Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Businesses have NO IDEA how bad AI attacks can be
There are two types of companies: those who have been compromised and those who will be. Mid and small businesses are walking into this reality without understanding what AI has changed. On The Cybersecurity Defenders Podcast, David Chernitzky, CEO and co-founder of Armour Cybersecurity, explains why the gap between how large organizations understand AI-driven threats and how smaller ones do is widening fast.
Free Gift Fallacy: How Attackers Harvest Credit Cards via Fake Surveys
The classic 'survey reward' scam is back and hitting harder than ever. KnowBe4 Threat Labs is tracking a massive, high-volume campaign that is not only impersonating a wide array of trusted global brands across retail, logistics, and healthcare, but is using hundreds of newly registered domains (NRDs) and sophisticated psychological priming to fly past traditional security defenses.
How to detect HTTP/2 abuse in Apache web server logs
Apache HTTP Server is one of the most popular web servers in use today for engineering teams, and its prevalence naturally makes it a frequent target for attackers. In May 2026, the Apache Software Foundation patched CVE-2026-23918, a high-severity double-free vulnerability in Apache 2.4.66’s mod_http2 module. For teams not using Apache’s MPM prefork, the vulnerability would enable an attacker to crash worker processes or achieve remote code execution (RCE) in some specific cases.
Defending Against the Next Generation of Agentic Attacks
The attack lifecycle is compressing. Frontier AI models like Anthropic’s Mythos and OpenAI’s GPT-5.5-Cyber can help bad actors research vulnerabilities, test approaches, adapt code, and change delivery methods at machine speed and scale. That reduces the time, skill, and coordination needed to move from vulnerability discovery to active attack. When attacks behave this way, security needs to operate in real time with full visibility and context across the attack path.
NGINX Under Active Attack: CVE-2026-42945 and CVE-2026-9256 Put Your Infrastructure at Risk
NGINX administrators are facing back-to-back emergency patch cycles. Within days of each other, two critical heap buffer overflow vulnerabilities were disclosed in the same NGINX component, both capable of crashing worker processes and enabling remote code execution on systems without ASLR. If your organization runs NGINX in any capacity, these need immediate attention.
When AI changes the rules, attackers adapt
The dominant narrative around AI in security is one of emboldened defenders suppressing attackers. Yet, not everyone is convinced the future will be so rosy. In a recent Defender Fridays episode, Josh Neil, Co-founder and CTO of Alpha Level, made an argument that cuts against the celebratory mood: as AI makes known attack vectors harder to use, adversaries don't disappear. They adapt. For MSSPs and SOC teams, an adversary that looks like a user is a harder problem than one that looks like malware.
85% of Attacks Leverage RDP for Lateral Movement
Ransomware is pivoting toward faster, more targeted data-extortion models, where encryption is no longer the primary objective. According to WatchGuard’s 2026 cybersecurity predictions, crypto-ransomware will lose ground to models driven by data exfiltration and reputational leverage, lowering the technical bar for threat actors while increasing their attack velocity. This shift has a direct consequence.
How AI Tools Are Accelerating Attacks
Cynthia Kaiser explains how Mythos and AI are making initial access easier for ransomware groups. Watch the full video on our channel.
Stopping the Agentic Breach: How to Operationalize Your Defense Against Mythos-Speed Attacks
The industry has spent the past few weeks focused on Claude Mythos Preview and the rise of autonomous offensive AI. As outlined in Claude Mythos, Project Glasswing, and the Machine-Speed Security Race, this shift is not only about faster attacks. The same AI-driven acceleration that helps attackers discover weaknesses faster can also help defenders validate exposure sooner. For security operations teams, the challenge is turning that strategic shift into action.