Lucy Green

As Anthropic and OpenAI expand AI tool access, organizations face both risks and opportunities.

A malware-as-a-service operation impersonating Minecraft clients and mods has compromised thousands of systems since January, with YouTube tutorials serving as the primary funnel.

New reports debate whether inadequate tools or operational lapses are to blame for cybersecurity issues.

Generative AI closes the skill gap between vague criminal intent and working malware. Responsible disclosure norms weren't built for that world.

AI-assisted exploit development has collapsed the time between disclosure and mass exploitation. Traditional vulnerability management workflows weren't built for this pace.

A pro-Iran Telegram channel published a walkthrough showing how Instagram's conversational recovery assistant could be talked into linking attacker-controlled email addresses to target accounts. The Obama White House and a senior U.S. Space Force account were briefly defaced.

Politie and NCSC seized command infrastructure hosted on Dutch soil, dismantling a network that pulled in PCs, phones, tablets and IoT gear at scale.

The DPRK-linked crew is spoofing Webex pages and antivirus installers to drop new implants on military and corporate networks.

Attackers are piggybacking on Fortinet's endpoint management tooling to push infostealers disguised as legitimate agent updates.

The platform uses host telemetry and AI analysis to flag intent drift, secret theft, and supply-chain interference — in real time, before the damage lands.

An account takeover vulnerability in the open-source call-for-papers platform Pretalx could allow an unauthenticated attacker to manipulate submission outcomes, researchers at Novee have found.

CVE-2026-27771 allowed anonymous pulls of private container images from all Gitea deployments prior to version 1.26.2, according to maintainers.

Employees are running unsanctioned AI assistants by the handful. Regulators are starting to ask who approved them, and under which control framework.

Machine-learning-driven flood attacks are reshaping volumetric thresholds faster than current incident-reporting frameworks anticipated.

Fewer than 10 percent of OT networks have meaningful monitoring in place, according to the 2026 Dragos OT Cybersecurity Year in Review. Until that changes, layering machine-learning tools on top of industrial control systems may create more risk than it resolves.