Secure By Design Pledge

(Adobe Stock)

CISA adds LiteSpeed cPanel plugin bug to exploited vulnerabilities list

Steve ZurierMay 27, 2026

CISA warns of exploited LiteSpeed flaw putting shared hosting at risk.

RESOURCES

Identity
Laying the groundwork: A practical path to identity security for AI agents
Identity
A new identity class: Why AI agents require runtime control
Application security
APIs under pressure: How AI is rewriting the rules of enterprise security
SASE
Next-generation enterprise defense: Managing risk in the age of agentic AI
Managed Security Services
The CISO shortage: Finding leadership without a leader

PODCASTS

Leadership
What Security Leaders Should Expect from RSAC – Joseph Blankenship – BSW #449
Vulnerability Management
Listening, Drupal, TTE, KEV, Mythos, Megalodon, Badanov, MFA, Pope Leo, Aaran Leyland – SWN #584
Application security
AppSec Conversations on Agents, LLMs, and OWASP from RSAC – Scott Clinton, Janet Worthington, Merritt Maxim – ASW #384
AI/ML
Visibility with EDR/MDR is still important, ‘the basics’ are impossible, and the news – Rob Allen – ESW #460
Vulnerability Management
TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet… – SWN #583

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Threat Management

Iranian threat group targets US aviation sector with AI-assisted ‘MiniFast’ backdoor

Laura FrenchMay 27, 2026

Career-themed phishing lures targeted employees of US domestic airlines during Operation Epic Fury.

Drupal website. Drupal is a free and open-source web content management system (CMS) written in PHP.

Vulnerability Management

Drupal bug added to CISA list of known exploited vulnerabilities

Steve ZurierMay 26, 2026

Drupal SQL injection flaw CVE-2026-9082 added to CISA KEV as active attacks target sites.

Vulnerability Management

You can now nominate vulnerabilities for CISA’s KEV with this form

Laura FrenchMay 22, 2026

CISA seeks to engage the wider community to more quickly identify active exploitation.

Vulnerability Management

Cisco patches critical 10.0 flaw in Secure Workload APIs

Steve ZurierMay 22, 2026

Cisco patches critical 10.0 API flaw in Secure Workload platform.

Network Security

‘Underminr’ exploitation poses similar risks to domain fronting, researchers say

Laura FrenchMay 22, 2026

ADAMnetworks estimates about 42% of domains could be abused using the technique.

The Cybersecurity and Infrastructure Security Agency (CISA) emblem is seen at its headquarters in Arlington, Va.

Critical Infrastructure Security

Senator urges classified briefing after CISA data leak on GitHub

Steve ZurierMay 21, 2026

A GitHub leak exposed CISA credentials, sparking concerns over secrets management and leadership.

WantToCry ransomware evades detection through SMB abuse, remote encryption

Laura FrenchMay 20, 2026

More than 1.5 million exposed SMB ports may be susceptible to brute force attacks.

(Credit: Araki Illustrations – stock.adobe.com)

New Mini Shai-Hulud attack targets npm ecosystem

Steve ZurierMay 20, 2026

Mini Shai-Hulud campaign hits 323 npm packages, GitHub Actions and VS Code tools.

EVENTS