General cybersecurity industry news, market trends, and analysis
Iran and its supporters have taken to cyberspace to retaliate for US-Israeli military action, with an aim to cause economic and physical disruption.
70% of enterprises run AI agents, but weak IAM governance risks identity “dark matter” and cross-cloud exposure, survey finds.
Starkiller phishing suite uses live reverse proxying to bypass MFA, while attackers abuse OAuth device codes to hijack Microsoft 365 accounts.
Microsoft details OAuth redirect abuse used to deliver ZIP malware and EvilProxy links to government targets.
Google’s March 2026 Android update patches 129 vulnerabilities, including exploited Qualcomm flaw CVE-2026-21385 and critical RCE CVE-2026-0006.
SloppyLemming targeted Pakistan and Bangladesh with BurrowShell, a Rust keylogger, and 112 Cloudflare Workers domains in 2025–2026.
The now-patched flaw is the latest in a growing string of security issues associated with the viral AI tool, which has seen rapid adoption among developers.
Speed and security are historically clashing priorities, but with AI and automation, it's increasingly important that application developers and security teams get on the same page.
The global law enforcement crackdown, which began in January 2025, also identified nearly 180 members of the notorious cybercriminal collective.
Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and surveillance.
Google is testing Merkle Tree Certificates in Chrome to enable quantum-resistant HTTPS, reduce TLS handshake data & launch a new root store by 2027.
Weekly cybersecurity recap covering active exploits, AI abuse, exposed cloud assets, critical CVEs, and evolving threat trends.
