preloader

These news items are automatically aggregated from industry sources and are not individually reviewed. Any inaccuracies are unintentional — let us know and we'll correct or remove it.

security devops supply-chain vulnerability cloud

Verizon 2026 DBIR: Vulnerability Exploitation Overtakes Credential Theft as the Leading Breach Entry Point

Verizon’s 2026 Data Breach Investigations Report, based on more than 22,000 confirmed breaches, finds that exploiting unpatched software flaws (31%) has overtaken stolen credentials as the top way attackers get in – the first time in the report’s 19-year history. Third-party supply chain breaches jumped 60%, and AI is compressing attack timelines from months to hours.

security ransomware social-engineering

FBI Warns: Silent Ransom Group Now Sending Operatives In Person to Steal Data from Law Firms

The FBI issued a FLASH alert on May 26 warning that the Silent Ransom Group has escalated its extortion campaign against U.S. law firms by physically sending operatives into office buildings under the guise of IT support. More than 38 firms have already had data published on the gang’s leak site, with total confirmed attacks exceeding 100.

privacy apple ai wwdc security

Apple's genai.apple.com Subdomain Points to a Privacy-First AI Strategy Ahead of WWDC 2026

Two weeks before WWDC 2026 opens on June 8, Apple quietly registered genai.apple.com, a subdomain that returns a connection timeout rather than a 404, signalling it is staged and ready to go live. Combined with reporting that iOS 27’s rebuilt Siri will use Google Gemini technology routed through Apple’s own Private Cloud Compute infrastructure rather than Google’s servers, the registration suggests Apple is preparing to position generative AI as something that can be both capable and private.

security azure cloud devops identity

Storm-2949 Compromised Azure and Microsoft 365 Without Deploying Any Malware

Microsoft Threat Intelligence has disclosed a threat actor called Storm-2949 that walked through an organisation’s entire Azure and Microsoft 365 environment using only password resets and social engineering against MFA prompts. No malware, no novel CVE. The attack reached Key Vault secrets, SQL databases, SharePoint documents, and production virtual machines before defenders detected it.

security cms vulnerability supply-chain devops

Ghost CMS Vulnerability CVE-2026-26980 Exploited Across 700+ Sites in Active ClickFix Campaign

A critical unauthenticated SQL injection flaw in Ghost CMS (CVSS 9.4) is being actively exploited in the wild, with attackers hijacking more than 700 websites, including those of major institutions, to deliver ClickFix malware through injected JavaScript. Sites running Ghost versions 3.24.0 through 6.19.0 need to patch immediately.

security ransomware windows infrastructure devops

New Payload Ransomware Hits Windows and ESXi with Anti-Forensic Babuk-Style Encryption

A new ransomware family called Payload has claimed 12 victims across seven countries since launching in February 2026, targeting both Windows and VMware ESXi infrastructure with a refined Babuk-derived encryption scheme that erases per-file private keys from memory after locking each file, making recovery without the operator’s key mathematically impossible.

privacy apple google mobile messaging

Apple and Google Roll Out End-to-End Encrypted RCS Messaging, Closing the iPhone-Android Privacy Gap

iOS 26.5 and the latest Google Messages update are bringing end-to-end encrypted RCS messaging to cross-platform conversations between iPhone and Android users, ending years of reliance on unprotected SMS infrastructure for the most common mobile communication channel. Separately, Apple’s Siri deal with Google raises questions about where AI conversations are processed.

security devops supply-chain open-source aws

TrapDoor Campaign Plants 34 Malicious Packages Across npm, PyPI, and Crates.io to Steal Cloud Credentials

A coordinated supply chain campaign called TrapDoor has deployed 34 malicious packages and more than 384 related versions across npm, PyPI, and Crates.io, targeting developers in crypto, AI, and security to steal AWS keys, GitHub tokens, SSH keys, and crypto wallets. The campaign also embeds hidden instructions in AI coding assistant configuration files to hijack Claude Code and Cursor sessions.

We’ll help you resolve your infrastructure challenges

Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.

Get in touch!