Latest Analysis
Cybersecurity intelligence, threat analysis, and national security reporting.
Pitney Bowes Hit by 8.2M Email Address Leak in ShinyHunters Breach
A massive data leak has hit Pitney Bowes, with 8.2 million unique email addresses compromised in a breach claimed by the notorious cybercrime group ShinyHunters. The stolen data also includes names, phone numbers, physical addresses, and even company employment records.
Zero Trust Stalls at Data Movement Bottleneck
The moment data crosses a boundary, it's often assumed to be trustworthy - but that's exactly where attackers strike, exploiting this blind spot with alarming success. A recent Cyber360 survey reveals that 53% of security leaders still rely on manual processes to move sensitive data, leaving a gaping Zero Trust gap that's ripe for exploitation.
Ransomware Groups Clash in Turf War, Exposing Each Other's Operations
In a shocking display of cyber turf warfare, ransomware groups are clashing and exposing each other's operations, with one group, KryBit, firing back at 0APT with a defiant message. The online battle began when 0APT claimed to have taken down three rival groups, but its boasts only sparked a retaliatory strike.
Researchers Uncover 38 Flaws in OpenEMR Software
A security firm just uncovered 38 vulnerabilities in widely-used OpenEMR software, including two critical zero-day flaws that could have put sensitive healthcare data at risk - but thankfully, they've already been patched. The flaws were discovered using AI-driven analysis and have been fixed, safeguarding the data of around 100,000 healthcare providers worldwide.
Microsoft Phases Out Legacy TLS in Exchange Online
Microsoft is phasing out support for outdated TLS versions (TLS 1.0 and TLS 1.1) for POP3 and IMAP4 connections to Exchange Online, starting July 2026, to boost security. From then on, only TLS 1.2 or later will be accepted, making older connections obsolete.
Threat Actors Formalize Operational Security Playbook
Cybercrime players are now treating operational security as a sophisticated game-changer, and it's time for you to level up your security strategy beyond just using VPNs. A battle-tested three-tier infrastructure model has emerged, separating exposure, execution, and monetization to safeguard high-stakes operations.
China Hacker Extradited Over Silk Typhoon Cyber Attacks
In a major breakthrough, 34-year-old Chinese national Xu Zewei has been extradited to the US to face charges for his alleged role in the massive Silk Typhoon cyber attacks that hit over 12,700 US organizations. Xu appeared in a Houston federal court over the weekend, facing serious charges including wire fraud, unauthorized computer access, and identity theft.
Unpatched Flaw Exposes Hugging Face LeRobot to Remote Code Execution
A critical, unpatched vulnerability in Hugging Face's LeRobot platform, rated CVSS 9.3, allows hackers to remotely execute code by exploiting Python's insecure pickle format, putting users at risk of devastating attacks. This flaw enables unauthenticated attackers to gain control by deserializing malicious data sent over unsecured channels.
AI Accelerates Exploits, Forces New Breach Playbooks
The game-changing capabilities of AI models like Anthropic's Claude Mythos have drastically shrunk the exploit window, allowing them to uncover vulnerabilities in minutes that would take human experts weeks or even hours to detect. This seismic shift is forcing organizations to rethink their approach to vulnerability management and incident response.
SUSE's European Sovereignty Pitch Tested by $6 Billion Sale Talks
SUSE's pitch for European digital sovereignty is being put to the test as its majority stakeholder, EQT, explores a potential $6 billion sale that could see the Linux vendor fall under US ownership. This development creates an intriguing contradiction for a company that's deeply rooted in European values.
Microsoft Warns of Flawed Remote Desktop Security Alerts
Microsoft warns that Remote Desktop security alerts may not display correctly, causing overlapping text and misplaced buttons that can make it difficult to interact with the dialog. This issue affects all supported Windows releases that received the April 2026 cumulative updates.
Scattered Spider Targets Global Firms with Identity-Driven Attacks
Scattered Spider is on the prowl, launching identity-driven attacks on major global firms across various industries, from retail and hospitality to telecom, insurance, and airlines. Get insider expert advice from Dr. Torsten George on how to outsmart this sophisticated cybercrime collective.
China's Silk Typhoon Hacker Extradited to US Over COVID Cyberattacks
A Chinese hacker, Xu Zewei, has been extradited to the US from Italy for masterminding a series of devastating cyberattacks on US universities, immunologists, and virologists working on COVID-19 vaccines, treatments, and testing between 2020 and 2021. He faces charges of wire fraud and conspiracy for his role in the attacks.
Microsoft Urges iPhone Users to Reauthenticate After Outlook Outage
If you're an iPhone user who relies on Outlook, you may need to re-enter your login credentials to access your account after a global outage hit the service. Microsoft has confirmed the issue is resolved, but iOS users will need to manually sign in again through the default Mail app.
North Korean Hackers Exploit Crypto Firms with AI-Driven Zoom Lures
North Korean hackers launched a massive spear-phishing campaign, targeting over 100 crypto organizations worldwide with cleverly crafted Zoom lures and AI-generated deepfakes. They used fake calendar invites and typosquatted meeting links to gain access and exfiltrate sensitive data in a matter of minutes.
NCSC Warns of Flawed SOC Metrics
The National Cyber Security Centre is warning that common security operations center metrics are fundamentally flawed, and that the only metric that truly matters is whether attacks are detected and responded to in a timely manner. By focusing on easily quantifiable but misleading metrics, organizations may inadvertently be encouraging their teams to prioritize speed over substance.
Microsoft Confirms Active Exploitation of Windows Shell Flaw
Microsoft warns of a high-severity Windows Shell flaw that's being actively exploited by attackers, allowing them to spoof victims over a network by simply sending a malicious file to be executed. The vulnerability, patched in April's Patch Tuesday update, poses a significant threat to users if left unprotected.
Microsoft Fixes Entra ID Flaw That Enabled Service Principal Takeovers
Microsoft has patched a vulnerability in Entra ID that allowed hackers to hijack service principals, potentially leading to full takeover of sensitive systems. A security researcher discovered the flaw, which stemmed from overly broad permissions in the Agent ID Administrator role.
Rheinmetall Secures $1.2 Billion German Military Contract Expansion
Rheinmetall has landed a $1.2 billion contract expansion with the German military, boosting its Infantry Soldier of the Future — Enhanced System (IdZ-ES) kit with 237 additional platoon systems and modernized equipment. This deal is part of a larger framework agreement and follows the German Bundestag's approval of €1.3 billion for the project.
Iran Proposes Deal to Open Strait of Hormuz, End War
Iran has made a bold move, proposing a deal to reopen the Strait of Hormuz and bring an end to the war, but with the US holding all the cards, the odds are against it. The surprising offer, delivered via Pakistan, prioritizes lifting the naval blockade and reopening the strait, with nuclear talks to follow later.
Navy's MQ-25 Stingray Drone Completes Key Test Flight
The MQ-25 Stingray Drone just made history with its first test flight, successfully taking off, flying, and landing autonomously - a major milestone in integrating unmanned aerial refueling and giving manned fighters the ability to fly further and faster. This game-changing tech is set to revolutionize naval aviation.
Supreme Court Probes Geofence Surveillance Limits
The Supreme Court is scrutinizing the limits of geofence surveillance, with Justice Samuel Alito bluntly questioning whether the issue belongs in a courtroom or a law review. The case, Chatrie v. The United States, challenges the constitutionality of sweeping geofence warrants used to obtain location data from tech giants like Google.
Risk Informed: New Framework Integrates Assessment into Cognitive Ops Design
In cognitive operations, risk multiplies rapidly, making every design decision a high-stakes game - which is why integrating risk assessment into Cognitive Ops Design is a crucial step that can't be ignored. By acknowledging the unpredictable ripple effects of cognitive ops, you can proactively bake risk assessment into your strategy.
Russia Unveils S-71K Air-Launched Missile Details Amid Wartime Development Push
Russia's latest military advancement, the S-71K air-launched missile, has been unveiled amid a wartime development push, with Ukraine's intelligence agency releasing a detailed breakdown of the missile's design and components. The S-71K Kovyor, or Carpet, boasts a cutting-edge, low-observable shape, indicating a significant leap in missile manufacturing technology.