Security Insights

Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

Photoreal wide-angle editorial shot of a server room at night, rows of rack-mounted firewall and network appliances with
Threats
4 min read
23 Jun 2026

FortiBleed: How a Credential-Stuffing IAB Probed 430,000 FortiGate Firewalls

A financially motivated initial access broker has been running brute-force and credential-stuffing attacks against internet-exposed FortiGate appliances since February 2026 — and the TTPs are textbook, repeatable, and preventable.

A photorealistic editorial scene: a glowing smartphone screen displaying an anonymous chat message with a file attachmen
Threats
5 min read
23 Jun 2026

WhatsApp DMs Are Delivering VBScript Droppers That Install Legitimate RMM Tools on Victims' Machines

An active, multi-continent campaign sends malicious Visual Basic Script files over WhatsApp to sideload commercial remote-monitoring software — and most endpoint controls never fire.

A photorealistic editorial scene of a software engineer in a dimly lit server room staring at a monitor displaying a pip
Threats
5 min read
22 Jun 2026

ShapedPlugin Pro Plugins Shipped Backdoor Code Through the Vendor's Own Update Channel

Attackers compromised ShapedPlugin's build and distribution pipeline, silently delivering malicious code to paying customers who did everything right.

Photoreal editorial scene: a dimly lit operations center in a Southeast Asian city at night, multiple large monitors dis
Threats
5 min read
22 Jun 2026

INTERPOL's 2025/2026 Assessment: Phishing, Ransomware, and AI Fraud Are Overwhelming Asia-Pacific Defenses

A new INTERPOL threat report finds cybercrime accelerating across Asia and the South Pacific, with phishing driving initial access, ransomware hitting under-resourced nations hardest, and generative AI removing the last natural barriers to mass fraud.

A photorealistic editorial scene of a dimly lit living room at night, a cheap plastic Android TV streaming box glowing w
Threats
5 min read
19 Jun 2026

Popa Botnet Tied to NASDAQ-Listed Residential Proxy Firm Alarum Technologies

Researchers from Synthient and Qurium traced four years of Android TV box traffic-relaying back to infrastructure connected to NetNut, the residential proxy service owned by Israel's Alarum Technologies — raising hard questions about where legitimate proxy networks end and silent botnets begin.

A close-up photoreal editorial shot of a human hand hovering over a mechanical keyboard, fingers poised to press keys, w
Threats
5 min read
17 Jun 2026

ClickFix Goes Mainstream: Three Loader Families Exploit the Same Social-Engineering Trick

BabaDeda, Lorem Ipsum, and Potemkin loaders all use the same clipboard-paste attack pattern — and education and finance organizations absorbed the bulk of April 2026 hits.

A photoreal editorial close-up of a glass jar sealed with a metal lid sitting on a server rack inside a dimly lit data c
Threats
5 min read
16 Jun 2026

Pickle in the Middle: Google Vertex AI SDK Flaw Gave Attackers Code Execution Inside Google's Cloud

A bucket-squatting vulnerability in the Google Cloud Vertex AI Python SDK let an unauthenticated attacker intercept ML model uploads and run arbitrary code inside Google's managed serving infrastructure — no project credentials required.

A software developer sits at a dual-monitor workstation in a dimly lit modern office at night, intensely reviewing code
Threats
5 min read
15 Jun 2026

North Korea's Contagious Interview Crew Targets Developers With Code-Review Phishing Bait

The DPRK-linked threat cluster known as Contagious Interview has added a deceptively simple new lure to its arsenal: a polite request to review some code.

A photorealistic close-up of a terminal screen glowing in a dark room showing lines of shell script code, with faint gre
Threats
5 min read
15 Jun 2026

400+ AUR Packages Hijacked to Drop Rust Credential Stealer and eBPF Rootkit

Attackers rewrote PKGBUILD scripts across more than 400 Arch User Repository packages, turning the normal build process into a credential-harvesting operation — with a kernel-level rootkit waiting for any build that ran as root.

A photoreal editorial scene shot in a dark server room: rows of black rack-mounted servers glow with faint blue and gree
Threats
4 min read
15 Jun 2026

Velvet Ant Hid Inside Linux Auth for Nearly a Decade by Backdooring PAM and OpenSSH

A China-nexus threat actor planted rogue authentication modules on victim networks and stayed undetected for close to ten years — by targeting the one layer most incident-response playbooks quietly trust.

A photoreal editorial scene showing a tangled mass of glowing fiber-optic cables being severed by a pair of heavy-duty b
Threats
5 min read
14 Jun 2026

Outsider Enterprise Dismantled: What the 'AI-Powered' Phishing Takedown Actually Tells Defenders

The FBI, Google, and Lumen's Black Lotus Labs jointly knocked a Chinese phishing-as-a-service operation offline after it registered nearly one million malicious domains. The AI angle is real — but narrower than headlines suggest.

Photoreal editorial scene: an empty school district IT server room at night, fluorescent lights flickering, a lone works
Threats
4 min read
13 Jun 2026

Former Iowa School IT Admin Sentenced to 21 Months for Post-Termination Network Intrusions

No malware, no nation-state tradecraft — just valid credentials that nobody revoked. A disgruntled ex-employee deleted accounts and disrupted classrooms for months before federal charges ended it.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress