Security Insights

Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

A photorealistic wide-angle shot of a dimly lit modern living room at night, a large smart television glowing with a str
Threats
5 min read
7 Jun 2026

Your Smart TV May Be Relaying Scraping Traffic Right Now — And You Probably Agreed to It

A reverse-engineering of Bright Data's iOS SDK reveals how consumer apps — including always-on televisions — quietly enlist household devices as exit nodes in a massive residential proxy network increasingly serving AI data demands.

A photoreal close-up of a developer's hands on a mechanical keyboard in a dimly lit office, a large monitor showing a br
Vulnerabilities
5 min read
6 Jun 2026

One-Click github.dev Flaw Let Attackers Steal GitHub OAuth Tokens

A single crafted link was enough to drain a developer's GitHub OAuth token from the browser-based VS Code editor — granting read/write access to private repositories with no second click required.

A photoreal wide-angle shot of a dimly lit enterprise network operations center at night, multiple large monitors displa
Vulnerabilities
4 min read
6 Jun 2026

Cisco Catalyst SD-WAN Manager Flaw CVE-2026-20245 Exploited in the Wild — No Patch Available

A high-severity authorization vulnerability in Cisco's SD-WAN control plane is under active attack across on-premises, cloud, and FedRAMP deployments. Cisco has confirmed exploitation and has not yet released a fix.

Photoreal editorial scene: a close-up of a developer's hands at a mechanical keyboard in a dimly lit office, a terminal
Vulnerabilities
5 min read
6 Jun 2026

RubyGems Adds Bundler Cooldown to Block Supply Chain Attacks Before They Land

A new --cooldown flag for Bundler delays installation of freshly published gems, buying defenders the time attackers have long exploited.

Photorealistic close-up of a developer's hands typing on a mechanical keyboard in a dimly lit office at night, multiple
Threats
5 min read
5 Jun 2026

Two npm Supply-Chain Campaigns Run Simultaneously: A Rust-Based eBPF Stealer and a Self-Spreading Worm

JFrog researchers caught two parallel attacks inside the npm registry — one hiding inside the Linux kernel, the other replicating across 50-plus packages by hijacking maintainer credentials.

Photoreal editorial scene: a dimly lit server room with rows of illuminated rack-mounted servers casting blue and white
Threats
5 min read
5 Jun 2026

PCPJack Hijacks 230 Cloud Servers Across AWS, Azure, and Google Cloud to Build a Stealth SMTP Relay Grid

A threat actor quietly converted compromised business workloads on three major cloud platforms into a verified mail-relay network, refreshing its inventory every five minutes and burning victims' IP reputations in the process.

A wide-angle photoreal editorial scene inside a dimly lit federal government server room: rows of rackmounted servers wi
Regulation
5 min read
5 Jun 2026

IG Report Blames NIST for NVD Backlog — Severity Scores Match Only 12% of the Time

A Commerce Department watchdog formally faulted NIST for strategic failures, duplicated enrichment work, and CVSS scores so inconsistent that independent evaluators agreed with them barely one time in eight.

A photoreal editorial scene of a large open-plan corporate office in a European city at dusk, rows of monitors glowing w
Threats
4 min read
4 Jun 2026

TA4922 Expands Phishing Operations Into Europe and South Africa With ValleyRAT and Atlas RAT

A China-linked threat crew is cycling through commodity and custom malware at an unusually fast clip — and it has started targeting organizations far outside its traditional Asia-Pacific base.

A photoreal aerial view of a generic Southeast Asian city at dusk, digital network node lines faintly overlaid on the ci
Threats
5 min read
4 Jun 2026

DOJ 'Disruption Week' Targets Southeast Asia Pig-Butchering Networks — But the Real Story Is What Platforms Already Knew

A May 18 coordinated takedown froze $3.8 million in crypto and pulled millions of social-media and email accounts linked to Southeast Asian fraud compounds. The dollar figure is almost beside the point.

A photoreal close-up of a developer's hands on a laptop keyboard in a dimly lit office, the screen casting a blue glow s
Vulnerabilities
4 min read
4 Jun 2026

GitHub's Browser Editor Handed Attackers an Unscoped OAuth Token — and a Path to Every Private Repo You Own

A malicious Jupyter notebook, a bypassed publisher trust check, and a single browser tab were all an attacker needed to steal an OAuth token granting access to every repository tied to a GitHub account.

A photoreal editorial scene showing a glowing server rack inside a dark data center, with a single open circuit board in
Vulnerabilities
5 min read
3 Jun 2026

CVE-2026-23479: Redis Sat Vulnerable for Two Years Before an AI Found the Bug

A use-after-free flaw in Redis's blocking-client code went undetected from version 7.2.0 until patches landed on May 5, 2025 — and it took an autonomous AI auditing tool, not a human researcher, to surface it.

A photoreal editorial scene of a teenage boy sitting at a dimly lit gaming desk, staring at a monitor showing a Minecraf
Threats
5 min read
3 Jun 2026

Weedhack MaaS Campaign Has Compromised Over 3,800 Devices by Hijacking Minecraft's Modding Culture

A malware-as-a-service operation active since January 2026 is using YouTube tutorials and fake Minecraft clients to silently hand attackers full remote control of victims' machines — and the infection count keeps climbing.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress