Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

A financially motivated initial access broker has been running brute-force and credential-stuffing attacks against internet-exposed FortiGate appliances since February 2026 — and the TTPs are textbook, repeatable, and preventable.

An active, multi-continent campaign sends malicious Visual Basic Script files over WhatsApp to sideload commercial remote-monitoring software — and most endpoint controls never fire.

Attackers compromised ShapedPlugin's build and distribution pipeline, silently delivering malicious code to paying customers who did everything right.

A new INTERPOL threat report finds cybercrime accelerating across Asia and the South Pacific, with phishing driving initial access, ransomware hitting under-resourced nations hardest, and generative AI removing the last natural barriers to mass fraud.

Researchers from Synthient and Qurium traced four years of Android TV box traffic-relaying back to infrastructure connected to NetNut, the residential proxy service owned by Israel's Alarum Technologies — raising hard questions about where legitimate proxy networks end and silent botnets begin.

BabaDeda, Lorem Ipsum, and Potemkin loaders all use the same clipboard-paste attack pattern — and education and finance organizations absorbed the bulk of April 2026 hits.

A bucket-squatting vulnerability in the Google Cloud Vertex AI Python SDK let an unauthenticated attacker intercept ML model uploads and run arbitrary code inside Google's managed serving infrastructure — no project credentials required.

The DPRK-linked threat cluster known as Contagious Interview has added a deceptively simple new lure to its arsenal: a polite request to review some code.

Attackers rewrote PKGBUILD scripts across more than 400 Arch User Repository packages, turning the normal build process into a credential-harvesting operation — with a kernel-level rootkit waiting for any build that ran as root.

A China-nexus threat actor planted rogue authentication modules on victim networks and stayed undetected for close to ten years — by targeting the one layer most incident-response playbooks quietly trust.

The FBI, Google, and Lumen's Black Lotus Labs jointly knocked a Chinese phishing-as-a-service operation offline after it registered nearly one million malicious domains. The AI angle is real — but narrower than headlines suggest.

No malware, no nation-state tradecraft — just valid credentials that nobody revoked. A disgruntled ex-employee deleted accounts and disrupted classrooms for months before federal charges ended it.
Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.
