Risk & Resilience

Cybersecurity researchers uncover a wormable XMRig cryptojacking campaign using pirated software, BYOVD exploits, and time-based logic bombs to maximize mining and propagate across systems.

Microsoft confirms a bug in Microsoft 365 Copilot allowed sensitive emails with labels to be summarized in Copilot Chat, bypassing DLP controls, fixed on February 3, 2026.

A compromised npm publish token was used to release Cline CLI version 2.3.0, triggering unauthorized installation of OpenClaw on developer systems during an eight hour supply chain attack window.

Researchers disclose critical vulnerabilities in four popular Microsoft Visual Studio Code extensions that could enable file theft and remote code execution across developer environments.

Researchers at ThreatFabric uncover Massiv, a new Android banking trojan spread via fake IPTV apps that enables device takeover attacks and mobile financial fraud.

Apple introduces end to end encrypted RCS messaging in iOS 26.4 developer beta, alongside enhanced Memory Integrity Enforcement and default Stolen Device Protection features.

Microsoft researchers identify more than 50 hidden prompts embedded in Summarize with AI buttons that influence assistants to remember and recommend specific brands without user awareness.

Yair Kuznitsov, CEO of Anecdotes, explains how agentic AI is reshaping Governance, Risk, and Compliance by embedding autonomous decision making into GRC workflows.

Rising cyber attacks, shrinking time to exploitation, and ransomware volatility reveal why more visibility is not enough. Exposure Management is emerging as an operational model focused on reducing exposure and accelerating safe remediation.

Cybersecurity researchers uncover the first known malicious Microsoft Outlook add in used to steal more than 4,000 Microsoft credentials through an abandoned domain takeover supply chain attack.

GreyNoise reports that 83 percent of Ivanti EPMM exploitation attempts are linked to a single IP on PROSPERO bulletproof hosting, targeting critical CVE-2026-1281 and CVE-2026-1340 vulnerabilities.

Google Mandiant uncovers North Korea linked UNC1069 using AI generated lures, fake Zoom meetings, and multiple malware families to target cryptocurrency organizations on Windows and macOS.