Experts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders Expect
This week on Experts on Experts, I’m joined by Christiaan Beek, Rapid7’s VP of Threat Analytics, to talk through what we’re seeing in the 2026 threat landsca...
Manufacturing
20 articles
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,0...
No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC
The National Cyber Security Centre has warned against measuring SOCs with ticket-based metrics
Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation
Malicious npm packages spread via worm-like propagation and steal developer credentials
AI is Changing Vulnerability Discovery and your Software Supply Chain Strategy has to Change with it
Wade Woolwine is Senior Director, Product Security at Rapid7. The headlines around Glasswing have focused on how quickly AI can surface vulnerabilities, whic...
Defending Against China-Nexus Covert Networks of Compromised Devices
Defending against china-nexus covert networks of compromised devices executive summary Defending against China-nexus covert networks of compromised devices E...
Carlson Software VASCO-B GNSS Receiver
View CSAF Summary Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation...
ZDI-26-296: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. User interaction is required t...
Making Rust Workers reliable: panic and abort recovery in wasm‑bindgen
Panics in Rust Workers were historically fatal, poisoning the entire instance. By collaborating upstream on the wasm‑bindgen project, Rust Workers now suppor...
Researchers Uncover ProxySmart Software Powering 90+ SIM Farms
Infrawatch says ProxySmart platform enables SIM farm activity at “industrial scale”
ZionSiphon Malware Targets Water Infrastructure Systems
ZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilities
Supply chain dependencies: Have you checked your blind spot?
Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?
Threat landscape for industrial automation systems in Q4 2025
The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and stati...
Your Supply Chain Breach Is Someone Else's Payday
A supply chain attack by TeamPCP compromised trusted software tools to harvest credentials at scale, enabling payroll fraud, logistics theft, and ransomware ...
Securing the Software Supply Chain: How SentinelOne’s AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack
On April 9, 2026, cpuid.com was actively serving malware through its own official download button.
STX RAT Targets Finance Sector With Advanced Stealth Tactics
STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods
6th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Europ...
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
Advisory at a Glance Title Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Original Publication Apri...
ZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...
ZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...