GitHub user attachments abused to spread novel infostealer

Laura FrenchApril 17, 2026

The stealthy CGrabber malware targets a wide array of apps, browsers and extensions.

RESOURCES

AI/ML
AI as the defender: Reinventing proactive cybersecurity through intelligent automation
Email security
AI on the attack: How defenders turn artificial intelligence against cyber threats
Application security
Code, control, and chaos: Rethinking security in the age of AI-driven development
Ransomware
Ransomware reimagined: Why containment alone is no longer enough
Identity
Rethinking identity security for a borderless attack surface

PODCASTS

Vulnerability Management
Dougbot, RedSun, ATHR, Vishing, Cisco, Google, Chrome, Severance, Shor, Josh Marpet.. – SWN #573
Vulnerability Management
The AI “Vulnpocolypse” Is Real? – PSW #922
Leadership
Not All CISO Gigs Are Created Equal and RSAC Interviews from ESET and Mimecast – Joanna Chen, Tony Anscombe, Rob Juncker – BSW #443
Vulnerability Management
Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more – Kieran Human – SWN #572
Application security
Securing Software’s Journey with the OWASP SPVS – Cameron W., Farshad Abasi, Rohan Ravindranath, Ido Geffen – ASW #378

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Homepage of Apache website on the display of PC

Vulnerability Management

Apache ActiveMQ RCE bug to CISA list of exploited vulnerabilities

Steve ZurierApril 17, 2026

CISA flags 13-year-old ActiveMQ RCE as exploited, highlighting AI-driven bug discovery.

Application security

Bot traffic makes up 49% of online activity, but 99% of bots unwanted

Laura FrenchApril 17, 2026

Researchers warn malicious bots may spoof trusted user agents to disguise their intent.

Cisco patches critical bugs in Webex, ISE

Steve ZurierApril 16, 2026

Experts warn that the Webex bug may get the headlines, but exploited ISE bugs offer attackers the keys to the kingdom.

Nginx-ui MCP missing authentication flaw actively exploited

Laura FrenchApril 16, 2026

Attackers on the same network can alter nginx configurations, leading to complete takeover.

Smartphone scam call and phishing concept with unknown caller interface and hacker icon on screen

Vishing attacks on Okta identity systems on the rise

Steve ZurierApril 15, 2026

Vishing attacks target Okta to bypass MFA, enabling broad SSO data access.

Black Basta-linked attacks target executives via Teams phishing

Laura FrenchApril 15, 2026

Suspected former Black Basta affiliates impersonate help desks to deploy RMM software.

Security Operations

CISOs: Revamp security programs in the wake of Claude Mythos

Steve ZurierApril 14, 2026

Experts warn AI-driven cyber threats outpace defenses; current guidance may be insufficient.

JSOC IT founder and CEO Sam Sawalhi.

JSOC IT’s Sam Sawalhi: Telling the room what it needs to hear

SC StaffApril 14, 2026

Sometimes the path to success is saying not what people want to hear, but what they need to hear.

EVENTS