Over 1 million malicious emails found using text salting to fool AI scannersLaura FrenchJuly 17, 2026Text salting fills emails with hidden benign content to mask malicious phishing lures.
Europe built the world’s strongest privacy law. WhatsApp just found the gap it doesn’t cover.Umesh KalankeJuly 15, 2026
New Russian-speaking threat actor UAT-11795 targets US and Europe with novel malwareSC StaffJuly 17, 2026
Lawyers say Russian tourist detained in Armenia over mistaken identity in ransomware caseSC StaffJuly 17, 2026
Stop trying to ‘lock down’ your AI: Why rigid guardrails are a gift to hackersPaul WagenseilJuly 10, 2026
The context gap: Building trusted agents in the age of AI-accelerated exploitationPaul WagenseilJuly 2, 2026
RansomwareStolen identities cause 79% of ransomware attacks, says Sophos reportSteve ZurierJuly 17, 2026Identity failures replace software flaws as ransomware's top access vector.
Vulnerability ManagementCritical Oracle EBS bug added to CISA list of exploited vulnerabilitiesLaura FrenchJuly 17, 2026The flaw allows an unauthenticated attacker to remotely compromise Oracle Payments.
RansomwareAttackers execute a complete ransomware operation in under 24 hoursSteve ZurierJuly 16, 2026Spirals ransomware encrypted a victim in under 24 hours, underscoring the need for rapid containment.
AI/MLCISOs Build Practical Playbook for Governing Agentic AIKelley DamoreJuly 16, 2026A practitioner-built framework for securing, and scaling agentic AI
Vulnerability ManagementCISA warns that three SharePoint Server bugs are actively exploitedSteve ZurierJuly 15, 2026Federal agencies given to July 17 to make the patches.
MalwareMacOS ‘CrashStealer’ malware poses as crash reporter to steal credentialsLaura FrenchJuly 15, 2026The malware is written in C++ and uses a signed and notarized dropper to evade Gatekeeper.
IdentityOAuth client ID spoofing silently validates stolen Microsoft Entra ID credentialsSteve ZurierJuly 14, 2026Attackers run multiple spoofing campaigns to confirm credentials.
Application securityRabbitMQ fixes flaw that allowed broker takeover via OAuth secret disclosureSC StaffJuly 14, 2026An additional flaw would allow an authenticated attacker with zero permissions to view cross-tenant metadata.