AI browser extensions more likely to have known vulnerabilities, report says

Laura FrenchApril 13, 2026

AI extensions are also more likely to have cookie, scripting and tabs permissions.

RESOURCES

Ransomware
Ransomware reimagined: Why containment alone is no longer enough
Identity
Rethinking identity security for a borderless attack surface
Email security
Email authentication in 2026: What every organization still gets wrong
Data Security
Your DLP can’t stop a smartphone: The data-leak crisis no one talks about
Governance, Risk and Compliance
Building institutional capacity: Why AI-augmented security is the new standard

PODCASTS

AI/ML
From Compliance to Code: Rethinking Cloud Security – Richard Marcus – CSP #223
Threat Intelligence
We catch up on the news, including AI vuln hunting; also more RSAC interviews! – Mark Lambert, Samuel Hassine, John Wilson, Georges Bossert – ESW #454
Vulnerability Management
Staypuft, Claude, One Pixel, deepfakes, Raccoon, BOFH, Satoshi Nakamoto, Josh Marpet. – SWN #571
IoT
AI Makes All Bugs Shallow? – PSW #921
Leadership
Zero Trust Readiness and Two RSAC 2026 Interviews from Fenix24 and Absolute Security – John Bruggeman, John Anthony Smith, Christy Wyatt – BSW #442

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

The United States Treasury Department building in Washington, D.C.

AI benefits/risks

Bessent, Powell met privately with top bankers over impact of Claude Mythos on cybersecurity

Steve ZurierApril 10, 2026

Security pros say companies that spend less money than most large banks on cyber should take this as a warning to get moving.

Linux Foundation leader impersonated in Slack phishing campaign

Laura FrenchApril 10, 2026

The campaign targets open-source developers to steal credentials and deploy malware.

(Adobe Stock)

Actor tied to Raccoon targets ‘several dozen’ companies by exploiting BPOs and helpdesks

Steve ZurierApril 9, 2026

Google says UNC6783 leverages social engineering and phishing campaigns to gain entry to the BPOs.

(Credit: ardasavasciogullari – stock.adobe.com)

Claude Mythos Preview identifies 27-year-old bug, finds ‘thousands’ of zero-days in weeks

Laura FrenchApril 9, 2026

Anthropic launched “Project Glasswing” to restrict the availability of the new model to selected organizations.

Critical Infrastructure Security

US: Iran-linked actors are actively exploiting our critical infrastructure

Steve ZurierApril 8, 2026

Joint advisory says likely targets include the energy, water, and transportation sectors, as well as the defense industrial base.

(Credit: Bilal Ulker – stock.adobe.com)

Vulnerability Management

Docker fixes AuthZ bypass bug that created containers with excessive privileges

Laura FrenchApril 8, 2026

A crafted HTTP request can make restricted containers invisible to AuthZ plugins.

(Adobe Stock)

ID Dataweb outlines the need for continuous identity threat detection

Steve ZurierApril 7, 2026

The industry needs tools that can verify users throughout the entire identity lifecycle without disrupting daily business processes.

Threat Intelligence

North Korea recruits Iranian workers for IT job fraud

Laura FrenchApril 7, 2026

Internal records reveal how North Korean facilitators scout and coach workers.

EVENTS