A Supply Chain Attack in Notepad++
Executive Summary: The Notepad++ update process was compromised by a supply chain attack, and users are strongly advised to upgrade to version 8.8.9 or later to ensure their security.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
How I got Domain Admin via SafeNet Agent for Windows Logon through ESC1
Netwrix found that SafeNet Agent for Windows Logon versions 4.0.0–4.1.2 create an insecure AD CS certificate template by default, enabling an ESC1 path that allows any authenticated user to escalate to Domain Admin. Thales fixed the issue in version 4.1.3 by restricting certificate enrollment to the NDES service account.
The best SOC 2 compliance software for 2026
If you’re a founder or engineering leader at a growing startup, you’re probably familiar with this tension: You need compliance like SOC 2 to close deals, but earning it pulls your team away from building your product. For example, manual SOC 2 prep forces engineers to spend weeks collecting screenshots, tracking down documentation, and responding to auditors instead of shipping features.
Dangling DNS Is Off the Hook
If your organization uses public cloud services or frequently spins up short‑lived web assets, there’s a good chance you already have at least one "dangling"DNS record. It's surprisingly easy to create one, and even easier to forget it exists. But a single forgotten record can give attackers a ready-made subdomain to host phishing pages, allow them to plant malware, or hijack your brand's reputation–without ever touching your infrastructure.
Context-Driven Security - AI is Collapsing Exploit Timelines
In a joint webinar with leaders from Nucleus, Cycode, and HackerOne, HackerOne product manager Kyle Mativier explains how advancing AI capabilities are collapsing how long it takes attackers to exploit seemingly low to medium severity vulnerabilities.
February 2, 2026 Cyber Threat Intelligence Briefing
This week’s briefing covers: Dive deeper.
What is Cloud Security? Explained in 60 Seconds
What is Cloud Security and Why Does It Matter? 80% of companies experienced a cloud breach last year, with an average cost of $4.44 million per incident. In this 60-second video, I break down what cloud security is, why it's critical for your business, and how to protect yourself. What You'll Learn: What cloud security actually means (explained simply!) The cause of cloud breaches (hint: it's simpler than you think) Real examples of common security mistakes How Astra Cloud Vulnerability Scanner protects your data 24/7.
What Getting Sick on Vacation Taught Me About Cyber Recovery
Last July, I traveled with my wife and two-year-old daughter to my parent’s house on the coast for a week of summertime fun-in-the-sun. It’s a trip we try to make at least once a year to escape the day-to-day grind, see family, and lounge beside various bodies of water, all while enjoying complimentary, around-the-clock childcare (aka grandparents). At least that was the plan. Instead, I awoke on the very first morning of our trip feeling just about as sick as I’ve ever felt.
API-Based Zero Trust Assessment: Measuring Your Security Posture in Minutes
Zero Trust (and probably many general posture) conversations stall at one question: Where are we actually today? Because Reach connects directly through APIs, teams can quickly assess their environment without deploying new agents or ripping anything out. That makes it practical to benchmark a Zero Trust program against the CISA Zero Trust Maturity Model — and see what’s real vs. assumed.