Every asset you manage expands your attack surface. Internet‑facing applications, cloud workloads, credentials, endpoints, and third‑party integrations all represent potential entry points for attackers. As environments grow more distributed, that exposure expands faster than most security teams can track manually.… Read More "5 practical steps to strengthen attack resilience with attack surface management"
The largest mobile phone operator in the Netherlands has revealed a major data breach affecting millions of customers. Odido said in a statement late last week that the incident affected a “customer contact system.” Although the firm pointed out that… Read More "Odido Breach Impacts Millions of Dutch Telco Users"
Following leaked revelations at the end of March that Anthropic had developed a powerful new Claude model, the company formally announced Mythos Preview on Tuesday along with news of an industry consortium it has convened, known as Project Glasswing, to… Read More "Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything"
Anthropic may have just announced the future of AI – and it is both very exciting and very, very scary. Mythos is the Ancient Greek word that eventually gave us ‘mythology’. It is also the name for Anthropic’s latest foundational… Read More "Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks"
Key Takeaways Active deception security helps organizations validate whether existing security controls are actually working. Deception technology exposes attacker behavior rather than relying only on traditional detection rules. Security control validation becomes easier when deceptive assets reveal suspicious activity. Active… Read More "How Can Active Deception Validate Security Controls in Real Environments?"
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of… Read More "Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign"
A new GPU-based Rowhammer attack capable of escalating privileges to a full system compromise has been demonstrated by researchers at the University of Toronto. The technique, called GPUBreach by researchers at the University of Toronto, shows how memory corruption on… Read More "GPU Rowhammer Attack Enables Privilege Escalation"
The cybersecurity industry has been drowning in waves of speculation about the impact of AI-enabled attacks since ChatGPT was launched. Today, that speculation has come crashing down. AI-enabled cyberwarfare isn’t coming, it’s here. In September 2025, Anthropic reported the first… Read More "The New Rules of Engagement: Matching Agentic Attack Speed"
Ravie LakshmananApr 07, 2026Vulnerability / DevSecOps A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for… Read More "Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access"
Russian hacking group APT28 has been exploiting vulnerable internet routers to redirect traffic through attacker-controlled servers and steal credentials from targeted organizations, the UK government has warned. In a new advisory published on April 7, the UK’s National Cyber Security… Read More "Russian APT28 Hackers Hijack Routers to Steal Credentials"
