Laptop user pressing Windows Key on Microsoft Windows keyboard.

Microsoft Windows file archival tool WinRAR exploited worldwide

Steve ZurierJanuary 28, 2026

Vulnerability lets threat actors drop malware into the Windows Startup folder.

RESOURCES

AI/ML
Trusted automation: Building autonomous IT with confidence
AI/ML
SASE’s role in securing AI adoption: How existing tools can manage AI security
Zero Trust World
Hackers, surprises and outer space: What we’ll see at Zero Trust World 2026
Identity
Beyond MFA: Securing the human element with identity threat detection
AI/ML
The rise of shadow AIT: From blind spots to real-time insight

PODCASTS

Cloud Security
Cloud Control As Leaders At Odds Over Cyber Priorities, But Require Strong Leadership – Rob Allen – BSW #432
Vulnerability Management
Doombuds, Office, Telnetd, Chrome, Vishing, Ralph, PeckBirdy, The Boss, Aaran Leyland – SWN #550
Application security
Building proactive defenses that reflect the true nature of modern software risk – Paul Davis – ASW #367
Data Security
The future of data control, why detection fails, and the weekly news – Thyaga Vasudevan – ESW #443
Vulnerability Management
AI Cage Match, Fortinet, Cisco, DVWA, Polonium, Small Town AIs, LastPass, Josh Marpet – SWN #549

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Application security

Most organizations had a third-party breach in the last year

Laura FrenchJanuary 28, 2026

Respondents report third party risk assessments take several months and only cover a fraction of vendors.

Colorful lines of code seen through a magnifying glass on a dark screen, symbolizing careful debugging, code review, and detailed software quality analysis

Security Operations

Six JavaScript zero-day bugs lead to fears of supply chain attack

Steve ZurierJanuary 27, 2026

Tools used to protect users in the aftermath of Shai-Hulud may no longer work, security pros say.

(Credit: Rizq – stock.adobe.com)

Application security

Researchers find 16 browser extensions stealing ChatGPT session tokens

Laura FrenchJanuary 27, 2026

One of the malicious ChatGPT “mods” has a featured badge on the Chrome Web Store.

Security Operations

VMware vCenter Server bug added to CISA list of exploited vulnerabilities

Steve ZurierJanuary 26, 2026

CVE-2024-37079 has a 9.8 rating and was originally patched in 2024.

Millions of Gmail, Facebook and other account credentials exposed

Laura FrenchJanuary 23, 2026

The dataset included email accounts, social media accounts, financial accounts and more.

Okta Verify mobile app is seen

Okta warns of multiple vishing attacks that can defeat MFA

Steve ZurierJanuary 23, 2026

Experts say we’ve seen similar attacks in recent Salesforce vishing campaigns tied to ShinyHunters.

Security Operations

Hundreds of vulnerable test environments exposed, targeted by crypto miners

Laura FrenchJanuary 22, 2026

Misconfigurations turn apps meant for security training into cloud attack vectors.

(Adobe Stock)

Security Operations

Patched FortiGate bug targeted in new wave of automated attacks

Steve ZurierJanuary 22, 2026

Fortinet plans to update a FortiGate patch it first issued last month in the coming days.

EVENTS