-
Abrigo - 711,099 breached accounts
In April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group. Shortly after, data allegedly taken from the comp...
-
The remote access blind spot: An analysis of RMM tool risk for SMBs
Remote monitoring and management (RMM) tools are widely used in modern IT operations, but they are increasingly exploited by cybercriminals. Here, in this first blog, in a two-p...
-
Breaking things to keep them safe with Philippe Laulheret
Philippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzles helps him uncover cri...
-
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
Our research examines the April 22 Checkmarx KICS and April 24 elementary-data incidents as part of a broader TeamPCP supply chain campaign. Across both cases, the actor abused ...
-
Colorado AI Act: DOJ Steps In As X.AI Suit Pauses
We recently published an alert that highlights recent developments in the case filed by X.AI LLC seeking to enjoin enforcement of Colorado’s Senate Bill 24-205 (SB-24-205), ofte...
-
Scientific Research and the GDPR: EDPB Issues Long-Awaited Guidelines
On 15 April 2026, the European Data Protection Board (“EDPB”) published its long-awaited draft Guidelines 1/2026 on the processing of personal data for scientific research purpo...
-
Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for May 2026, which includes 137 vulnerabilities affecting a range of products, including 16 that Microsoft marked as “critical”.
-
Key Takeaways from the EMA Network Management Megatrends 2026
Enterprise Management Associates (EMA) has published its “Network Management Megatrends 2026” report, spotlighting automation, hybrid and multicloud networks, and artificial int...
-
AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift
COPENHAGEN, DENMARK, 12 May 2026 — Heimdal’s managed SOC processes three million alerts a month. In the year ahead, fewer than 500 of those, less than 0.02%, are expected to nee...
-
Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools
Unit 42 analyzes AD CS exploitation through template misconfigurations and shadow credential misuse while offering behavioral detection for defenders. The post Inside AD CS Esca...
-
Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and f...
-
What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do
The Instructure Canvas breach affects universities, K–12 school districts, and teaching hospitals globally. This blog entry intends to provide context and practical guidance.
-
NYDFS Cybersecurity Enforcement: US$2.25m Fine Against Delta Dental
On April 30, 2026, the New York Department of Financial Services (NYDFS) announced a consent order with Delta Dental Insurance Company and Delta Dental of New York, Inc. for all...
-
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
Unit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details. The post Threat Brief: Exploitation of PAN-OS C...
-
The Digital Foundation of Public Trust Is More Than Skin Deep
Imagine a parent attempting to access Supplemental Nutrition Assistance Program (SNAP) benefits to feed the family, only to meet a perpetual loading screen. Or a resident rushin...
-
Supporting the National Cyber Strategy: How TrendAI™ Helps
A deeper look at the first three pillars and outlining how our capabilities directly support government agencies working to bring this strategy to life.
-
Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years
Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our analysis. The post Copy Fail: What Yo...
-
Preparing for the UK’s New Data Protection Complaints Regime: Key Steps Before June 2026
The Data (Use and Access) Act 2025 (“DUAA”) has made a number of changes to the UK’s data protection regime, many of which have already come into force. From 19 June 2026, organ...
-
Top 10 Cybersecurity Companies in Europe
Over the last 10-15 years, the cybersecurity scene has gotten increasingly complex, as organizations adopt new technology and hackers evolve more innovative ways to target them....
-
Unlocking the Full Value of 5G with Network Slicing
As 5G networks continue to evolve, service providers face a familiar challenge: how to scale services, meet increasingly stringent enterprise expectations, and generate new reve...
-
MSP cyber protection news, May 5, 2026
SAP npm packages compromised in supply chain attack to steal developer and cloud credentials, GlassWorm campaign resurfaces via sleeper OpenVSX extensions that activate maliciou...
-
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise
Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disabl...
-
Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities
TrendAI™ Research breaks down Quasar Linux (QLNX), a previously undocumented sophisticated Linux RAT with low detection rates. In this blog, we examine a full-featured Linux thr...
-
Essential Data Sources for Detection Beyond the Endpoint
Unit 42 highlights the need for a comprehensive security strategy that spans every IT zone. Explore the full details here. The post Essential Data Sources for Detection Beyond t...
-
NETSCOUT to Have a Strong Presence at Cisco Live
When it comes to everything artificial intelligence (AI), the network is key. That is why this year’s Cisco Live theme is— the network as the foundation of the AI era! And in a ...
-
U.S. SEC Regulation S-P: Compliance Deadline Approaching for Smaller Entities
The U.S. Securities and Exchange Commission has issued amendments to Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information, which becam...
-
Threat Debt: From Findings to Adversary Opportunity
The speed of adversary exploitation has outrun the cycle most security programs were built to run. Defending proactively starts with knowing what an exploit actually enables nex...
-
Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
Acronis TRU uncovered active abuse of AI platforms like Hugging Face and ClawHub for malware delivery, where attackers exploit trust in AI ecosystems and agents, and potentially...
-
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
A China-aligned threat group is exploiting unpatched Microsoft Exchange vulnerabilities to conduct cyberespionage against government and critical infrastructure targets across A...
-
Why Airlines and Airports Must Embrace Observability Ahead of the Summer Travel Surge
Air travel is entering another high-stakes summer, and early activity shows that global air passenger demand increased by 3.8 percent in January 2026 versus 2025. Ticket prices ...
-
European Biotech Act I: Navigating the EDPB/EDPS Vision for the Future of Clinical Trials
On 12 March 2026, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a Joint Opinion (the “Joint Opinion”) on the proposed E...
-
Kuse Web App Abused to Host Phishing Document
Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry ...
-
MSP cyber protection news, April 27, 2026
UNC6692 abused Microsoft Teams interactions to deliver the Snow malware toolkit, Bitwarden confirmed a short-lived supply chain compromise affecting its CLI npm package, and mor...
-
UK data protection complaints – new complaints handling obligations for controllers from 19 June
The changes to data controllers’ complaints handling obligations, made via the Data (Use and Access) Act, will come into force on 19 June 2026. These include a new obligation t...
-
How scheduling defaults and off-hours blindness are silently degrading backup reliability
Data backup is the last line of defense for any organization. Industry research shows that 60% of small-to-medium enterprises that suffer a major data loss event go out of busin...
-
U.S. SEC Clears Path for Decentralized Crypto Asset Security Trading With Broker Registration Exception for User Interfaces
On April 13, 2026, the staff of the Division of Trading and Markets (Staff) of the U.S. Securities and Exchange Commission (SEC or the Commission) issued a statement (Statement)...
-
Same packet, different magic: Mustang Panda hits India's banking sector and Korea geopolitics
Acronis Threat Research Unit (TRU) identified a new variant of the LOTUSLITE backdoor with a theme related to India's banking sector, delivered via DLL sideloading using a legit...
-
Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment
COPENHAGEN, Denmark, 21 April 2026 — Heimdal today unveiled the next phase of its AI strategy, expanding AI Wingman with three new layers – Assist, Triage and SOC – alongside th...
-
Acronis Cyberthreats Update, April 2026
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here wer...
-
MSP cyber protection news, April 20, 2026
Payouts King ransomware uses hidden QEMU virtual machines to evade endpoint detection, New AgingFly malware campaign compromises public sector and health care systems in Ukraine...
-
The Vulnerability Management Race Is Over. It’s Time to Focus on Exposure.
With Anthropic’s Mythos Preview announcement, the race to patch all vulnerabilities is over. As defenders, we must move on. We must focus on what adversaries can do after they e...
-
UK Operational Incident and Third-Party Reporting Rules: What Firms Should Do Now
The Financial Conduct Authority (FCA) has published Policy Statement PS26/2 together with final guidance in FG26/3 and FG26/4. The Prudential Regulation Authority (PRA) has also...
-
Backup retry storms: How you can improve backup reliability
Backup reliability is judged by whether recovery points are actually available when needed, not by whether a platform offers a retry button. The right response to a persistent b...
-
Emulating the Persuasive NightSpire Ransomware
AttackIQ has released a new attack graph that emulates the behaviors of NightSpire Ransomware, a financially motivated ransomware and data extortion group that emerged in early ...
-
New JanaWare ransomware targets Turkey via Adwind RAT
The Acronis TRU team identified a threat cluster leveraging a customized Adwind (Java RAT) variant with polymorphic characteristics to deliver a ransomware module, tracked as ‘J...
-
MSP cyber protection news, April 13, 2026
Medusa‑linked Storm‑1175 conducts fast‑moving attacks that escalate quickly to ransomware, Iran‑linked actors launch widespread password spraying attacks against Microsoft 365 a...
-
How to approach governance of AI agents
Current approaches to agentic AI governance seem more focused on trying to apply governance after a system is developed, like a Band-Aid, instead of baking in reasonable governa...
-
Immutable backups: The critical gap between backup success and real recovery readiness
Backups were once judged by a single question: Did the job succeed? That is no longer enough. In a ransomware event, the more important question is whether the attacker can dele...
-
Navigating AI compliance with HIPAA essentials
Healthcare providers are increasingly deploying artificial intelligence (AI) tools for diagnostics, documentation and operational efficiency. In fact, over the last few months, ...
-
Emulating the Multi-Stage RoningLoader Malware
AttackIQ has released a new assessment template that emulates the behaviors of RoningLoader, a multi-stage loader observed in recent intrusion campaigns. RoningLoader operates t...
