Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

The U.S. government mandates a nationwide shift to quantum-resistant cryptography by 2030, impacting federal agencies and contractors.

A Dutch-led coalition spanning four countries has taken down command-and-control servers powering the SocGholish malware loader and force-remediated nearly 15,000 compromised websites — marking the latest phase of the largest coordinated botnet-disruption effort in history.

France's president is urging wealthy democracies to treat advanced AI governance as a shared responsibility, not a domestic footnote. The gap between political will and enforceable policy remains dangerously wide.

A commodity intrusion at a small French automotive business exposed a gap most incident-response playbooks still miss: killing the command-and-control beacon does not end the incident if the attacker already installed OpenSSH and Tailscale.

A signal Google once condemned as a privacy circumvention becomes official ad infrastructure. The ICO is watching. So should your identity and threat-detection teams.

Federal agents pulled two of the internet's busiest deepfake nude sites offline, marking the first publicly announced domain seizure under a law signed just weeks ago.

Faced with an export-control-style directive it disputes, Anthropic suspended two frontier AI models worldwide rather than build nationality-gated access infrastructure. The standoff raises hard questions about who controls frontier AI and how.

The Trump administration's push to treat frontier AI as dual-use technology forced Anthropic to pull two models entirely — a compliance signal that reshapes how AI labs think about regulatory risk.

GitHub's decision to disable automatic lifecycle script execution in npm v12 closes a well-worn supply chain attack path — but security engineers warn the threat is far from finished.

A new binding directive replaces severity-score timelines with a four-factor risk model. Federal agencies must remediate the highest-risk vulnerabilities within 72 hours. The rest of the industry should be paying close attention.

A Commerce Department watchdog formally faulted NIST for strategic failures, duplicated enrichment work, and CVSS scores so inconsistent that independent evaluators agreed with them barely one time in eight.
Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.
