Operation SilentCanvas: Attackers use .jpeg files to deliver malware
Attackers are weaponizing .jpeg files to deliver PowerShell payloads, trojanize ScreenConnect, and establish persistence on target systems.
SC Media
20 articles
Grego AI launches with AI-powered vulnerability detection
The company's method, called Deep Invariant Analysis, scans entire codebases to map module and dependency connections.
RubyGems pauses new account sign-ups amid major malicious attack
The attack has led to the involvement of hundreds of packages, with many directly targeted and some containing exploits.
What zero-trust looks like for AI agents
Here’s four steps teams can take to secure newly-emerging agentic AI environments.
Signal enhances security with new features to combat phishing attacks
The messaging app is implementing several new features to protect users from scams, particularly those impersonating Signal Support.
Manifold Security expands supply chain intelligence to cover AI agent servers
The expansion adds scored entries for over 7,700 MCP servers to Manifold's existing index of agent skills and plugins.
AI cybersecurity startup Exaforce raises $125 million
Exaforce utilizes AI agents, dubbed "Exabots," to analyze data and automate security operations, aiming to reduce the burden on human analysts.
Huntress and Acrisure launch simplified cyber insurance program
The program provides eligible organizations with access to unique Cyber or Tech Errors and Omissions (Tech E&O) insurance policies.
West Pharmaceutical Services hit by ransomware attack
The pharmaceutical packaging and delivery systems manufacturer experienced a ransomware attack on May 4, prompting the company to proactively shut down and i...
Instructure reaches agreement with hackers after Canvas data breach
ShinyHunters claimed responsibility for stealing more than 3.6 terabytes of data by exploiting security vulnerabilities in Instructure's Free-for-Teacher env...
Škoda Auto discloses data breach after online shop hack
Attackers exploited an unspecified vulnerability in the software of Škoda's e-commerce portal to gain unauthorized access.
Community Bank customer data exposed via unauthorized AI software
The bank, which serves customers in Pennsylvania, Ohio, and West Virginia, filed an 8-K with the U.S.
Fortinet addresses critical vulnerabilities in FortiSandbox and FortiAuthenticator
The first vulnerability, CVE-2026-44277, affects FortiAuthenticator's Identity and Access Management solution and was patched in versions 6.5.
Optimize Legal Operations as the CISO Role Changes to Address Skills Gaps and AI - Walter Scott Wilkens - BSW #447
Patch Tuesday: No zero days among 137 Microsoft CVEs, 4 Word RCEs
The May 2026 Microsoft security update included no zero days for the first time since June 2024.
Fighting fire with fire: Defending against Mythos-powered cyberattacks
How AI-powered exposure management reduces the opportunities AI-powered attackers depend on.
Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Giedi Prime, Aaran Leyland... - SWN #580
‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages
Teams warn the latest Shai-Hulud wave weaponizes trusted OIDC tokens to bypass package integrity checks.
Incident Response Tabletop Exercises: How CISOs Build Cyber Resilience Before Breach - WC #1
5 ways to defend against vibe hacking
Vibe hacking has arrived – here’s what to do about it.