Microsoft fixes three zero-days in first Patch Tuesday of 2026
Microsoft’s first Patch Tuesday of 2026 fixes three zero-days, including one already exploited, prompting urgent patching.
Google patches Chrome’s fifth zero-day of the year
Google fixed Chrome zero-day CVE-2023-4863, a libwebp flaw under active attack that could allow arbitrary code execution.
How CISOs can survive geopolitical cyberattacks
Geopolitical cyberattacks increasingly favor wipers and disruption, pushing CISOs to focus on segmentation, containment, and recovery.
Ransomware affiliate leak exposes The Gentlemen’s playbook
A leak from affiliate Hastalamuerte reportedly reveals The Gentlemen’s use of FortiGate exploits, BYOVD evasion and Qilin-style tactics.
Middle East conflict highlights cloud resilience gaps
Conflict in the Middle East shows how cloud outages can stem from physical attacks, power loss, and telecom failures—not just cyber incidents.
America’s critical infrastructure still runs on controllers old enough to buy on eBay
Critical infrastructure operators are still securing decades-old industrial controllers, often using secondhand parts as legacy OT risk grows.
Iran claims massive cyber-attack on medtech firm Stryker
A pro-Iran group says it wiped 200,000 Stryker systems, but public evidence is thin. Here’s what’s known, what isn’t, and why it matters.
Compromised WordPress sites used in global ClickFix infostealer campaign
Rapid7 warns over 250 legitimate sites were compromised to push ClickFix prompts and infostealer malware at unsuspecting visitors.
Iran’s MuddyWater hackers hit US firms with new Dindoor backdoor
Iran-linked MuddyWater used a new Dindoor backdoor against a bank, airport, non-profit, and software firm branch in a fresh espionage campaign.
Israel: RedAlert spyware campaign exploits wartime panic with trojanized app
A wartime-themed spyware campaign in Israel used SMS lures and a fake Red Alert app to trick users into installing Android surveillance malware.
AI and deepfakes are making cyber-attacks easier to launch, Cloudflare warns
Cloudflare says AI and deepfakes are helping attackers scale phishing, impersonation and fraud with less skill and greater realism.
Less lucrative ransomware market pushes attackers toward stealthier Windows tools
Ransomware groups are replacing Cobalt Strike with native Windows tools as payments fall and data-theft extortion becomes more common.