Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

A China-nexus threat actor planted rogue authentication modules on victim networks and stayed undetected for close to ten years — by targeting the one layer most incident-response playbooks quietly trust.

The FBI, Google, and Lumen's Black Lotus Labs jointly knocked a Chinese phishing-as-a-service operation offline after it registered nearly one million malicious domains. The AI angle is real — but narrower than headlines suggest.

Faced with an export-control-style directive it disputes, Anthropic suspended two frontier AI models worldwide rather than build nationality-gated access infrastructure. The standoff raises hard questions about who controls frontier AI and how.

Splunk addresses a severe flaw in its Enterprise software that could allow unauthenticated users to execute arbitrary code.

No malware, no nation-state tradecraft — just valid credentials that nobody revoked. A disgruntled ex-employee deleted accounts and disrupted classrooms for months before federal charges ended it.

The Trump administration's push to treat frontier AI as dual-use technology forced Anthropic to pull two models entirely — a compliance signal that reshapes how AI labs think about regulatory risk.

A pseudonymous researcher dropped an alleged Windows Recovery Environment exploit days after Patch Tuesday. A respected vulnerability analyst couldn't replicate it. The researcher is already hunting a workaround.

Attackers hijacked more than 400 community-maintained Arch User Repository packages this week, silently modifying build scripts to drop a Rust-based credential harvester — and, when the build ran as root, an eBPF rootkit capable of hiding itself from every standard Linux detection tool.

A hobbyist find targeting XML configuration files in the Windows Recovery Environment exposes a fundamental gap in full-disk encryption's trust model — and no Microsoft patch exists yet.

A write-anywhere bug in the popular open-source AI workflow builder carries a CVSS 8.8 score and is already seeing opportunistic mass exploitation — patch immediately or assume compromise.

The extortion crew tracked as UNC6240 spent May 27 through June 9 inside university PeopleSoft environments — stealing student records, HR files, and financial data — while Oracle's advisory sat unpublished.

GitHub's decision to disable lifecycle hooks in npm 12 removes the single most-abused primitive in JavaScript supply chain attacks. Here is what defenders, DevOps teams, and security engineers need to know before the cutover.
Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.
