‘AiFrame’ browser attacks continue with fake authenticator, converter extensions

Laura FrenchApril 24, 2026

The malicious extensions inject iframes to display phishing content and extract other data.

RESOURCES

Application security
Ring the alarm! Your IT security program has a mobile-app gap
SOC
From OODA to SUDA: Why the Agentic SOC has to be customizable
Identity
Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control
SOC
Your SOC, not the vendor’s: Why the AI SOC has to be customizable, not a black box
AI/ML
AI as the defender: Reinventing proactive cybersecurity through intelligent automation

PODCASTS

Ransomware
Rethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews – Craig Sanderson, Sachin Jade, Travis Wong, Phil Calvin, Karen Heart – ESW #456
Vulnerability Management
Scylla &Charybdis, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland – SWN #575
Vulnerability Management
Back to (or Start) Fundamentals? – Rajesh Khazanchi – PSW #923
Training
From Shame to Fame: Changing Behaviors and RSAC Interviews from Tanium and Illumio – Craig Taylor, Tim Morris, Andrew Rubin – BSW #444
Vulnerability Management
Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More… – SWN #574

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Microsoft Teams website on a tablet. Teams is a unified team communication and collaboration platform with workplace chat, video meetings, and file storage.

UNC6692 impersonates help desk employees to drop SNOW malware via Teams

Steve ZurierApril 24, 2026

Attackers abuse Teams chat to deliver malware after help desk phishing scam.

Trigona ransomware attackers use novel tool for data exfiltration

Laura FrenchApril 24, 2026

The uploader_client.exe command-line utility allows for rapid and granular data theft.

A glowing red cloud icon with an exclamation mark sits on a dark circuit board, symbolizing critical cloud computing error or data risk.

AI-driven cloud attacks reach ‘functional’ maturity, says Unit 42

Steve ZurierApril 23, 2026

PoC proves that attackers can leverage AI to exploit cloud weaknesses at machine speed.

Namastex npm packages compromised in ‘CanisterWorm’ supply chain attack

Laura FrenchApril 23, 2026

A self-propagating script was added to @automagik/genie and @pgserve packages.

Robots And Humans as AI or Artificial Intelligence facing off as a symbol of future technology and employment or unemployment as automation in society changing the global economy.

Application security

AI-driven attacks target governments, cloud agents, supply chains

OWASP GenAI Security Project Team April 23, 2026

OWASP: AI-driven attacks hit government, cloud and supply chains at scale.

Firefox web browser under magnifying glass. Firefox is a free and open-source web browser developed by the Mozilla Foundation.

Firefox report offers early insight into Claude Mythos AI model

Steve ZurierApril 22, 2026

AI model finds hundreds of bugs in Firefox, boosting defense — but also lowering barriers for attackers.

(Credit: Photo Agency – stock.adobe.com)

Vulnerability Management

Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission

Laura FrenchApril 22, 2026

Attackers could have extracted a GITHUB_TOKEN secret, potentially enabling unauthorized changes.

Vulnerability Management

Another Cisco Catalyst SD-WAN Manager bug added to CISA list

Steve ZurierApril 21, 2026

CISA flags new Cisco SD-WAN flaw amid active exploit chains, urging rapid patching.

EVENTS