Federal agencies ordered to patch Ivanti EPMM zero-day in 3 days

Laura FrenchMay 8, 2026

The actively exploited flaw enables remote admin users to execute arbitrary code.

RESOURCES

SOC
The human factor: Why AI-powered SOCs still need people in charge
Email security
Beyond the inbox: Why your domain and social media are the next front lines
AI/ML
Securing every door: Scalable strategies to manage machine and AI agent risks
AI/ML
Handling shadow AI at the source: Why the browser is the new control layer
Application security
Ring the alarm! Your IT security program has a mobile-app gap

PODCASTS

Supply chain
Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! – SWN #579
Network Security
Getting Rid of Your VPN – Rob Allen – PSW #925
Leadership
Teach to Sell and Two Interviews from RSAC 2026 from Dropzone AI and Microsoft – Dan Rochon, Edward Wu, Arunesh Chandra – BSW #446
Vulnerability Management
Zino, 0auth, VSS, Mental Health Hackers, 3 Days of KEV, Copy/Fail, AI, Aaran Leyland – SWN #578
Application security
Keeping Up With the OWASP GenAI Project – Scott Clinton – ASW #381

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Vulnerability Management

‘Dirty Frag’ Linux zero-day exposes most distributions to LPE

Steve ZurierMay 8, 2026

Dirty Frag Linux zero-day exposes most distributions to root privilege escalation.

Vulnerability Management

Palo Alto Networks says patch for exploited PAN-OS firewall bug forthcoming

Steve ZurierMay 7, 2026

Palo Alto confirms that its PAN-OS firewalls were actively exploited by a zero-day for more than a month.

Iranian threat group used Chaos ransomware as a ‘false flag,’ researchers say

Laura FrenchMay 7, 2026

The purported ransomware attack did not encrypt files and used infrastructure tied to MuddyWater.

Digital fingerprint overlaid on a matrix of binary code, symbolizing security and identity verification

Most security pros say managing identity has become a major challenge

Steve ZurierMay 6, 2026

Nearly 9 in 10 security leaders struggle with identity sprawl as AI and NHIs expose governance gaps.

(Credit: PixieMe – stock.adobe.com)

CloudZ RAT plugin targets Windows Phone Link for possible OTP theft

Laura FrenchMay 6, 2026

The Pheno plugin monitors active Phone Link connections to eavesdrop on texts and notifications.

(Adobe Stock)

Vulnerability Management

Critical 9.8 Weaver E-cology vulnerability actively exploited

Steve ZurierMay 5, 2026

Critical Weaver E-cology bug exploited for RCE, exposing core enterprise workflows and secrets.

Vulnerability Management

CISA reportedly considers 3-day patch deadline for KEV flaws

Laura FrenchMay 5, 2026

Officials are considering how AI tools like Claude Mythos could shorten exploit timelines, Reuters reports.

Vulnerability Management

Copy Fail bug added to CISA’s list of known exploited vulnerabilities

Steve ZurierMay 4, 2026

CISA flags “Copy Fail” Linux bug as exploited, urging immediate patching across systems.

EVENTS