Navia Benefit Solutions reveals a breach exposing 2.7 million records including Social Security numbers. Analysis of notification obligations and compliance lessons.
Complete guide to the OWASP Top 10 for LLM applications. Prompt injection, data exfiltration, model poisoning: understand and defend.
Google, Amazon, Microsoft, Anthropic and OpenAI collectively invest $12.5M to secure open source. Big Sleep and CodeMender find vulnerabilities automatically.
Microsoft DART reveals an active vishing campaign via Teams where attackers impersonate IT support and use Quick Assist to take control of workstations.
Practical guide to creating an incident response playbook aligned with NIST CSF 2.0. Templates, tabletop exercises, and cloud adaptation.
Analysis of CVE-2026-21992, a critical Oracle Identity Manager vulnerability allowing unauthenticated remote code execution. Patch available.
The DORA regulation enters active supervision mode. First Register of Information (RoI) submissions are due by end of Q1 2026. Practical guide.
MISP 2.5.35, released March 19, 2026, brings a UI overhaul, massive performance gains, and MISP Workbench for large-scale threat intelligence analysis.
Hacktivist group Handala, linked to Iran's IRGC, carried out a destructive wiper attack against medtech giant Stryker via Microsoft Intune. 50 TB of data stolen.
CVE-2026-3094 reveals a backdoor in XZ Utils, a compression utility present on nearly all Linux systems. Analysis of a historic near-miss.
Technical analysis of CVE-2026-33017, a critical Langflow vulnerability allowing unauthenticated remote code execution. Exploited within 20 hours of disclosure.
Credential abuse has surpassed malware as the top attack vector in 2026. Key statistics, attacker techniques, and a layered defense guide.