Security Insights

Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

Photoreal editorial scene: a dimly lit industrial server room inside a large manufacturing facility, rows of humming rac
Vulnerabilities
5 min read
27 Jun 2026

Web Shells Deployed on PTC Windchill PLM Systems as Attackers Exploit Critical Deserialization Flaw

A CVSS 9.3 vulnerability in PTC Windchill and FlexPLM — software trusted by defense contractors, aerospace primes, and automotive manufacturers — is under active exploitation, with attackers establishing persistent backdoors inside some of the most sensitive engineering environments on earth.

A close-up editorial photograph of a person's hands holding a smartphone displaying a blurred messaging app settings scr
Threats
5 min read
26 Jun 2026

GRU Phishing Campaign Targets Signal's Backup Recovery Key — And the Key Never Expires

The FBI and CISA have updated their advisory on Russian intelligence operators targeting Signal users, warning that attackers have shifted tactics from linked-device hijacking to stealing the Backup Recovery Key — a credential that grants permanent, silent access to a user's full message history.

A lone executive in a dark suit walks through a modern glass-walled corporate security operations centre at dusk, multip
Threats
4 min read
26 Jun 2026

Philip Martin Joins Uber as CISO, Bringing Crypto and Defence Credentials to a Chair With History

The former Coinbase security chief takes over at Uber — a company whose breach record, regulatory scrutiny, and expanding data footprint make the hire one of the more consequential CISO appointments in recent memory.

A close-up, photoreal editorial shot of a laptop screen displaying a browser window with a puzzle-piece extension icon g
Threats
5 min read
26 Jun 2026

Featured Chrome Extension 'Adblock for YouTube' Carries Hidden Remote-Execution Capability — 10 Million Users at Risk

A widely installed ad-blocking extension holds code that can fetch and run arbitrary JavaScript on any page a user visits. No malicious payload has been observed yet. That 'yet' is the problem.

Photoreal editorial scene: a lone industrial control room at night, banks of monitors displaying pipeline schematics and
Regulation
5 min read
25 Jun 2026

ICS Security Turns 25: What a Quarter-Century of OT Defense Has Taught Us

The Industrial Control Systems Cybersecurity Conference returns October 6–8, 2026, at the W Nashville for its 25th anniversary — a milestone that invites hard questions about how much the field has actually changed.

A dimly lit enterprise network operations center at night, rows of physical server racks and blinking network switches i
Vulnerabilities
4 min read
25 Jun 2026

Cisco Catalyst SD-WAN Zero-Day Exploited for Two Months Before Disclosure

CVE-2026-20245 gave attackers root on enterprise WAN gear while defenders had no patch to apply — and possibly no idea the intrusion was happening.

A photoreal editorial scene inside a dimly lit corporate server room at night, a hooded figure reflected faintly in a ra
Threats
5 min read
25 Jun 2026

Mistic Backdoor: How an Access Broker Is Selling Footholds to Qilin, Akira, and Black Basta

A threat group called Woodgnat has deployed a custom in-memory backdoor since at least April 2025, quietly auctioning enterprise access to some of the most active ransomware gangs operating today.

A photoreal close-up editorial photograph of a rack-mounted industrial network device with serial ports and ethernet con
Vulnerabilities
4 min read
24 Jun 2026

CISA Adds Lantronix EDS5000 Code Injection Bug to Known Exploited Vulnerabilities List

CVE-2025-67038 scores a 9.8 CVSS and is already being exploited in the wild. Federal agencies have until June 26, 2026 to patch — a deadline that tells you nothing about how fast attackers are moving right now.

A futuristic government office with computer screens displaying cryptographic algorithms, diverse professionals engaged
Regulation
2 min read
24 Jun 2026

Federal Push for Quantum-Resistant Cryptography: New Deadlines and Initiatives

The U.S. government mandates a nationwide shift to quantum-resistant cryptography by 2030, impacting federal agencies and contractors.

A photoreal close-up of a film strip partially unwinding from a damaged reel on a dark server room floor, with dramatic
Vulnerabilities
5 min read
24 Jun 2026

PixelSmash: Critical FFmpeg Flaw Puts Media Servers and Cloud Pipelines at Risk

A heap out-of-bounds write in FFmpeg's MagicYUV decoder — CVE-2026-8461 — can crash applications or hand attackers remote code execution via a 50 KB video file.

Photoreal wide-angle editorial shot of a server room at night, rows of rack-mounted firewall and network appliances with
Threats
4 min read
23 Jun 2026

FortiBleed: How a Credential-Stuffing IAB Probed 430,000 FortiGate Firewalls

A financially motivated initial access broker has been running brute-force and credential-stuffing attacks against internet-exposed FortiGate appliances since February 2026 — and the TTPs are textbook, repeatable, and preventable.

A photorealistic editorial scene: a glowing smartphone screen displaying an anonymous chat message with a file attachmen
Threats
5 min read
23 Jun 2026

WhatsApp DMs Are Delivering VBScript Droppers That Install Legitimate RMM Tools on Victims' Machines

An active, multi-continent campaign sends malicious Visual Basic Script files over WhatsApp to sideload commercial remote-monitoring software — and most endpoint controls never fire.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress