CISA widens KEV as edge-system risk keeps climbing CISA expanded KEV with GitLab and Dell vulnerabilities, while researchers detailed large-scale FortiGate compromise activity and a critical Grandstream VoIP flaw.
Cybersecurity CVE-2026-2329 and the forgotten attack surface in enterprise voice systems Rapid7's CVE-2026-2329 disclosure in Grandstream GXP1600 VoIP phones highlights persistent patching gaps in communications infrastructure.
Cybersecurity FortiGate at scale: what AWS's AI-augmented threat report means for defenders AWS Threat Intelligence reporting on 600+ FortiGate compromises shows how AI-assisted attacker workflows can increase campaign velocity on familiar edge attack paths.
Cybersecurity UNC6201 and Dell RecoverPoint: what long-dwell exploitation teaches defenders Google and Mandiant's UNC6201 findings on Dell RecoverPoint show how attackers convert infrastructure flaws into long-term persistence and lateral movement.
Cybersecurity CISA's KEV expansion for GitLab and Dell marks a new edge-risk baseline CISA's February 18 KEV additions for GitLab SSRF and Dell RecoverPoint show how edge and management systems are driving urgent patch prioritization.
Microsoft patches 6 zero-days under active exploitation Microsoft patches 6 exploited zero-days. BeyondTrust CVSS 9.9 flaw under active attack with Feb 16 CISA deadline. VoidLink malware targets Linux cloud. Ransomware groups post 21 claims in one day.
Cybersecurity 21 Ransomware Claims in One Day: Inside the Industrialization of Extortion Eight ransomware groups posted 21 victim claims in a single day on February 12. With Qilin claiming 1,115 victims in 2025 and attacks up 30% year-over-year, ransomware has become an industrial operation.
Cybersecurity VoidLink: The AI-Built Malware Framework That Speaks Cloud-Native VoidLink is a modular, Zig-based Linux malware framework with eBPF rootkits and container escape capabilities — and it was built with AI assistance in under a week. Here's what defenders need to know.
Cybersecurity BeyondTrust CVE-2026-1731: When Your Privileged Access Tool Becomes the Breach A CVSS 9.9 unauthenticated RCE in BeyondTrust Remote Support and PRA is under active exploitation. We examine the attack chain, timeline, and what this says about the growing risk to privileged access management tools.
Cybersecurity Microsoft's February Patch Tuesday: Six Zero-Days and a Fire Drill for Every Windows Shop Microsoft's February 2026 Patch Tuesday fixed 59 vulnerabilities including 6 actively exploited zero-days. We break down each zero-day, what's being exploited, and why this month's patch cycle is anything but routine.
Notepad++ updates hijacked by Chinese state hackers Chinese state-sponsored group Lotus Blossom hijacked Notepad++'s update mechanism for six months. Also: Conduent ransomware breach hits 25M+ Americans, critical n8n sandbox escape enables RCE, and a Microsoft Office zero-day is under active exploitation with a CISA KEV deadline of February 16.
Cybersecurity Microsoft Office Zero-Day Bypasses Kill Bit Protections: A Deep Dive CVE-2026-21509 bypasses a decades-old COM security mechanism to execute code through Office documents — no macros, no prompts, just open the file.
Cybersecurity When the Sandbox Breaks: How n8n's CVSS 9.4 Flaw Exposes the Limits of Expression Evaluation: A Deep Dive A single line of JavaScript can bypass five security layers in n8n's expression sandbox. The flaw — a bypass of a previous CVSS 9.9 fix — exposes fundamental challenges in securing platforms that evaluate user code.
Cybersecurity Conduent Ransomware Breach Exposes the Fragility of Government Outsourcing: A Deep Dive A single ransomware attack on government contractor Conduent has exposed personal data of 25 million Americans who depend on Medicaid, SNAP, and child support.
Cybersecurity Notepad++ Update Mechanism Hijacked in Six-Month Chinese Espionage Campaign: A Deep Dive How Chinese APT Lotus Blossom turned Notepad++'s trusted update system into a precision espionage tool for six months without detection.
Quarterly Roundup China Was Listening to America's Phone Calls Q4 2024 ended the year with a national security crisis: Chinese hackers inside US wiretap systems, the Treasury breached, and the FBI telling Americans to use encrypted messaging.
Quarterly Roundup CrowdStrike Broke the Internet (By Accident) Q3 2024 delivered the largest IT outage in history, the largest telecom data breach ever, and one of the biggest PII leaks in recorded history. Just another quarter.
Quarterly Roundup Snowflake's Credential Crisis Hits 165 Companies Q2 2024's theme was clear: identity is the new perimeter. Snowflake credential theft hit 165 companies, ransomware paralyzed hospitals on two continents, and healthcare couldn't catch a break.
Quarterly Roundup The Hack That Broke American Healthcare Q1 2024 was brutal: Change Healthcare's ransomware attack paralyzed US healthcare, a near-miss supply chain backdoor targeted Linux, and Operation Cronos dismantled LockBit.