Your guide to staying secure on a world built on AI

Weekly deep dive on cybersecurity threats, AI security, and digital defense strategies — plus daily tactical tips. Stay hardened.

I consent to receive newsletters via email. Terms of use and Privacy policy.

Latest

Your MDM Manages Every Mobile Device in Your Organization. Ivanti EPMM Let Attackers Into the Console Without a Password — and the Patch Disappears Every Time You Update.

Apr 3, 2026

Two zero-days in Ivanti Endpoint Manager Mobile (EPMM) — CVE-2026-1281 and CVE-2026-1340, both CVSS 9.8 — allow any unauthenticated attacker to run arbitrary commands on the platform that manages your organization’s enrolled devices, push certificates, email accounts, and compliance policies.

Read More

The DarkSword iOS Exploit Chain Is a Six-Vulnerability Surveillance Tool Used by Nation-States. The Patch Deadline Is Tomorrow.

Apr 2, 2026

Since at least November 2025, commercial surveillance vendors and a suspected Russian espionage group have been delivering full iPhone compromise through a single website visit. No interaction beyond the page load is required. CISA added three of DarkSword’s six CVEs to its Known Exploited Vulnerabilities catalog and set a federal patching deadline of April 3 — tomorrow.

Read More

FortiGate Firewalls Were the Entry Point. Active Directory Was the Destination. One Organization Didn’t Find Out for Three Months.

Apr 1, 2026

SentinelOne’s DFIR team responded to multiple incidents where attackers exploited CVE-2025-59718 — a CVSS 9.8 FortiGate authentication bypass — extracted Active Directory credentials directly from the firewall’s own configuration file, and moved laterally across corporate networks.

Read More

Axios — Used in Hundreds of Millions of Builds a Month — Was Quietly Delivering a RAT

Mar 31, 2026

On March 30, an attacker hijacked the npm account of axios’s lead maintainer and published two malicious versions of the library. The payload called home within two seconds of install, then deleted itself to avoid detection.

Read More

The 100-to-1 Problem: Why Your Unmanaged Machine Identities Are Now Your Biggest Attack Surface

Mar 30, 2026

Non-human identities outnumber human users 100-to-1. 97% carry excessive privileges. 78% of organizations have no formal policy for removing them. The fastest-growing breach vector in enterprise infrastructure isn’t phishing. It isn’t ransomware.

Read More
Load more