Security Insights

Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

A photoreal editorial scene of a large server room bathed in cool blue light, with a single physical gate or barrier — s
Regulation
5 min read
5 Jul 2026

US Clears Anthropic's Fable 5 AI Model for International Use After Two-Week Export Freeze

The Commerce Department approved Anthropic's most capable AI system for foreign customers following a government review that exposed a new frontier in US export-control policy — and a real operational risk for any organization that relies on third-party AI services.

A wide-angle photoreal editorial photograph taken at dusk on a quiet American residential street. In the foreground, a w
Regulation
5 min read
5 Jul 2026

Flock Safety's AI Cameras Are Logging Your Plate — And Some Cities Want Out

Solar-powered cameras quietly scan licence plates on public streets across America. The data lives with local police — and federal agencies know how to ask for it.

A dimly lit government server room with rows of glowing blue rack servers, a single desk lamp illuminating a keyboard an
Ransomware
5 min read
4 Jul 2026

No Ransomware, No Problem: How Kairos Collected $1 Million from a U.S. Government Agency Using Only a Threat

A leaked chat log and blockchain trace reveal that a criminal group called Kairos extorted roughly $1 million from an unnamed U.S. government entity — without ever encrypting a single file.

A close-up editorial photograph of a person's hands holding a modern smartphone, the screen casting a soft blue-white gl
Threats
5 min read
4 Jul 2026

WhatsApp Usernames Are Coming — And Your Phone Number Privacy Depends on What You Do Next

Meta's messaging giant announced on June 30, 2026 that users can now reserve unique WhatsApp usernames, ending the years-long practice of handing your phone number to every stranger who wants to reach you.

A close-up editorial photograph of a person's hands typing a medical symptom into a laptop browser at a desk, with faint
Regulation
5 min read
4 Jul 2026

Invisible Code, Visible Harm: How Monash IVF and Medmate Sent Patient Health Data to Meta and TikTok

Australia's Privacy Commissioner ruled that two health companies ran tracking pixels on sensitive medical pages for years — transmitting fertility and medication searches to social media platforms without a single user's consent.

A photoreal editorial scene of a dark server room with rows of glowing rack-mounted servers, a faint chain of illuminate
Ransomware
5 min read
3 Jul 2026

Avalon Malware Framework Chains Phishing to Ransomware in a Single Modular Toolkit

Security researchers have dissected Avalon, a newly discovered framework that begins with a phishing email and ends with CrownX ransomware — quietly stealing credentials, spreading across networks, and destroying backups along the way.

A photoreal editorial scene showing a dimly lit open-plan office at night, multiple monitors glowing with news website i
Threats
5 min read
3 Jul 2026

Fake News, Real Damage: How China's TA423 Used a Bogus Australian Website to Spy on Energy Workers

A state-linked espionage group spent two months running a fictitious news outlet to silently harvest keystrokes from offshore energy employees — no malware download required.

A photoreal editorial scene shot from a low angle in a dark enterprise data center corridor: rows of illuminated server
Ransomware
5 min read
3 Jul 2026

Anubis Ransomware Exploits CVE-2025-5777 to Bypass MFA and Hijack Enterprise Sessions

Affiliates are chaining a Citrix NetScaler memory-disclosure flaw with legitimate RMM tools and supply-chain credential theft — rendering multi-factor authentication completely irrelevant at the point of entry.

A photoreal editorial scene showing a law enforcement agent's hands on a keyboard in a dimly lit federal operations cent
Threats
5 min read
2 Jul 2026

FBI Seizes NetNut Domains, Dismantling the Popa Botnet's Proxy Empire

Federal agents pulled down hundreds of domains tied to Alarum Technologies' NetNut service in mid-2026, exposing how over two million hijacked consumer devices quietly funneled cybercriminal traffic across the internet.

A close-up photograph of a server rack in a dimly lit data center, with a single warning LED glowing amber on one unit,
Vulnerabilities
4 min read
2 Jul 2026

CISA Adds SharePoint Deserialization Flaw CVE-2026-45659 to Known Exploited Vulnerabilities Catalog

The high-severity remote code execution bug carries a CVSS score of 8.8. Federal agencies have three weeks to patch. Private-sector defenders should move faster.

A photoreal editorial scene: a darkened home office at night, a single monitor casting blue light on a keyboard, the scr
Threats
4 min read
2 Jul 2026

ChocoPoC RAT Targets Security Researchers Through Fake GitHub Proof-of-Concept Repositories

Attackers are disguising a Python-based remote access trojan as legitimate exploit code — and the bait is designed specifically for the people who hunt threats for a living.

A photoreal editorial scene showing a young man in handcuffs being escorted through a modern international airport corri
Threats
5 min read
1 Jul 2026

Scattered Spider Suspect Extradited From Finland to Face Federal Charges in Chicago

Peter Stokes, 19, arrived in U.S. custody on July 1 — the latest arrest in a slow federal campaign against a crew whose social-engineering playbook has already cost enterprises hundreds of millions of dollars.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress