RansomwareAttackers execute a complete ransomware operation in under 24 hoursSteve ZurierJuly 16, 2026Spirals ransomware encrypted a victim in under 24 hours, underscoring the need for rapid containment.
AI/MLCISOs Build Practical Playbook for Governing Agentic AIKelley DamoreJuly 16, 2026A practitioner-built framework for securing, and scaling agentic AI
Vulnerability ManagementCISA warns that three SharePoint Server bugs are actively exploitedSteve ZurierJuly 15, 2026Federal agencies given to July 17 to make the patches.
MalwareMacOS ‘CrashStealer’ malware poses as crash reporter to steal credentialsLaura FrenchJuly 15, 2026The malware is written in C++ and uses a signed and notarized dropper to evade Gatekeeper.
IdentityOAuth client ID spoofing silently validates stolen Microsoft Entra ID credentialsSteve ZurierJuly 14, 2026Attackers run multiple spoofing campaigns to confirm credentials.
Application securityRabbitMQ fixes flaw that allowed broker takeover via OAuth secret disclosureSC StaffJuly 14, 2026An additional flaw would allow an authenticated attacker with zero permissions to view cross-tenant metadata.
Critical Infrastructure SecurityRussia’s FSB attacks critical infrastructure, says 12 Western nationsSteve ZurierJuly 13, 2026Russian hackers target outdated Cisco routers in decade-long espionage campaign.
Incident ResponseCISA shares postmortem of GitHub credential leakLaura FrenchJuly 10, 2026CISA credentials and code were uploaded to a public repository on a contractor’s personal GitHub account in May.
IdentityOkta warns of vishing scheme that extorts dataSteve ZurierJuly 10, 2026Attackers pose as IT and tell employees to enroll an MS passkey, but the bad guys register their own key and take over the user.
Ransomware‘GodDamn’ ransomware deploys PoisonX driver to kill EDRLaura FrenchJuly 10, 2026GodDamn, a rebrand of Beast and Monster ransomware, leverages AnyDesk for remote access.
Europe built the world’s strongest privacy law. WhatsApp just found the gap it doesn’t cover.Umesh KalankeJuly 15, 2026