Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

A privilege-escalation flaw tracked as CVE-2026-50656 gave attackers full SYSTEM access on fully patched Windows 10 and Windows 11 machines, and a working exploit was already on the internet before Microsoft shipped the fix.

Banks that processed the payment filed a Suspicious Activity Report. The Reform UK leader now faces scrutiny from two separate official bodies at the same time.

A single attacker planted 17 counterfeit packages impersonating Paysafe, Skrill and Neteller on the two largest public code registries, silently harvesting secrets from any developer who installed them.

A perfect-10 severity vulnerability in Adobe ColdFusion is among four flaws now confirmed as actively exploited, putting federal agencies and private organisations on a tight patching deadline.

Criminals posing as platform support staff are using vishing and brute-force account takeover to steal wages from delivery drivers. The Transport Workers Union has already recovered more than $50,000 in stolen pay.

Cisco Talos has exposed a China-linked group that hijacks Ruckus and ASUS routers through known, unpatched vulnerabilities to build a hidden relay network for multiple state-aligned spying operations.

Attackers need no password to exploit CVE-2026-40138, rated 9.2 out of 10. Every self-hosted BeyondTrust appliance is exposed until patched.

Criminals are disguising phishing attacks as wedding and birthday RSVPs. The Federal Trade Commission says victims are handing over passwords and payment details without realising the invitation was never real.

Palo Alto Networks' Unit 42 has documented an active attack chain where criminals call employees over Teams, impersonate the IT helpdesk, and install a Node.js trojan that hides its command server inside an Ethereum blockchain.

Reform UK leader Nigel Farage is under parliamentary scrutiny after a newspaper investigation alleged he accepted security staff, social media workers, and use of a London property from George Cottrell, who pleaded guilty to US wire fraud in 2017, without registering the support with Parliament.

Reform UK's Robert Jenrick confirmed that party leader Nigel Farage accepted gifts including staff, security, and accommodation from George Cottrell, a convicted fraudster, without registering them in the parliamentary interests register.

The Contagious Interview crew has seeded npm, Packagist, Go, and the Chrome Web Store with 108 malicious packages and extensions — all aimed at the developers who build software for crypto firms, banks, and tech companies.
Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.
