Black Basta-linked attacks target executives via Teams phishing

Laura FrenchApril 15, 2026

Suspected former Black Basta affiliates impersonate help desks to deploy RMM software.

RESOURCES

Application security
Code, control, and chaos: Rethinking security in the age of AI-driven development
Ransomware
Ransomware reimagined: Why containment alone is no longer enough
Identity
Rethinking identity security for a borderless attack surface
Email security
Email authentication in 2026: What every organization still gets wrong
Data Security
Your DLP can’t stop a smartphone: The data-leak crisis no one talks about

PODCASTS

Leadership
Not All CISO Gigs Are Created Equal and RSAC Interviews from ESET and Mimecast – Joanna Chen, Tony Anscombe, Rob Juncker – BSW #443
Vulnerability Management
Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more – Kieran Human – SWN #572
Application security
Securing Software’s Journey with the OWASP SPVS – Cameron W., Farshad Abasi, Rohan Ravindranath, Ido Geffen – ASW #378
AI/ML
From Compliance to Code: Rethinking Cloud Security – Richard Marcus – CSP #223
Threat Intelligence
We catch up on the news, including AI vuln hunting; also more RSAC interviews! – Mark Lambert, Samuel Hassine, John Wilson, Georges Bossert – ESW #454

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Security Operations

CISOs: Revamp security programs in the wake of Claude Mythos

Steve ZurierApril 14, 2026

Experts warn AI-driven cyber threats outpace defenses; current guidance may be insufficient.

JSOC IT founder and CEO Sam Sawalhi.

JSOC IT’s Sam Sawalhi: Telling the room what it needs to hear

SC StaffApril 14, 2026

Sometimes the path to success is saying not what people want to hear, but what they need to hear.

(Credit: Alina – stock.adobe.com)

Application security

OpenAI’s macOS app-signing process hit by axios supply chain attack

Laura FrenchApril 13, 2026

The company is revoking and rotating certificates “out of an abundance of caution.”

(Adobe Stock)

Application security

Microsoft 365 mailbox rules abused for exfiltration, persistence

Steve ZurierApril 13, 2026

Attackers abuse Microsoft 365 mailbox rules to hide activity, steal data, and persist after password resets.

AI browser extensions more likely to have known vulnerabilities, report says

Laura FrenchApril 13, 2026

AI extensions are also more likely to have cookie, scripting and tabs permissions.

The United States Treasury Department building in Washington, D.C.

AI benefits/risks

Bessent, Powell met privately with top bankers over impact of Claude Mythos on cybersecurity

Steve ZurierApril 10, 2026

Security pros say companies that spend less money than most large banks on cyber should take this as a warning to get moving.

Linux Foundation leader impersonated in Slack phishing campaign

Laura FrenchApril 10, 2026

The campaign targets open-source developers to steal credentials and deploy malware.

(Adobe Stock)

Actor tied to Raccoon targets ‘several dozen’ companies by exploiting BPOs and helpdesks

Steve ZurierApril 9, 2026

Google says UNC6783 leverages social engineering and phishing campaigns to gain entry to the BPOs.

EVENTS