Experts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders Expect
This week on Experts on Experts, I’m joined by Christiaan Beek, Rapid7’s VP of Threat Analytics, to talk through what we’re seeing in the 2026 threat landsca...
General
20 articles
Alleged Silk Typhoon hacker extradited to the United States to face charges
A man accused of working as a hacker for China's Ministry of State Security has been extradited to the USA from Italy, and faces - if found guilty - the pros...
Claude Mythos Fears Startle Japan's Financial Services Sector
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed.
Claude Mythos Has Found 271 Zero-Days in Firefox
That’s a lot. No, it’s an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix l...
A Quarter of Healthcare Organizations Report Medical Device Cyber-Attacks
RunSafe report reveals most attacks on medical devices disrupt patient care
[webapps] phpMyFAQ 4.0.16 - Improper Authorization
phpMyFAQ 4.0.
[webapps] OpenKM 6.3.12 - Multiple
OpenKM 6.3.
[local] Atlona ATOMERX21 - Authenticated Command Injection
Atlona ATOMERX21 - Authenticated Command Injection
CI/CD pipeline abuse: the problem no one is watching
How we built an open-source, drop-in CI template that uses signal extraction and LLM reasoning to catch CI/CD abuse in GitHub Actions, GitLab CI, and Azure D...
What the March 2026 Threat Technique Catalog update means for your AWS environment
The AWS Customer Incident Response Team (AWS CIRT) regularly encounters patterns that repeat across their engagements when helping customers respond to secur...
Access control with IAM Identity Center session tags
As organizations expand their Amazon Web Services (AWS) footprint, managing secure, scalable, and cost-efficient access across multiple accounts becomes incr...
Simplifying AWS defense with Microsoft Sentinel UEBA
Learn how Microsoft Sentinel UEBA helps defenders distinguish benign AWS activity from attacker behavior by enriching raw CloudTrail logs with clear, binary ...
Shutdowns, power outages, and conflict: a review of Q1 2026 Internet disruptions
The first quarter of 2026 saw a surge in Internet disruptions, from nationwide shutdowns in Uganda and Iran to unprecedented drone strikes on cloud infrastru...
AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data...
What Anthropic’s Mythos Means for the Future of Cybersecurity
Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into...
French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches
A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 - including a hack of the French Ministry of National Education tha...
Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place
No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC
The National Cyber Security Centre has warned against measuring SOCs with ticket-based metrics