(Adobe Stock)

(Adobe Stock)

Unit 42: Identity abuse drives nearly two-thirds of all breaches

Steve ZurierFebruary 17, 2026

Speed is also a factor, as the time from data access to exfiltration has dropped to 72 minutes.

RESOURCES

Government security
Trust and data integrity: Cornerstones of AI for the public sector
Critical Infrastructure Security
From perimeter to protocol: Reducing telecom attack surface with privacy-first mobile technology
Application security
Scaling SaaS security to manage agentic AI
Application security
Modernizing SaaS security for the agentic AI era
Application security
The next evolution of application security: AI-accelerated DevSecOps

PODCASTS

Application security
Conducting Secure Code Analysis with LLMs – ASW #370
Endpoint/Device Security
Hardware-level zero trust, don’t trust AI with your employees, and the news – Matias Katz, J Wolfgang Goerlich – ESW #446
Vulnerability Management
Cams, Gelbwurst, Chrome, SCCM, CVES, SSHStalker, RAM, TikTok, Josh Marpet… – SWN #555
IoT
AI Vulnerability Hunting – PSW #913
Leadership
Preparing For Q-Day as CISOs Face Quantum Disruption and Cyber Resilience Pressures – Sandy Carielli – BSW #434

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

(Credit: photo_gonzo – stock.adobe.com)

Security Operations

CISA adds SolarWinds, Microsoft, Apple, Notepad++ vulnerabilities to KEV catalog

Laura FrenchFebruary 13, 2026

The Microsoft Configuration Manager vulnerability, patched in 2024, could enable RCE.

patch presented in the form of binary code

Actively exploited BeyondTrust RCE bug exposes identity infrastructure

Steve ZurierFebruary 13, 2026

Exploited BeyondTrust RCE (CVE-2026-1731) shows patch gaps in privileged access tools.

(Credit: Rafael Henrique – stock.adobe.com)

Vulnerability Management

Unstructured.io flaw enables path traversal by email attachment

Laura FrenchFebruary 13, 2026

A malicious attachment could cause files to be written to sensitive locations, leading to RCE.

Close up shot of Apple iPhone, Apple announces iOS 26 during its WWDC 2025.

Application security

Apple fixes zero-day that exploited OS bug in open-source code

Steve ZurierFebruary 12, 2026

Apple patches exploited zero-day in open-source component across iOS, macOS, watchOS.

Threat Management

Foxveil malware loader abuses Discord, Cloudflare, Netlify for staging

Laura FrenchFebruary 12, 2026

The loader uses a novel string mutation mechanism and in-memory execution to evade detection.

Holographic digital shield with warning sign hovers over glowing circuit board. Cybersecurity threat detection system uses futuristic tech for network protection. Data safety alert.

Security Operations

Published CVEs could hit record-breaking 50,000-plus in 2026

Stephen WeigandFebruary 12, 2026

FIRST forecasts 50K-plus CVEs in 2026 could strain security teams and planning.

Cyber basics

Application security

Conduent case breaks open after Volvo reports third-party compromise

Steve ZurierFebruary 11, 2026

Conduent incidents reveal how third-parties must move to a disclosure-first model.

AI-generated React2Shell malware infects 90-plus hosts

Laura FrenchFebruary 11, 2026

The malware was discovered through a Docker honeypot and is used for cryptojacking.

EVENTS