Cloud Security

On April 15, 2026, Mozilla and Google removed DigiCert's legacy G1 root certificates from their trust stores, forcing holdouts on legacy chains to reissue TLS certificates or face untrusted errors.

Salt Security and KushoAI release dueling reports on the same day showing API security has become the critical blind spot of the agentic AI era, with nearly all attacks now originating from authenticated sources.

NIST is overhauling its IoT cybersecurity guidance for federal agencies while the EU Cyber Resilience Act's first enforcement deadline in September 2026 forces manufacturers to build vulnerability reporting infrastructure from scratch.

India's Reserve Bank enforces mandatory two-factor authentication for all digital payments from April 1, while NIST's updated identity guidelines and Microsoft's passwordless-by-default accounts mark a coordinated global shift toward phishing-resistant authentication.

The CNCF incubating project ships runtime threat detection powered by CEL-based rules, a centralized security metadata store, and the first open-source controls for auditing AI agent configurations in Kubernetes clusters.

Signal's SPQR protocol adds a quantum-safe ratchet alongside the Double Ratchet, with server-side enforcement now rolling out to new accounts.

Iranian drones struck three AWS facilities in the UAE and Bahrain, knocking two availability zones offline and challenging the cloud industry's core resilience assumptions.

The cybersecurity industry's largest conference was dominated by agentic AI security products, even as data shows only 5 percent of enterprises have moved AI agents into production.

Amazon launched its AWS European Sovereign Cloud in Brandenburg, Germany in January 2026 with €7.8 billion in investment and ~90 services, but legal experts warn the U.S. CLOUD Act may undermine its core sovereignty guarantees.

Threat actor exploited infostealer-harvested passwords to breach enterprise file-sharing platforms at major companies lacking MFA protection.