Lorna Singh

The Russia-aligned group has spent the year refining spear-phishing lures against Ukrainian targets, leaning harder on cloud services and credential theft.

A page-cache manipulation bug related to DirtyFrag lets local, unprivileged attackers escalate to root — no credentials required beyond a shell.

Six billion euros in penalties later, Europe's data regulation has reshaped corporate behavior — and created a compliance burden that companies say is quietly strangling AI development on the continent.

Hundreds of C2 servers went dark in a coordinated takedown targeting the shared hosting backbone used by two prolific infostealer families.

More than half of enterprise AI agents run without security oversight or logging. A maturing class of AI security posture management tools exists to fix that — if you know what to look for.

A critical flaw in FFmpeg's MagicYUV decoder reveals the fragility of software supply chains.

Thalha Jubair and Owen Flowers admitted roles in the TfL intrusion and a sprawling SIM-swap and SMS-phishing operation that turned harvested SSO credentials into nine-figure ransom payouts.

An executive order mandates that high-value federal assets shift to post-quantum cryptography by 2030–2031. For identity infrastructure, that deadline is closer than it looks.

As breaches become inevitable, organizations must focus on operational resilience, not just perimeter defense.

Attackers slipped malicious code into licensed Pro releases by compromising the vendor's own build pipeline — a clean supply-chain hit on WordPress installs.

Paradigm Shift's tethered exploit reaches code burned into the silicon, putting a years-long tail on iPhone XS through SE2 boot-chain trust.

A Bluetooth eavesdropping patch, a quietly dangerous GCP misconfiguration vulnerability, and a threat actor that spent ten years undetected — here's what you may have missed.

Microsoft uncovers RCE vulnerability in AutoGen Studio through local AI agent misuse.

The risk isn't what employees paste into ChatGPT. It's what tokens, scopes, and service accounts the AI agents they spin up are quietly holding.

The deal adds credential, session, and blast-radius visibility to Splunk's autonomous detection pipeline — filling a gap that pure log-correlation has always struggled with.