IronWorm malware, similar to Shai-Hulud, hits 57 projects across 9 organizations

Laura FrenchJune 5, 2026

The malware targets developer credentials and cryptocurrency and self-propagates on npm.

RESOURCES

Identity
How to Build an AI Governance Framework for Identity
Identity
How to Evaluate and Select Identity and Access Management Tools
Identity
Identity-based attacks: how they work and how to defend against them
Identity
Laying the groundwork: A practical path to identity security for AI agents
Identity
A new identity class: Why AI agents require runtime control

PODCASTS

Vulnerability Management
Local AI, Salesforce, Fluttershell, Aspose, http/2, Cisco, Used Tech, Josh Marpet – SWN #587
Vulnerability Management
Security Researchers Are Threat Actors – PSW #929
Leadership
Scaling to $100M as the Security Weekly Index Hits an All Time High – Joshua Gould – BSW #450
Vulnerability Management
Heraclitus, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland… – SWN #586
Application security
BadHost, Dead CTFs, Exploding NPMs, and the Verizon DBIR – ASW #385

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Network Security

Another Cisco Catalyst SD-WAN Manager bug actively exploited

Steve ZurierJune 5, 2026

Cisco warns of an exploited SD-WAN flaw that can enable remote code execution and network compromise.

Malicious podcast, PDF apps spread FlutterShell macOS backdoor malware

Laura FrenchJune 5, 2026

FlutterShell is linked to previous malvertising campaigns including TamperedChef.

(Adobe Stock)

Vulnerability Management

9.8 Mirasvit bug actively exploited on Magento servers

Steve ZurierJune 4, 2026

CISA warns of an actively exploited Magento extension flaw that enables remote code execution.

Stock exchange executive’s Outlook mailbox stolen over course of 5 months

Laura FrenchJune 4, 2026

The approximately 150-day espionage campaign incrementally exfiltrated emails to cloud services.

(Adobe Stock)

Trump executive order on AI calls for voluntary 30-day review period

Steve ZurierJune 3, 2026

Trump AI order proposes a 30-day voluntary review of frontier models before public release.

(Credit: prima91 – stock.adobe.com)

Anthropic grants Mythos access to 150 more organizations, plans wider release

Laura FrenchJune 3, 2026

Project Glasswing partners discovered more than 10,000 vulnerabilities in its first month.

Vulnerability Management

Most organizations that miss 24-hour patch window report breaches

Steve ZurierJune 2, 2026

Study points out that AI has shattered the model of patching on a two- to four-week schedule.

(Credit: Aleksei – stock.adobe.com)

Vulnerability Management

Microsoft denies legal action against researchers after slamming BlueHammer publisher

Laura FrenchJune 2, 2026

The company was criticized after a blog posted that suggested law enforcement involvement.

EVENTS