SmarterTools security advisory (AV26-398)

A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his...

With attackers moving faster than ever, it’s easy to feel overwhelmed. This blog breaks down five practical priorities from the Cisco Talos 2025 Year in Review to help defenders focus and...

Key Takeaways Background VECT Ransomware is a Ransomware-as-a-Service (RaaS) program that made its first appearance in December 2025 on a Russian-language cybercrime forum. After claiming their...

AI agents may soon be buying your stuff for you. The FIDO Alliance has teamed up with Google and Mastercard to try to ensure that shopping in the near future isn't a complete disaster.

An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from...

Proofpoint’s annual survey of 1,453 security professionals shows that organizations hit by an AI incident saw threats appear across every collaboration channel, not just the inbox.

CERT Polska has received a report about 3 vulnerabilities (from CVE-2026-40550 to CVE-2026-40552) found in mpGabinet software.

A vulnerability has been discovered in OpenSSH which could allow for authentication bypass. OpenSSH (Open Secdure Shell) is an open-source suite of secure networking utilities based on the SSH...

A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider...

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in...

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert...

Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. [...]

A vulnerability has been identified in the popular open-source text editor, Notepad++, with the release of CVE-2026-3008. The vulnerability, discovered and reported by CSA under its Responsibility...

A U.S. Senator introduced legislation aimed at strengthening defenses against drone threats targeting critical infrastructure, proposing to grant... The post US bill allows critical infrastructure...

The National Motor Freight Traffic Association (NMFTA) announced the promotion of Ben Wilkens to director of cybersecurity, where... The post NMFTA names Ben Wilkens director of cybersecurity to...

The OT Cybersecurity Information Sharing and Analysis Center (OT-ISAC) published an energy sector threat advisory covering public reporting... The post OT-ISAC flags rising energy sector cyber...

Linux vendor touts European independence at SUSECON as majority stakeholder quietly explores its options European-based SUSE devoted much of the annual SUSECON event to its sovereignty-focused...

Microsoft says it will start blocking legacy TLS connections for POP and IMAP email clients in Exchange Online starting in July 2026. [...]

Threat actors are now publishing structured OPSEC playbooks to stay undetected. Flare reveals how these guides outline layered infrastructure, identity separation, and long-term evasion strategies. [...]

Inaugural global study finds more than half of organizations are not fully confident their AI security controls would detect compromised AI

But if you didn’t see a red-flag signal during a scan of the network, you’re not alone: Almost 7,500 organizations around the world were hit by ransomware last year—and there are lots of ways into...

Microsoft has confirmed a new issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. [...]

After addressing a widespread outage that affected Outlook.com users worldwide on Monday, Microsoft has asked iPhone users to re-enter their credentials to regain access to their Outlook and...

Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump

Xu Zewei was allegedly directed by China’s intelligence services to conduct a sweeping espionage campaign to steal data on COVID-19 research and other U.S. policy interests. The post Chinese...

Explore the 2026 Claude Mythos breach, supply chain risks, and the $2B+ crypto theft pipeline.

Learn how mule account intelligence — not tactic-tracking — is the most effective lever for preventing APP fraud before funds move.

Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on...

Relax, the data's been recovered. Continue with your vibe coding