onceptual image of Next.js and Vercel icons seen in an iPhone. Vercel Inc. is an US cloud PaaS company and known for maintaining the Next.js

(Adobe Stock)

Vercel incident falls short of a supply chain attack — for now

Steve ZurierApril 20, 2026

Experts say Vercel case was a trust and authentication boundary failure, but not an attack on the level of SolarWinds.

RESOURCES

Identity
Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control
SOC
Your SOC, not the vendor’s: Why the AI SOC has to be customizable, not a black box
AI/ML
AI as the defender: Reinventing proactive cybersecurity through intelligent automation
Email security
AI on the attack: How defenders turn artificial intelligence against cyber threats
Application security
Code, control, and chaos: Rethinking security in the age of AI-driven development

PODCASTS

Application security
The Human Aspect of Red Teams – Brian Fox, Tom Tovar, T. Gwyddon ‘Data’ Owen – ASW #379
Threat Intelligence
Making AI actually work in the enterprise and more RSAC Conference 2026 interviews – Aamir Lakhani, Camellia Chan, Ely Abramovitch, Jody Brazil, Jim Spignardo – ESW #455
Vulnerability Management
Dougbot, RedSun, ATHR, Vishing, Cisco, Google, Chrome, Severance, Shor, Josh Marpet.. – SWN #573
Vulnerability Management
The AI “Vulnpocolypse” Is Real? – PSW #922
Leadership
Not All CISO Gigs Are Created Equal and RSAC Interviews from ESET and Mimecast – Joanna Chen, Tony Anscombe, Rob Juncker – BSW #443

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Threat Management

GitHub user attachments abused to spread novel infostealer

Laura FrenchApril 17, 2026

The stealthy CGrabber malware targets a wide array of apps, browsers and extensions.

Homepage of Apache website on the display of PC

Vulnerability Management

Apache ActiveMQ RCE bug to CISA list of exploited vulnerabilities

Steve ZurierApril 17, 2026

CISA flags 13-year-old ActiveMQ RCE as exploited, highlighting AI-driven bug discovery.

Application security

Bot traffic makes up 49% of online activity, but 99% of bots unwanted

Laura FrenchApril 17, 2026

Researchers warn malicious bots may spoof trusted user agents to disguise their intent.

Cisco patches critical bugs in Webex, ISE

Steve ZurierApril 16, 2026

Experts warn that the Webex bug may get the headlines, but exploited ISE bugs offer attackers the keys to the kingdom.

Nginx-ui MCP missing authentication flaw actively exploited

Laura FrenchApril 16, 2026

Attackers on the same network can alter nginx configurations, leading to complete takeover.

Smartphone scam call and phishing concept with unknown caller interface and hacker icon on screen

Vishing attacks on Okta identity systems on the rise

Steve ZurierApril 15, 2026

Vishing attacks target Okta to bypass MFA, enabling broad SSO data access.

Black Basta-linked attacks target executives via Teams phishing

Laura FrenchApril 15, 2026

Suspected former Black Basta affiliates impersonate help desks to deploy RMM software.

Security Operations

CISOs: Revamp security programs in the wake of Claude Mythos

Steve ZurierApril 14, 2026

Experts warn AI-driven cyber threats outpace defenses; current guidance may be insufficient.

EVENTS