%term

The Hidden Third-Party Risks Behind Domain Hijacking

Mar 23, 2026 By Emma Stevens In BitSight

Domains are foundational to digital trust. You visit your favorite online store or log in to your email without thinking twice about the web address in your browser. But what happens if that domain has been hijacked and you have just entered your personal information into an attacker’s trap?

Read Post

BitSight

Read more about The Hidden Third-Party Risks Behind Domain Hijacking

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

Mar 21, 2026 By Tom Abai In Mend

On March 20, 2026 at 20:45 UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden malicious code. What they had caught was CanisterWorm, a self-spreading npm worm deployed by the threat actor group TeamPCP. We track this incident as MSC-2026-3271.

Read Post

Mend

Read more about CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise

Mar 20, 2026 By Adam Cardillo - Ben Ellett - Travis Lowe - Radu-Emanuel Chiscariu In CrowdStrike

While investigating a spike in script execution detections across several CrowdStrike Falcon platform customers, CrowdStrike’s Engineering team traced the activity to a compromised GitHub Action named aquasecurity/trivy-action. This popular open-source vulnerability scanner is frequently used in CI/CD pipelines.

Read Post

CrowdStrike

Read more about From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise

SIP Trunking Security in 2026: What Enterprises Must Know Before Their Next Breach

Mar 19, 2026 By SecuritySenses In SecuritySenses

Telecom fraud exceeded an estimated $41.82 billion in losses in 2025 - and a substantial share of that exposure runs directly through SIP trunks. The SIP trunking market itself reached $73.14 billion that same year, and is projected to more than double to $157.91 billion by 2030, according to Mordor Intelligence. That collision of rapid adoption and surging fraud is not a coincidence. Enterprises are migrating voice infrastructure to IP-based systems faster than security teams are adapting their threat models to cover them. In 2026, SIP trunking is business-critical infrastructure.

Read Post

SecuritySenses

Read more about SIP Trunking Security in 2026: What Enterprises Must Know Before Their Next Breach

So Many AI Attacks, It Made Quantum Seem Easy

Mar 17, 2026 By Roger Grimes In KnowBe4

As I was writing my latest book, How AI and Quantum Impact Cyber Threats and Defenses, I was hit by how many theoretical and real attacks there are involving AI. There are attacks committed by AI and attacks committed agsinst AI, and I’m not sure which category is bigger.

Read Post

KnowBe4

Read more about So Many AI Attacks, It Made Quantum Seem Easy

Are AI Security Tools the New EDR? Attackers Are Treating Them That Way

Mar 17, 2026 By Emma Stevens In BitSight

AI security tools are no longer just defensive layers. They are high value targets being studied, fingerprinted, and bypassed much like traditional endpoint detection and response (EDR) platforms and antivirus solutions were in their early days. The speed and scale at which these tools are being deployed makes reactive defense increasingly unsustainable.

Read Post

BitSight

Read more about Are AI Security Tools the New EDR? Attackers Are Treating Them That Way

How Attackers are Hijacking SaaS in 2026

Mar 17, 2026 By foresiet In Foresiet

Think back to the old image of a “cyberattack”: a hacker in a dark room trying to smash through a digital firewall to reach a dusty server. In 2026, that’s a relic. Today, the most dangerous threat actors aren’t breaking into your house; they’re walking through the front door with a copied key.

Read Post

Foresiet

Read more about How Attackers are Hijacking SaaS in 2026

Cyber Warfare Comes to West Michigan: What the Stryker Cyberattack Means for Manufacturing

Mar 17, 2026 By Matt Kahle In SecuritySenses

In March 2026, one of West Michigan's most recognizable manufacturers found itself at the center of a major cybersecurity incident. Medical technology company Stryker, headquartered near Grand Rapids, experienced a widespread cyberattack that reportedly disrupted systems across its global network.

Read Post

SecuritySenses

Read more about Cyber Warfare Comes to West Michigan: What the Stryker Cyberattack Means for Manufacturing

Scorched Earth: Wiper Attacks are the New Face of Cyber War

Mar 13, 2026 By Chris Clements In CISO Global

Sure, they would vastly prefer targeting organizations in the opponent’s supply chain (which is why new requirements like CMMC are absolutely crucial), but every organization that is affiliated with or operates in the adversary’s territory becomes a target no matter how large or small.

Read Post

CISO Global

Read more about Scorched Earth: Wiper Attacks are the New Face of Cyber War

The Stryker Cyberattack: Why Endpoint and Mobile Device Monitoring Matter

Mar 13, 2026 By Jeff Darrington In Graylog

Recent reports of a cyberattack targeting medical device manufacturer Stryker highlight a growing challenge for modern organizations: maintaining visibility across every device connected to their networks. The Michigan-based healthcare technology company reported a global network disruption affecting its Microsoft environment following a cyberattack.

Read Post