Security Insights

Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

A photoreal close-up of a developer's hands at a mechanical keyboard in a dimly lit server room, with a terminal screen
Regulation
5 min read
11 Jun 2026

npm v12 Will Block Auto-Run Install Scripts by Default Starting July 2025

GitHub's decision to disable automatic lifecycle script execution in npm v12 closes a well-worn supply chain attack path — but security engineers warn the threat is far from finished.

A federal government cybersecurity operations center at night, analysts seated at curved workstations covered in multi-m
Regulation
6 min read
10 Jun 2026

CISA's BOD 26-04 Kills CVSS-First Patching — and Gives Agencies Three Days on the Worst Flaws

A new binding directive replaces severity-score timelines with a four-factor risk model. Federal agencies must remediate the highest-risk vulnerabilities within 72 hours. The rest of the industry should be paying close attention.

A photorealistic scene of a cybersecurity analyst examining a computer screen with lines of code, depicting a race condi
Vulnerabilities
2 min read
10 Jun 2026

RoguePlanet Exploit Unveiled: Microsoft Defender's Latest Vulnerability Challenge

An exploit named RoguePlanet has surfaced, targeting Microsoft Defender with a local privilege escalation vulnerability, raising security concerns.

A photorealistic scene of a busy software development office with engineers working on computers, digital screens showin
Vulnerabilities
2 min read
10 Jun 2026

AI-Driven Bug Disclosures and Zero-Day Threats Dominate Microsoft's June Patch Tuesday

Microsoft addresses a record number of vulnerabilities amid AI-assisted bug discoveries and a high-profile researcher threatening further zero-day releases.

A close-up photoreal shot of a server rack in a dimly lit enterprise data center, with one server panel illuminated by a
Vulnerabilities
4 min read
9 Jun 2026

Microsoft's KB5094127 Patches Windows 10 ESU Fleets — and Starts the Secure Boot Certificate Clock

The June 2026 cumulative update for Windows 10 22H2 Extended Security Updates enrollees bundles this month's vulnerability fixes and adds diagnostic hooks for a looming Secure Boot certificate transition that could leave unpatched systems open to bootkit attacks.

A photoreal editorial scene of a glowing smartphone screen displaying a chat interface with a suspicious unread message
Threats
5 min read
9 Jun 2026

Meta Accuses NSO Group of Violating WhatsApp Injunction With Fresh Spear-Phishing Campaign

A federal jury awarded Meta roughly $168 million in May after NSO's Pegasus spyware abused a WhatsApp voice-call flaw in 2019. Now Meta says NSO's operators are back — this time with social-engineering lures — and is asking a judge to hold the vendor in contempt.

A dramatic wide-angle shot of a dimly lit enterprise network operations center at night, multiple large monitors display
Vulnerabilities
5 min read
9 Jun 2026

Cisco SD-WAN Manager Hit by Active Command-Injection Exploit — No Patch Available Yet

CVE-2026-20245 lets an authenticated attacker escalate to root through the CLI. Mandiant reported the bug after spotting real intrusions, and Cisco has confirmed unauthorized configuration changes in the wild.

A photoreal close-up of glowing green terminal text scrolling across a dark monitor screen in a dimly lit server room, c
Vulnerabilities
5 min read
8 Jun 2026

CVE-2026-23111: Public Exploit Turns Unpatched Linux Kernels Into Root Shells

A weaponized proof-of-concept for a use-after-free in nf_tables dropped on June 8, 2026 — four months after the upstream fix — and it works reliably against hardened kernels with KASLR and SMAP enabled.

A photoreal close-up of tangled fiber optic cables glowing blue and amber in a dark server room, with one cable visibly
Threats
4 min read
8 Jun 2026

Miasma Worm Burrows Into Microsoft's GitHub Presence, Tainting 73 Repositories Across Four Organizations

A self-replicating campaign is chaining stolen developer tokens into an ever-widening blast radius — and Microsoft's own GitHub organizations were not immune.

A photoreal close-up of a computer circuit board bathed in cool blue light, with streams of green binary code cascading
Vulnerabilities
5 min read
8 Jun 2026

AI Agent Finds 21 Zero-Days in FFmpeg the Same Week Chrome Ships a Record 429 Security Fixes

An autonomous AI fuzzer exposed 21 previously unknown vulnerabilities in the media library embedded in nearly every video-capable product on earth. Days later, Google released Chrome 149 with 429 patches — the largest single browser security update on record. Neither story is routine.

A photoreal editorial scene inside a quiet law firm office at dusk: a professional in business attire sits at a desk spe
Threats
5 min read
7 Jun 2026

Silent Ransom Group Calls Law Firms Directly — Then Drains Files Within Hours

A financially motivated extortion crew is impersonating IT staff over the phone, tricking employees into handing over remote access, and exfiltrating privileged client files before most firms even open a help ticket.

A photoreal editorial scene showing a server rack in a dimly lit enterprise data center, one server unit with a blinking
Vulnerabilities
4 min read
7 Jun 2026

CISA Adds SolarWinds Serv-U DoS Flaw to Known Exploited Vulnerabilities List

CVE-2026-28318 crashes the Serv-U file transfer service in the wild. Federal agencies have roughly three weeks to patch. Everyone else should treat that deadline as their own.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress