Many of the most common metrics used to measure the effectiveness of the security operations center (SOC) are at best inaccurate and at worst actively harm SecOps teams, the National Cyber Security Centre (NCSC) has warned. The NCSC’s CTO for… Read More "No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC"
Organizations trust third-party vendors to manage large volumes of sensitive customer data, with outsourcing increasing across all industries, including the highly-regulated healthcare sector and financial services. However, service providers don’t necessarily implement the same strict data security standards that these… Read More "Meeting the SOC 2 Third-Party Requirements in 2026"
The United States military has known for years that enemies could use location data to track troops’ phones—and it’s also long been aware of easy fixes for the problem. The Pentagon adopted almost none of these protections, though, in spite… Read More "Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow"
A suspected state-linked hacker accused of targeting US organizations and COVID-19 research has been extradited to the US, according to the Department of Justice (DoJ). Xu Zewei, a 34-year-old Chinese national, appeared in a federal court in Houston over the… Read More "Chinese National Extradited Over Silk Typhoon Cyber Campaign"
In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit 29 May 2026 It’s that time of month when ESET Chief Security… Read More "This month in security with Tony Anscombe – May 2026 edition"
Two ransomware groups are licking their wounds and rebuilding their infrastructure after leaking each other’s operational data online, according to Halcyon. The set-to began when 0APT claimed the scalps of three ransomware groups on its leak site: newcomer KryBit and… Read More "Ransomware Turf War as 0APT and KryBit Groups Trade Blows"
The European Union’s (EU’s) General Data Protection Regulation (GDPR) is one of the world’s most robust data privacy laws. The regulation requires all organizations that do business in the EU or collect data from EU residents to comply with various… Read More "Free GDPR Vendor Security Questionnaire Template (2026 Edition)"
Ravie LakshmananMay 30, 2026Vulnerability / Network Security Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8),… Read More "PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation"
Medical device giant Medtronic has confirmed a data security incident affecting its corporate IT systems following claims by a cybercrime group that millions of records were stolen. The company said last week an unauthorized party accessed certain internal systems but reported… Read More "Medtronic Confirms Data Breach After ShinyHunters Claims"
Getting the basics right, understanding the threat and putting in place multi-layered defenses are key to protecting organizations from AI-powered cyber threats, the UK’s Information Commissioner’s Office (ICO) has said. Alarmed by the uptick in AI-driven attacks, the data protection… Read More "ICO Publishes Five-Step Plan to Counter Emerging AI-Powered Attacks"
