Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On April 7, 2026, a security researcher described an Adobe Reader zero-day vulnerability that has been exploited since at least December 2025. The vulnerability allows threat actors to execute privileged Acrobat APIs via specially crafted malicious PDF files that execute obfuscated JavaScript when opened. Exploitation allows attackers to steal sensitive user and system data and to potentially launch additional attacks and remotely execute code.

Following our article on the challenges posed by agentic AI, we gave OpenClaw access to one of our legacy networks In my previous article on OpenClaw I wrote: “Even the most ‘risk-on’ organizations with deep AI and security experience, will likely find it challenging to configure OpenClaw in a way that effectively mitigates the risk of compromise or data loss, while still retaining any productivity value.” The Red Team here at Sophos took that as ‘challenge accepted’, s

We can't control the pace of AI-driven vulnerability discovery, but we can control how fast we respond. Last week, Thomas Ptacek published a piece arguing that vulnerability research is cooked. His thesis: AI agents are about to drown us in a steady stream of validated, exploitable, high-severity vulnerabilities, faster than anyone can patch them. But from where I sit, the more urgent question isn't whether the flood is coming, but whether the infrastructure we depend on can absorb it.

The software supply chain continues to face escalating threats, with malicious actors targeting developers and organizations at an unprecedented scale. In our Spring 2026 Threat Research Review, we analyze the latest trends, uncover alarming statistics, and highlight the evolving tactics used by attackers. From dependency injection attacks to the rise of typosquatting, this report provides a comprehensive look at the threats shaping the software ecosystem.

This week Anthropic announced Project Glasswing, a cybersecurity initiative built around Claude Mythos Preview, an unreleased frontier AI model capable of autonomously discovering and developing exploits for zero-day vulnerabilities across major operating systems and web browsers. According to early details, the model has already identified thousands of critical vulnerabilities that traditional tools have missed for years.

Backups are as good as the testing carried out to check effectiveness. Key aspects to consider when verifying GitHub backup effectiveness include: Has all data been covered and successfully backed up? Is the frequency of backup appropriate? Are recovery procedures correctly implemented? Read on as we shed more light on testing GitHub backups. Find out more about backup testing best practices, the issues that may arise, how to address them and why backup verification is so important.

The data from this year's State of Secrets Sprawl report shows that AI is not creating a new secrets problem; it is accelerating every condition that already made secrets dangerous.

Backup remains the best approach to data protection for physical and virtual machines, even in the face of new threats to data integrity and accessibility. However, virtual machine backup presents a challenge to IT admins in terms of storage, VM performance, resource efficiency, security, and recovery times. There are multiple methods to choose from to back up VMs. This post explains the advantages and disadvantages of 3 backup methods.

In celebration of International Women’s Month and the 2026 theme, JFrog hosted a virtual fireside chat on March 19, 2026: Women in DevSecOps: Leveraging AI in the Software Delivery Lifecycle.

Ransomware attacks are evolving fast in 2026. Learn how attackers gain access, why businesses miss the signs, and how to stop attacks earlier.