-
AI: Threat, tool, or both?
Public concern about AI is rising. We look at what's driving it, and why cybersecurity occupies a unique place in this debate.
-
BCD Travel - 396,313 breached accounts
In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD wa...
-
Reporting from Vegas: Networking, AI, and good boys
Joe’s on-the-ground report from Cisco Live U.S. is here, complete with therapy dog pictures and tips on handling conference overstimulation.
-
Cyber Strategy at the AI Frontier: President Trump Releases Executive Order to Promote Advanced Artificial Intelligence Innovation and Security
On June 2, 2026, President Trump issued the Executive Order, Promoting Advanced Artificial Intelligence Innovation and Security. The Executive Order carries forward several prio...
-
How the “Swiss Cheese” model can help you choose the right MDR provider
Not all managed detection and response (MDR) solutions are equal. Finding the differences between vendors can be quite hard, and then understanding how those differences impact ...
-
Winning the cyber marathon with Tony Giandomenico
Tony Giandomenico, Senior Director of Product Management, joins Amy to discuss the Talos Threat Hunting launch what he's excited about for the future of cybersecurity, and, of c...
-
How to Operationalize Threat Hunting with NETSCOUT, SIEM, XDR, EDR, and SOAR
Threat hunting does not fail because security teams lack tools. It fails because the tools are often used as separate workspaces instead of connected parts of the same investiga...
-
Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting
Learn how Cisco Talos Threat Hunting uses hypothesis-driven methods and multi-domain telemetry correlation to find stealthy threats operating below automated detection thresholds.
-
Travel scams are everywhere. Here’s how to avoid them
Learn how to spot travel scams, avoid risky bookings, and keep your personal information out of the wrong hands.
-
Q1 2026 Cyber Risk Report: Insights from 2.1 Million Malware and Phishing Investigations
Based on 2,101,483 malware and phishing investigations from Q1 2026, ANY.RUN‘s Cyber Risk report provides a real-world view of modern attack trends. It covers trending malware f...
-
Meta’s AI support bot happily handed Instagram accounts to hackers
Hackers convinced an AI support bot to hand over Instagram accounts by changing recovery email addresses.
-
DentaQuest - 2,553,599 breached accounts
In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundre...
-
We found this fake-invoice campaign while scammers were still building it
Invoices pretending to be from Amazon, PayPal, and others reveal how criminals use fear and phone calls to steal money and devices.
-
A Day in the Life of an MDR Analyst: Inside the Modern SOC
What actually happens inside a SOC when an incident unfolds? Most teams see the alerts and the outcomes, but the decision-making in between is often less visible.At the Rapid7 2...
-
Backup operations at scale: Turning "green" indicators into recovery readiness
During disruptions — ransomware, outages or accidental deletions — what matters is whether recoverable points exist, how recent they are, and whether restores can be performed q...
-
Inside .NET Loader Analysis: From Malspam to In-Memory Loader
A malspam campaign abusing Google's DoubleClick delivers the loader through a five-stage chain that evades detection and blinds Windows telemetry before persisting
-
Solving Network Blind Spots Created by Massive Data Silos
“Dump everything first, structure it later” is a risky data migration strategy. In a large enterprise, moving petabytes across a network is nerve-racking and expensive, so many ...
-
Keep getting calls from questionable numbers? Meet Scam Number Check
Scam Number Check lets you quickly check whether a number has been linked to scams before you call back, share information, or send money.
-
Release Notes: Decision-Ready SOC Reporting, Elastic Security Integration, and 1400+ Threat Coverage Updates
Security leaders are under growing pressure to reduce the time between threat detection and response without adding more complexity to already overloaded SOC workflows. ANY.RUN’...
-
Infostealers are becoming the go-to phishing payload
Cybercriminals prefer infostealers to traditional phishing techniques because they reduce friction, scale well, and are widely available.
-
These convincing copyright notices are designed to steal Google logins
Scammers use fake takedown requests, countdown timers, and spoofed sign-in screens to steal Google logins from Chrome developers.
-
The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attac...
-
Unpatched NTLM Leakage in Windows search: URI Handler, Same Bug, No CVE, No Fix
The same NTLM leakage primitive that got patched in the Snipping Tool exists in Windows Explorer's search: handler. No CVE. No fix. If your patching relies on CVE coverage, you ...
-
Unpatched NTLM Coercion in Windows search: URI Handler, Same Bug, No CVE, No Fix
The same NTLM coercion primitive that got patched in the Snipping Tool exists in Windows Explorer's search: handler. No CVE. No fix. If your patching relies on CVE coverage, you...
-
The Self-Healing Network: Why Your AI Strategy Needs a Neutral Lens
In the race to 5G-Advanced and 6G, the “self-healing network” has moved from a whiteboard concept to a boardroom mandate. For next-generation networks, the promise is clear: an ...
-
From Fake Purchase Orders to Remote Access: Analyzing the JS.MonoGlyphRAT Threat to US Enterprises
A previously unidentified cyberattack is quietly spreading through US businesses — and most security tools are not catching it. Researchers at ANY.RUN have identified a new back...
-
Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor
Operation FlutterBridge is a malvertising campaign targeting macOS users. It distributed the new backdoor FlutterShell, built using the Flutter framework. The post Operation Flu...
-
Risk Analysis in the Crosshairs: Four Recent Ransomware Resolutions Preview the HIPAA Security Rule Amendments
On April 23, 2026, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced resolution agreements and corrective action plans with four re...
-
Why most DR deployments may not survive a real disaster
This report examines the disaster recovery (DR) readiness across the Acronis Cyber Protect Cloud platform, managing thousands of DR deployments across dozens of data centers wor...
-
CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation
One of the more persistent myths in security is that old bug classes become old problems. They don’t. They just show up in different places, under different conditions, and usua...
-
CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)
OverviewRapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol (VoIP) phone. This research resulted in the discovery of a crit...
-
Rapid7 and Exclusive Networks Expand Partnership Across the Nordics
Building stronger cybersecurity outcomes togetherThe cybersecurity landscape across the Nordics is evolving rapidly. Organizations are facing increasing pressure to modernize se...
-
Edmunds - 177,860 breached accounts
In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached. Data purportedly obtained in the...
-
Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet
47 zero-days fell at Pwn2Own Berlin 2026 for US$1,298,250 in payouts. TrendAI™ was on the ground all three days — here's what we saw.
-
Atlas Menu - 63,926 breached accounts
In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's databa...
-
Metasploit Wrap Up 05/29/2026
More Linux LPEsHark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users. Copy Fail seemed to have kic...
-
Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
OverviewOn May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0257, a medium severity authentication bypass affecting PAN-OS and Prisma Access when a sp...
-
Does It Feel Like a Stormy Season in Your Cloud?
How successful do IT teams feel they are at managing networking and security in the public cloud? Just over a third (36 percent) of IT professionals surveyed think their organiz...
-
Charter - 4,851,517 breached accounts
In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters grou...
-
Less panic patching, more precision
In this newsletter, Thor breaks down why you should stop relying solely on CVSS and start using EPSS and GCVE to focus your patching efforts on the threats that actually matter.
-
New York Department of Financial Services Issues Coordinated Guidance on Frontier AI Cybersecurity Risks
On May 21, 2026, the New York State Department of Financial Services (“DFS”) issued two coordinated Industry Letters: a letter on Heightened Cybersecurity Risks Associated with ...
-
Experts on Experts: Why Compliance is becoming Continuous
This week on Experts on Experts, I’m joined by Sergio Alonso – Rapid7’s Director of Trust, Risk, and Compliance – to talk about how compliance is changing and why many security ...
-
CVE-2026-52806: Authenticated RCE via Argument Injection in Gogs (FIXED as of June 7, 2026)
OverviewRapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service, tracked as CVE-2026-52806. Rapid7 Lab...
-
2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface
The 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here. The post 2026 Wo...
-
DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap
This white paper presents a concrete case study demonstrating the creation of a heap overflow vulnerability through the exploitation of the DICOM file format.
-
Kemper - 269,299 breached accounts
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers alle...
-
Your Profile Is a Dossier. Here's Who's Reading It.
Your social media profiles are an attacker's dossier. Learn how attackers use public data to build attack playbooks and what you can do to give them less to work with.
-
Out of the Crypt: The Evolving Cyber Extortion Economy
Unit 42 explores trends in data theft and extortion, outlining key strategies for organizations as frontier AI models advance. The post Out of the Crypt: The Evolving Cyber Exto...
-
Chambers 2026 Global Practice Guide for Artificial Intelligence
The Chambers 2026 Global Practice Guide for Artificial Intelligence provides the latest legal information on the rapidly evolving AI landscape, covering the commercial use of AI...
-
MediaArea heap-based buffer overflow vulnerabilities
Talos researchers find 4 heap-based buffer overflow vulnerabilities in MediaArea's MediaInfoLib.
