The vulnerability deluge is coming. The industry’s response cannot leave most defenders behind.

Two computer crime allegations follow up to 18M lines of data surfacing online

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range...

In this week’s newsletter, Hazel uses International Superhero Day as a springboard to explore why empathy — rather than just technical prowess — is the most essential, underrated superpower for...

OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks.

This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows If you use Gemini CLI, watch out: Google has patched a CVSS 10.0 vulnerability in its command-line...

Delivering enterprise-grade continuous AI-powered risk assessment to hundreds of customers through the combined power of Wiz and Anthropic

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional...

Infrastructure mapping,EtherHiding C2,ASN analysis & blockchain pivoting (pt2)

Two computer crime allegations follow up to 18M lines of data surfacing online French prosecutors say police detained a 15-year-old on April 25 over the alleged theft of millions of records from...

For MSSPs, the rapid business adoption and deployment of AI assistants and agents are both a challenge and an opportunity.

Bridge the gap between AI-driven vulnerability discovery and prioritized remediation. Learn how to integrate Claude Security’s deep-logic analysis into Tenable One to unify your attack surface,...

GNU security advisory (AV26-407)

CrowdStrike says The Com-affiliated threat groups are using voice phishing and fake SSO pages to break into SaaS environments and steal data fast for extortion. The post Two new extortion crews...

A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for generating campaign drafts. [...]

Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability...

Vect ransomware, a new group that emerged in January 2026, has recently begun attracting attention in the cybersecurity space for its strategic partnerships, which are helping it expand. One...

GitLab security advisory (AV26-406)

Cloudflare IPsec now has generally available support for post-quantum encryption via hybrid ML-KEM. We’ve confirmed interoperability with Cisco and Fortinet.

A Romanian national who led an online swatting ring that targeted more than 75 public officials, multiple journalists, and four religious institutions was sentenced to 4 years in federal prison. [...]

Turns out the real problem is not AI but staff still clicking on dodgy emails from 'IT support'

When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and government partners have released a new guide to accelerate... The post New CISA guidance outlines zero trust roadmap for OT...

Healthcare organizations recorded 120 ransomware attacks in the first quarter of this year, marking a 14% decline compared... The post Comparitech assesses healthcare ransomware decline in volume...

New research from RunSafe Security highlights growing operational and clinical impact of cyber threats targeting connected healthcare technology.... The post RunSafe Index reports that healthcare...

Just in time for the Trump-Xi summit

Claroty’s threat research team, Team82, uncovered two vulnerabilities in EnOcean’s SmartServer IoT platform affecting version 4.60.009 and earlier.... The post Research finds EnOcean SmartServer...

Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could...

The U.S. Federal Bureau of Investigation (FBI) warned the transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada...

Emergency patches out now for those managing the millions of domains assumed to be affected