(Adobe Stock) OAuth client ID spoofing silently validates stolen Microsoft Entra ID credentialsSteve ZurierJuly 14, 2026Attackers run multiple spoofing campaigns to confirm credentials.
Your phishing defense was built for 2016, but attackers are operating in 2026Rod SchultzJuly 14, 2026
Cloudflare launches Precursor to track bot behavior throughout browsing sessionsSC StaffJuly 13, 2026
The context gap: Building trusted agents in the age of AI-accelerated exploitationPaul WagenseilJuly 2, 2026
Application securityRabbitMQ fixes flaw that allowed broker takeover via OAuth secret disclosureSC StaffJuly 14, 2026An additional flaw would allow an authenticated attacker with zero permissions to view cross-tenant metadata.
Critical Infrastructure SecurityRussia’s FSB attacks critical infrastructure, says 12 Western nationsSteve ZurierJuly 13, 2026Russian hackers target outdated Cisco routers in decade-long espionage campaign.
Critical Infrastructure SecurityRep. Rick Larsen: Bipartisan infrastructure key to safer transportationSC StaffJuly 13, 2026Lawmaker says bipartisan infrastructure investment is essential to modernize U.S. transportation.
Incident ResponseCISA shares postmortem of GitHub credential leakLaura FrenchJuly 10, 2026CISA credentials and code were uploaded to a public repository on a contractor’s personal GitHub account in May.
IdentityOkta warns of vishing scheme that extorts dataSteve ZurierJuly 10, 2026Attackers pose as IT and tell employees to enroll an MS passkey, but the bad guys register their own key and take over the user.
Ransomware‘GodDamn’ ransomware deploys PoisonX driver to kill EDRLaura FrenchJuly 10, 2026GodDamn, a rebrand of Beast and Monster ransomware, leverages AnyDesk for remote access.
TrainingTwo-year online college ‘Campus’ now offers cybersecurity trackSteve ZurierJuly 9, 2026Online program aims to build a pipeline of qualified candidates to fill positions that require much-needed AI skills.
AI/ML‘GhostApproval’ technique leads AI coding tools to alter files outside of sandboxLaura FrenchJuly 9, 2026The technique abuses symlinks to escape the intended workspace and weaken human-in-the-loop protections.