Cisco patches 10.0 bug in leading AsyncOS email products

Steve ZurierJanuary 16, 2026

CVE-20225-20393 was placed on CISA's Known Exploited Vulnerabilities (KEV) catalog on Dec. 17.

RESOURCES

Identity
Beyond MFA: Securing the human element with identity threat detection
AI/ML
The rise of shadow AIT: From blind spots to real-time insight
Patch/Configuration Management
How autonomous patch management strengthens operational resilience
Email security
Beyond the SEG: Rethinking email security for the modern enterprise
Endpoint/Device Security
From change prevention to continuous improvement: Automating patch cycles with guardrails, rings, and proof

PODCASTS

Vulnerability Management
Miss Cleo, Whisperpair, Fortisiem, REDVDS, Google, Spying, Rob Allen and More… – Rob Allen – SWN #547
Breach
Digging For Vulnerability Gold – PSW #909
Leadership
The Future Of Proactive Security Before Building an AI Enabled Enterprise – Erik Nost – BSW #430
Vulnerability Management
Are you dead?, AI Hellscape, Copilot, Blue Delta, Quishing, Confer, Aaran Leyland… – SWN #546
Application security
Secure By Design Is Better Than Secure By Myth – Bob Lord – ASW #365

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Threat Intelligence

How Gootloader uses malformed ZIP archives to evade detection

Laura FrenchJanuary 16, 2026

7zip and WinRAR fail to extract the archive’s contents, while the Windows default tool easily opens it.

The word "cybercrime" is illuminated in a red on a computer keyboard

Security Operations

Microsoft takes down cybercrime subscription service RedVDS

Steve ZurierJanuary 15, 2026

Virtual cybercrime subscription service stole $40 million in the U.S. alone.

(Credit: Timon – stock.adobe.com)

Application security

Cursor vulnerability enables stealthy RCE via indirect prompt injection

Laura FrenchJanuary 15, 2026

An attacker could have triggered certain shell built-in commands without user approval.

Cyber Insurance: Protects organizations against the costs of data breaches, cyberattacks, and related liabilities in an increasingly digital world, close-up

Security Operations

Only 15% of CISOs say they have visibility into third-party risk

Steve ZurierJanuary 14, 2026

The Panorays survey noted that only 21% of CISOs have tested crisis response plans in place.

Security Operations

Broadcom chip software flaw affecting ASUS routers enables DoS

Laura FrenchJanuary 14, 2026

The exploit requires no authentication and requires a manual router reset to reconnect.

Security Operations

Magecart network targeted Amex, Diners Club, MasterCard since 2022

Steve ZurierJanuary 13, 2026

Experts point out that Magecart attacks exploit third-party scripts on web browsers, bypassing traditional security controls.

Threat Management

‘Pig butchering-as-a-service’ provides ready-to-use kits, infrastructure

Laura FrenchJanuary 13, 2026

Infoblox researchers detail the offerings of entities known as UWORK and the Penguin Account Store.

AI monitoring and detecting cybersecurity threats, identifying data breaches and system vulnerabilities to enhance digital protection and prevent cyberattacks Parse

Application security

2026 AI reckoning: Agent breaches, NHI sprawl, deepfakes

Stephen WeigandJanuary 13, 2026

Experts warn 2026 brings agent-driven breaches, NHI abuse and deepfake trust shocks.

EVENTS