These news items are automatically aggregated from industry sources and are not individually reviewed. Any inaccuracies are unintentional —
let us know and we'll correct or remove it.
Verizon’s 2026 Data Breach Investigations Report, based on more than 22,000 confirmed breaches, finds that exploiting unpatched software flaws (31%) has overtaken stolen credentials as the top way attackers get in – the first time in the report’s 19-year history. Third-party supply chain breaches jumped 60%, and AI is compressing attack timelines from months to hours.
The FBI issued a FLASH alert on May 26 warning that the Silent Ransom Group has escalated its extortion campaign against U.S. law firms by physically sending operatives into office buildings under the guise of IT support. More than 38 firms have already had data published on the gang’s leak site, with total confirmed attacks exceeding 100.
Vercel released deepsec in early May 2026 as an open-source, CLI-first security harness that uses AI coding agents to surface hard-to-find vulnerabilities across large codebases. It runs on your own infrastructure, scales to thousands of concurrent sandboxes, and integrates directly into existing DevOps workflows.
Two weeks before WWDC 2026 opens on June 8, Apple quietly registered genai.apple.com, a subdomain that returns a connection timeout rather than a 404, signalling it is staged and ready to go live. Combined with reporting that iOS 27’s rebuilt Siri will use Google Gemini technology routed through Apple’s own Private Cloud Compute infrastructure rather than Google’s servers, the registration suggests Apple is preparing to position generative AI as something that can be both capable and private.
Microsoft Threat Intelligence has disclosed a threat actor called Storm-2949 that walked through an organisation’s entire Azure and Microsoft 365 environment using only password resets and social engineering against MFA prompts. No malware, no novel CVE. The attack reached Key Vault secrets, SQL databases, SharePoint documents, and production virtual machines before defenders detected it.
A critical unauthenticated SQL injection flaw in Ghost CMS (CVSS 9.4) is being actively exploited in the wild, with attackers hijacking more than 700 websites, including those of major institutions, to deliver ClickFix malware through injected JavaScript. Sites running Ghost versions 3.24.0 through 6.19.0 need to patch immediately.
A new ransomware family called Payload has claimed 12 victims across seven countries since launching in February 2026, targeting both Windows and VMware ESXi infrastructure with a refined Babuk-derived encryption scheme that erases per-file private keys from memory after locking each file, making recovery without the operator’s key mathematically impossible.
iOS 26.5 and the latest Google Messages update are bringing end-to-end encrypted RCS messaging to cross-platform conversations between iPhone and Android users, ending years of reliance on unprotected SMS infrastructure for the most common mobile communication channel. Separately, Apple’s Siri deal with Google raises questions about where AI conversations are processed.
A highly critical SQL injection vulnerability in Drupal core, disclosed on May 20 and affecting PostgreSQL-backed sites from version 8.9.0 through 11.3.9, is under active exploitation with more than 15,000 attack attempts recorded against nearly 6,000 sites within the first 48 hours of disclosure.
A coordinated supply chain campaign called TrapDoor has deployed 34 malicious packages and more than 384 related versions across npm, PyPI, and Crates.io, targeting developers in crypto, AI, and security to steal AWS keys, GitHub tokens, SSH keys, and crypto wallets. The campaign also embeds hidden instructions in AI coding assistant configuration files to hijack Claude Code and Cursor sessions.
This site uses cookies. By continuing to use this website, you agree to their use.
We’ll help you resolve your infrastructure challenges
Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.