Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In mid-January 2026, one of the most ironic cybersecurity incidents in recent memory occurred: eScan antivirus software from MicroWorld Technologies began delivering malware to its own users. Attackers gained unauthorized access to a regional update server and quietly replaced a legitimate update component with a malicious version. For roughly two hours on January 20, 2026, systems that attempted to fetch updates received a trojanized Reload.exe instead of a security patch.

A new survey by Vodafone Business found that more than 10% of companies in the UK would likely go out of business if they were hit by a major cyber incident, such as a ransomware attack, Infosecurity Magazine reports. Additionally, 71% of business leaders believe at least one of their employees would fall for a convincing phishing attack, and fewer than half (45%) of organizations have ensured that all of their employees have received basic cyber awareness training.

Deepfake technology is now a legitimate enterprise level threat. What started as a potentially disturbing AI capability has rapidly become a powerful tool for cybercriminals and one that exploits the most fundamental element of business communication: trust. A new report from Info‑Tech Research Group, Defend Against Deepfake Cyberattacks, breaks down how to understand and assess the risk deepfakes pose to organizations of all sizes.

AI agents are rapidly transforming enterprise operations. Unlike traditional software that follows fixed code paths, AI agents interpret prompts, form plans, select tools, and react to results in a continuous loop. At the heart of this capability is the agent's ability to actively select and execute capabilities based on natural language descriptions, schemas, and examples.

Golf can be an incredibly frustrating game to play. The great Winston Churchill described golf as "a game whose aim is to hit a very small ball into an even smaller hole, with weapons singularly ill-designed for the purpose.” Interestingly, cybersecurity professionals face the exact opposite problem.

Web applications process billions of transactions every day, handling everything from user credentials to financial records. This constant exchange of data makes them prime targets for attackers who are looking to gain access for data theft or service disruption. Web application security vulnerabilities are highly sophisticated attack vectors that can exploit authentication flows, business logic, and API integrations.

When threat actors target your vendors, they’re not just looking to exploit a system for a single attack. They’re looking for every opportunity to scale up their operations. This means seeking ways to push their compromises as far downstream into the supply chain as they can go.