Security Insights

Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

A photoreal server room at night, rows of glowing blue rack-mounted servers, one rack conspicuously overheating with amb
Vulnerabilities
4 min read
1 Jul 2026

CVE-2025-33017: Attackers Are Turning Forgotten Langflow Servers Into Monero Mines

A critical unauthenticated remote-code-execution flaw in Langflow is under active exploitation, with threat actors deploying XMRig cryptocurrency miners on any instance left exposed to the public internet.

A photoreal editorial close-up of a tangled cluster of consumer routers, IP cameras, and small set-top boxes sitting on
Threats
5 min read
30 Jun 2026

RustDuck Botnet Has Been Building a DDoS Swarm Since February 2026 — and It's Evolving Faster Than It's Growing

QiAnXin's XLab team has identified a Rust-written, two-stage botnet called RustDuck quietly enlisting home routers, IP cameras, Android TV boxes, and exposed Linux servers into a DDoS-for-hire operation. The headline isn't the size of the swarm. It's how fast the code is changing.

A close-up photoreal shot of a server rack in a dimly lit enterprise data center, with a single rack unit emitting a fai
Vulnerabilities
5 min read
30 Jun 2026

CVE-2026-46817: Unauthenticated Attackers Are Actively Exploiting Oracle E-Business Suite Payments

A CVSS 9.8 flaw in Oracle's Payments module lets remote attackers seize full control of EBS instances — no credentials required — and exploitation is already underway.

A close-up photoreal shot of hands hovering over a laptop keyboard in a dimly lit office, the glow of a browser address
Threats
4 min read
30 Jun 2026

Fake Perplexity Chrome Extension Sent Every Address Bar Keystroke to an Attacker Server

Microsoft's threat research team caught a malicious Chrome extension impersonating Perplexity AI — one that silently intercepted omnibox input, character by character, before users ever saw a search result.

A photoreal wide-angle shot of a dimly lit enterprise server room at night, rows of glowing rack-mounted servers casting
Breaches
5 min read
29 Jun 2026

ShinyHunters Breached NAIC via Oracle PeopleSoft Zero-Day — But the Regulator Says the Haul Was Mostly Junk

The National Association of Insurance Commissioners confirms attackers exploited an unpatched vulnerability in an internet-facing PeopleSoft server, while disputing the extortion crew's characterization of what was actually stolen.

A photoreal editorial scene of a glowing laptop screen displaying green terminal code in a dimly lit developer workspace
Threats
4 min read
29 Jun 2026

Hijacked npm Packages Abuse VS Code Tasks to Drop Cross-Platform Python Infostealer

JFrog researchers found attackers who compromised two legitimate npm maintainer accounts and built a Go module cluster to deliver a Python stealer — hiding execution inside VS Code workspace task definitions rather than the lifecycle hooks most tools actually scan.

Photoreal editorial scene: a software developer sitting at a dual-monitor workstation in a dimly lit open-plan office, f
Vulnerabilities
5 min read
29 Jun 2026

CVE-2026-12957: Amazon Q Developer Flaw Let a Cloned Repo Steal AWS Credentials

A high-severity vulnerability in Amazon's AI coding assistant allowed a hostile repository to hijack ambient AWS credentials the moment a developer clicked 'trust workspace.' Amazon has shipped a patch.

A photorealistic editorial scene showing a close-up of a smartphone lying face-up on a cold metal table in a sparse, dim
Threats
5 min read
28 Jun 2026

Russia Used Cellebrite Against an Activist, Five Eyes Sounded an AI Alarm, and Scattered Spider Pleaded Guilty — Here Is What Defenders Should Do Next

Four security developments from one week paint a coherent picture: surveillance tools reach beyond their intended users, AI threats are operational not theoretical, Mac endpoints carry real risk, and social-engineering crews face real prison time.

Photoreal editorial scene: a darkened server room bathed in cold blue light, rows of network hardware with blinking ambe
Threats
4 min read
28 Jun 2026

ASIO: State Hackers Stole IT Staff Credentials at Australian Critical Infrastructure Site

Australia's domestic intelligence chief confirmed a foreign state actor had harvested valid login credentials from privileged IT accounts inside a critical infrastructure operator — and was positioned for sabotage, not passive surveillance.

Photoreal editorial scene: a darkened government server room in Southeast Asia, rows of illuminated rack-mounted servers
Threats
5 min read
28 Jun 2026

New TinyRCT Backdoor Targets Southeast Asian Energy and Government Networks in Stealthy Chinese-Speaking Campaign

Palo Alto Networks Unit 42 has identified a previously unknown implant — TinyRCT — deployed by an intrusion cluster called CL-STA-1062 against state-owned energy enterprises and government ministries across Southeast Asia.

Photoreal editorial scene: a dimly lit government office at night, a serious professional in civilian clothes staring at
Threats
4 min read
27 Jun 2026

Russia Ran Fake Messenger Support Scams Against Officials Across Three Continents, SSU and FBI Say

GRU and FSB-linked operators impersonated tech-support staff and trusted contacts to hijack Signal, Telegram, and WhatsApp accounts belonging to soldiers, politicians, and activists in Ukraine, Europe, and the United States.

A photoreal editorial scene of a darkened government operations center in Asia at night, multiple monitors displaying ne
Threats
4 min read
27 Jun 2026

SharkLoader: A Custom-Built Stager Is Planting Cobalt Strike Beacon on Asian Government Networks

Kaspersky researchers tracking a campaign called StrikeShark have identified a previously undocumented loader family dropping Cobalt Strike Beacon on a diplomatic organization in Indonesia and government targets in Taiwan — a targeting profile that points squarely to state-sponsored espionage.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress