CISA adds ConnectWise, Microsoft flaws to KEV catalog

Laura FrenchApril 30, 2026

The Windows flaw stems from an incomplete patch of a vulnerability exploited by APT28.

RESOURCES

AI/ML
Securing every door: Scalable strategies to manage machine and AI agent risks
AI/ML
Handling shadow AI at the source: Why the browser is the new control layer
Application security
Ring the alarm! Your IT security program has a mobile-app gap
SOC
From OODA to SUDA: Why the Agentic SOC has to be customizable
Identity
Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control

PODCASTS

Vulnerability Management
The Next Frontier: Autonomous Security and RSAC Interviews from Quantro & SandboxAQ – Mark Hughes, Mehul Revankar, Marc Manzano – BSW #445
Vulnerability Management
Elfsmasher, PYPI, Facebook, Glassworm, Medtronic, OpenSSH, Sararimen, Aaran Leyland – SWN #576
Application security
Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 – James Kettle – ASW #380
Ransomware
Rethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews – Craig Sanderson, Sachin Jade, Travis Wong, Phil Calvin, Karen Heart – ESW #456
Vulnerability Management
Scylla &Charybdis, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland – SWN #575

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Unlocking Potential Exploring the Power of Large Language Models

LiteLLM exploited within 36 hours of disclosure via SQL injection bug

Steve ZurierApril 29, 2026

Latest case was the second time in five weeks the Python package was exploited.

TeamPCP-linked VECT 2.0 ransomware unintentionally destroys files larger than 128 KB

Laura FrenchApril 29, 2026

Researchers revealed several “amateur” mistakes made in Windows, Linux and ESXi variants.

(Adobe Stock)

Microsoft patches Entra ID bug that let AI agents escalate privileges

Steve ZurierApril 28, 2026

Flaw in Entra ID AI agent role enabled privilege escalation and takeover.

Threat Management

GlassWorm attackers activate new ‘sleeper’ extensions on Open VSX

Laura FrenchApril 28, 2026

A new cluster of 73 extensions impersonating legitimate projects has been tied to the GlassWorm campaign.

Health and Technology Stethoscope on Circuit Board blue

Threat Management

Medtronic says cyberattack did not disrupt its operations

Steve ZurierApril 27, 2026

Attack raised concerns because it was second one on a major medical device maker since the Iran war started.

Application security

‘AiFrame’ browser attacks continue with fake authenticator, converter extensions

Laura FrenchApril 24, 2026

The malicious extensions inject iframes to display phishing content and extract other data.

Microsoft Teams website on a tablet. Teams is a unified team communication and collaboration platform with workplace chat, video meetings, and file storage.

UNC6692 impersonates help desk employees to drop SNOW malware via Teams

Steve ZurierApril 24, 2026

Attackers abuse Teams chat to deliver malware after help desk phishing scam.

Trigona ransomware attackers use novel tool for data exfiltration

Laura FrenchApril 24, 2026

The uploader_client.exe command-line utility allows for rapid and granular data theft.

EVENTS