Breaches, ransomware and regulation — analysed the day they break, with the practical lessons your team can act on. Free to read, no account required.

The Commerce Department approved Anthropic's most capable AI system for foreign customers following a government review that exposed a new frontier in US export-control policy — and a real operational risk for any organization that relies on third-party AI services.

Solar-powered cameras quietly scan licence plates on public streets across America. The data lives with local police — and federal agencies know how to ask for it.

A leaked chat log and blockchain trace reveal that a criminal group called Kairos extorted roughly $1 million from an unnamed U.S. government entity — without ever encrypting a single file.

Meta's messaging giant announced on June 30, 2026 that users can now reserve unique WhatsApp usernames, ending the years-long practice of handing your phone number to every stranger who wants to reach you.

Australia's Privacy Commissioner ruled that two health companies ran tracking pixels on sensitive medical pages for years — transmitting fertility and medication searches to social media platforms without a single user's consent.

Security researchers have dissected Avalon, a newly discovered framework that begins with a phishing email and ends with CrownX ransomware — quietly stealing credentials, spreading across networks, and destroying backups along the way.

A state-linked espionage group spent two months running a fictitious news outlet to silently harvest keystrokes from offshore energy employees — no malware download required.

Affiliates are chaining a Citrix NetScaler memory-disclosure flaw with legitimate RMM tools and supply-chain credential theft — rendering multi-factor authentication completely irrelevant at the point of entry.

Federal agents pulled down hundreds of domains tied to Alarum Technologies' NetNut service in mid-2026, exposing how over two million hijacked consumer devices quietly funneled cybercriminal traffic across the internet.

The high-severity remote code execution bug carries a CVSS score of 8.8. Federal agencies have three weeks to patch. Private-sector defenders should move faster.

Attackers are disguising a Python-based remote access trojan as legitimate exploit code — and the bait is designed specifically for the people who hunt threats for a living.

Peter Stokes, 19, arrived in U.S. custody on July 1 — the latest arrest in a slow federal campaign against a crew whose social-engineering playbook has already cost enterprises hundreds of millions of dollars.
Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.
