaches become inevitable, these solutions enforce least-privilege policies based on process identities, behaviors, dependencies, and real-time telemetry, using host-based enforcement, AI-driven recommendations, and dynamic containment.

We cover three standout platforms:

Illumio Zero Trust Segmentation: Host/agentless visibility, AI-powered policy computation, and rapid breach isolation.

Akamai Guardicore Segmentation: Process-level kernel enforcement, automated policy generation, and Osquery threat hunting.

Cisco Secure Workload: Workload dependency graphing, eBPF tracing, and ACI/Kubernetes integration.

Stay neutral as we highlight technical architectures, enforcement mechanisms, and 2025-2026 enhancements like agentless modes, ML anomaly detection, and scalability for thousands of workloads.

Supporting Links:

Illumio Zero Trust Segmentation Overview – https://www.illumio.com/illumio-segmentation

Akamai Guardicore Segmentation Product Page – https://www.akamai.com/products/akamai-guardicore-segmentation

Cisco Secure Workload Documentation & Releases – https://www.cisco.com/c/en/us/support/security/tetration/products-release-notes-list.html

Gartner Peer Insights: Network Security Microsegmentation (2026 Customers' Choice mentions) – https://www.gartner.com/reviews/market/network-security-microsegmentation

Akamai Segmentation Impact Study 2025 – https://www.akamai.com/site/en/documents/research-paper/segmentation-impact-study-2025.pdf

The Future of Firewalls: Hybrid Mesh Architectures Take Center Stage in 2026

In this episode of Tech Updates, we explore the evolving world of network security as traditional firewalls give way to hybrid mesh architectures. With enterprises operating across on-premises, multi-cloud, edge, and remote environments, unified protection is no longer optional—it's essential.

Gartner formalized the Hybrid Mesh Firewall (HMF) category in its inaugural 2025 Magic Quadrant, predicting that over 60% of organizations will deploy multiple firewall types by 2026. We break down what HMF means technically—multi-deployment firewalls (hardware, virtual, cloud-native, FWaaS) managed from a single cloud-based plane for consistent policies, threat prevention, and reduced complexity.

We cover key developments from leading vendors:

• Palo Alto Networks' Strata platform unifying PA-Series, VM-Series, CN-Series, and cloud options with AI-powered threat intel.
• Fortinet's FortiOS convergence across appliances and cloud, emphasizing ASIC performance and Security Fabric integration.
• Cisco's Hybrid Mesh Firewall with intent-based policy management via Security Cloud Control and Mesh Policy Engine, supporting multi-vendor enforcement (including third-party like Palo Alto and Fortinet).

Plus quick mentions of Check Point, Juniper/HPE, and others pushing similar unified approaches.

Key Takeaways:

Hybrid mesh firewalls simplify ops with centralized management while extending advanced protections (DPI, microsegmentation, AI detection) everywhere.

The shift addresses east-west threats, hybrid work, and multi-cloud realities—no more silos.

Expect more SASE/SSE integration and quantum-readiness in the coming years.

Listen in for a neutral, technical deep dive into where firewall tech is headed. Subscribe for more updates on emerging security trends!

If you found this information useful share with a friend or colleague, Thank you for your support.

Feel free to tweak these—let me know if you'd like more title options or adjustments to the notes!

• Gartner Magic Quadrant for Hybrid Mesh Firewall (official report page, August 2025)https://www.gartner.com/en/documents/6871166
• Palo Alto Networks: Leader in the 2025 Gartner Magic Quadrant for Hybrid Mesh Firewall (with download link)https://start.paloaltonetworks.com/gartner-hybrid-mesh-firewalls-mq-2025
• Fortinet: Leader in the 2025 Gartner Magic Quadrant for Hybrid Mesh Firewall (highest in Ability to Execute)https://www.fortinet.com/resources/analyst-reports/gartner-magic-quadrant-hmf
• Cisco Hybrid Mesh Firewall Overview (with Security Cloud Control and unified management details)https://www.cisco.com/site/us/en/solutions/security/hybrid-mesh-firewall/index.html
• Palo Alto Networks Blog: What Is a Hybrid Mesh Firewall and Why It Matters (explains Strata platform unification)https://www.paloaltonetworks.com/blog/2025/08/hybrid-mesh-firewall-and-why-it-matters

1. Palo Alto Networks Prisma Access

• Feb 2025 (Prisma SD-WAN): Flow visualization, SGT propagation, GCM encryption, ION 9300 support.https://docs.paloaltonetworks.com/prisma-sd-wan/release-notes/new-features/prisma-sd-wan-release-information/prisma-sd-wan-features-introduced-in-2025/features-introduced-in-february-2025
• Aug 2025 (Strata Cloud Manager): Entity timestamps, region-based config management.https://docs.paloaltonetworks.com/content/techdocs/en_US/strata-cloud-manager/release-notes/new-features-strata-cloud-manager/new-features-in-august-2025

2. Zscaler

• 2025 Upgrades (ZIA/ZPA/ZDX): EDM/IDM in email DLP, tenancy restrictions, Sandbox tokens, NSS exclusions.https://help.zscaler.com/zia/release-upgrade-summary-2025https://help.zscaler.com/zpa/release-upgrade-summary-2025
• Jan/Feb 2026: AI Security Suite, Client Connector 4.7/4.8 (strict enforcement, offload controls, DNS fixes, vuln mitigations). https://www.zscaler.com/press/zscaler-unveils-new-innovations-secure-enterprise-ai-adoptionhttps://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2026https://help.zscaler.com/zscaler-client-connector/release-upgrade-summary-2026
• ZPA Feb 2026: RHEL 8/9 RPMs, Private Service Edge VPN (IPsec/GRE, BGP).https://help.zscaler.com/zpa/release-upgrade-summary-2026

3. Cisco Secure Access

• 2025: Universal ZTNA, trusted network detection, scheduled rules, endpoint/email DLP (ML inspection).https://www.cisco.com/site/us/en/products/security/secure-access/index.htmlhttps://www.cisco.com/c/en/us/td/docs/security/cdo/whats-new-for-cisco-defense-orchestrator/m-features-highlights-of-2025.html
• Feb 2026: AI Defense (supply chain governance, prompt injection protection), AI-Aware SASE, ThousandEyes app insights. https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m02/cisco-redefines-security-for-the-agentic-era.html
• Additional: Hybrid ZTNA, AI Access, policy assurance, enterprise browser.https://www.ciscolive.com/c/dam/r/ciscolive/global-event/docs/2025/pdf/BRKSEC-2285.pdf