Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A definitive guide to how automated and human-reviewed patch-in-place remediation solves both direct and transitive open source vulnerabilities - without forcing risky upgrades. Learn why traditional tools miss transitive risk, and how to evaluate modern platforms based on SLA, provenance, and CI/CD fit.

On April 6, 2026, Microsoft Defender Security Research published an advisory detailing a large-scale phishing campaign that leverages the OAuth Device Code Authentication flow to compromise Microsoft 365 accounts across organizations globally. This campaign represents a significant evolution from manual social engineering to fully automated, AI-driven attack infrastructure.

Ask anyone what they think when a website requests a driver's license, Social Security number, or email address, and you'll hear the same reaction: "Why do they need that?" It’s a fair question. Not a day goes by without news of another data breach or scam. Many people have either experienced fraud firsthand or know someone who has. While they're more aware of the need to protect their data, they don't feel equipped to actually do it.

My first introduction to UNIX remote access was via telnet and rsh protocols in college, which was the standard method at the time. But I soon started reading articles about how easy it was for someone to sniff the network and capture passwords since they were being transmitted in plaintext. On the shared network segments common to university campuses and early enterprise environments, the tools to intercept traffic were freely available, well-documented, and required very little skill to use.

Sybil attacks are well documented in academic research. In practice, most organizations discover them too late, after the fake identities have already accumulated enough network influence to do real damage. The attack does not announce itself. It looks like growth. You see more nodes. More accounts. More participation. All of it is controlled by one attacker running a coordinated identity flood.

AI is changing how attacks happen, and how fast they happen. Seemplicity’s 2026 State of Exposure Management report shows why most security teams aren’t struggling to find risk, but to fix it quickly enough. Based on insights from 300 security leaders, it highlights where remediation breaks down, how AI is being used today, and why execution is becoming the real bottleneck.

Everyone is calling Claude Mythos a watershed moment. I’d like to offer a slightly different take. Not because the capability isn’t real, it is. But if Mythos is the moment that finally convinced your organization that rapid vulnerability discovery is an existential threat, you’ve been watching the wrong thing. We saw this coming. Vulnerability Management has been moving in this direction for years, and we built Nucleus with this trajectory in mind. What surprises me is the surprise.

Risk is expanding faster than most organizations can measure it, communicate it, and act on it. The convergence of AI, an ever-expanding attack surface, and deep, often hidden supply chain risks—extending into third-, fourth-, and fifth-party connections—all pose strategic and material risks to companies. Security leaders are ultimately looking for better ways to identify risk, prioritize action, and support stronger risk decisions across the entire business ecosystem.

On April 7, 2026, a security researcher described an Adobe Reader zero-day vulnerability that has been exploited since at least December 2025. The vulnerability allows threat actors to execute privileged Acrobat APIs via specially crafted malicious PDF files that execute obfuscated JavaScript when opened. Exploitation allows attackers to steal sensitive user and system data and to potentially launch additional attacks and remotely execute code.

Following our article on the challenges posed by agentic AI, we gave OpenClaw access to one of our legacy networks In my previous article on OpenClaw I wrote: “Even the most ‘risk-on’ organizations with deep AI and security experience, will likely find it challenging to configure OpenClaw in a way that effectively mitigates the risk of compromise or data loss, while still retaining any productivity value.” The Red Team here at Sophos took that as ‘challenge accepted’, s