
Sophos Fusion is presented as an evolution of the Sophos Central platform, rebuilt on an open architecture and incorporating the Taegis analytics engine.


A total of eight cyber personnel have served in a program that began in 2022 to rotate workers between federal agencies to bolster the workforce, a watchdog report said Thursday. Over the life of the Federal Rotational Cyber Workforce program that effectively went away last year, 13 agencies offered 106 positions and received 634 applications,…

Microsoft Entra ID sign-in logs have provided defenders with critical visibility into authentication activity, helping security teams investigate user enumeration, password spraying, and other identity-based attacks. However, research from Proofpoint shows threat actors are increasingly using a technique called OAuth client ID spoofing to evade common detection methods while identifying valid user accounts and credentials.…

Optro, an AI-powered governance, risk, and compliance (GRC) intelligence platform, has officially launched its new global partner program: Optro Partner Connect. The program offers partners flexible go-to-market (GTM) opportunities and a comprehensive suite of enablement, certification, technical, and co-marketing support. It also offers a path to expand into new markets, deepen service offerings, and drive…
This Blink Video Doorbell and Outdoor 4 security camera bundle deal will help you set up a home security system for less.

Optimize365, an AI-powered multi-tenant M365 security management platform built for managed service providers (MSPs), is now available on the Microsoft Marketplace. Optimize365 will be discoverable and purchasable directly through Microsoft’s partner ecosystem, with co-sell eligibility that lets MSPs and their Microsoft representatives align on joint opportunities. Microsoft Marketplace: Simplifying the purchasing process Channel Insider sat…

Federal officers at the scene of a killing by U.S. Immigration and Customs Enforcement in Maine were wearing body cameras, according to four ICE officials who reviewed images from the scene — but the cameras are on multi-function devices that ICE officers use as radio mics. Related How ICE Arrests Went Quiet — and Got…
The $9 million Shield-6G project, backed by the European Commission, aims to develop an AI-driven cybersecurity threat intelligence platform for 6G networks.

Welcome to this week’s edition of the Threat Source newsletter. We all knew, to some degree or another, that this summer was going to a hot mess. I don’t mean FIFA drama or record setting heat waves. I mean the slow but steady momentum that AI frontier models were accruing for vulnerability research. If you…

Apple’s recently announced $30 billion multi-year agreement with Broadcom is significant because it means billions of chips for Apple devices will be made in the US, supporting hundreds of jobs. This is Apple’s biggest US procurement deal so far, but it won’t be the last; when it announced the arrangement, Apple confirmed it is, “working with the administration…

Two members of the Scattered Spider cybercrime group received jail sentences in the UK for the 2024 cyberattack on Transport for London. A UK court sentenced two Scattered Spider members, Thalha Jubair (20) and Owen Flowers (18), for their role in the 2024 cyberattack on Transport for London (TfL). Transport for London (TfL) is a local…

Zoom has identified, and patched, a critical security hole that “may allow an unauthenticated user to conduct an account takeover via network access.” The issue is especially significant given Zoom’s extensive reach; it reportedly has more than 300 million daily active users, including 470,000 paying business customers. Given that reach, Zoom has been impacted by many…

Three Russian nationals and a pair of bulletproof hosting providers directly supported a series of attacks on critical infrastructure in 21 states and several countries, according to a 2024 indictment unsealed in federal court Tuesday. Officials, who have been investigating the trio and their companies since 2019, said the attacks resulted in losses surpassing $62…

Zoom has identified, and patched, a critical security hole that “may allow an unauthenticated user to conduct an account takeover via network access.” The issue is especially significant given Zoom’s extensive reach; it reportedly has more than 300 million daily active users, including 470,000 paying business customers. Given that reach, Zoom has been impacted by many…

Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for the 2024 hack of Transport for London. The attack left 148 TfL systems inoperable and forced all 27,000 of the transport authority’s employees into an office to get their…
Four Microsoft SharePoint Server vulnerabilities are under active exploitation, prompting CISA to issue a hardening alert. An additional high-severity flaw recently patched adds pressure for organizations running on-premises deployments. Key Takeaways CISA confirmed active exploitation of three on-premises SharePoint Server vulnerabilities (CVE-2026-32201, CVE-2026-45659, CVE-2026-56164), used to gain unauthorized access, establish remote code execution, steal IIS…
Google’s Pixel 10 Pro has one of the best camera systems for an Android today. Grab it for $699 right now, one of the best prices we’ve seen.
These kitchen gadgets won’t break the bank, but will seriously upgrade your cooking.
A lot of this week’s trouble starts with something that looks close enough. A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the explanation. Old bugs are back, weak defaults are earning their keep, and some…

Last Updated on July 16, 2026 H1 Threat Intelligence Report Cyber Attacks Statistics — H1 2026 1,071 confirmed incidents across H1 2026 (1 Jan–30 Jun). Financially motivated Cyber Crime accounted for nearly 7 in 10 attacks, Malware remained the dominant weapon, and Information & Communication infrastructure bore the brunt of targeting. Total Incidents 0 1…

In H1 I recorded 1,071 confirmed cyber incidents. Financially motivated Cyber Crime drove nearly 7 in 10 attacks, malware remained the top weapon (40.5% of attack-vector entries), and exploitation of public-facing applications was the leading initial access technique (23.7%). Cyber Espionage accounted for roughly 1 in 5 incidents, with the Information & Communication sector bearing…
F5 has disclosed multiple NGINX Vulnerabilities in an out-of-band security update, with CVE-2026-42533 standing out as one of the most dangerous issues in the batch. The flaw is a heap buffer overflow in NGINX’s handling of the map directive when regular expression matching references regex variables in a specific order. In vulnerable deployments, a remote…
Starting July 17, certain states will let you buy items tax-free from different retailers, and Apple is one of them. Here are the states and products that qualify.
More than two-thirds of middle managers are optimistic about AI’s role in the future of work, and they feel personally accountable for their team’s adoption of AI tools.

Flock-style ALPR systems carry serious privacy and civil-liberties risks, and the backlash is now starting to show up in agency decisions too. For those not yet familiar with Flock, Flock Safety operates an automated license plate recognition (ALPR) system that uses cameras and computer vision to identify and log vehicle license plates. According to ACLU.org, in…

Two members of the notorious “Scattered Spider” hacking collective have been sentenced to five years and six months in prison each for a cyberattack on Transport for London (TfL) that disrupted services for thousands of commuters and cost the transport authority an estimated £29 million. Thalha Jubair, 20, of East London, and Owen Flowers, 18,…

Leaseweb has announced that it is now a VMware Cloud Service Provider (VCSP) Pinnacle tier partner in the Broadcom Advantage Partner Program across the United States, the European Economic Area, and Singapore. Through the designation, Leaseweb will offer VMware Cloud Foundation (VCF) as a managed private cloud platform to help enterprise customers modernize their infrastructure.…
The Claude Corps fellowship matches professionals with partner nonprofits and pays them with benefits. But the deadline ends soon.

Adaptiva has announced AirGap for OneSite Patch, a new capability that extends autonomous patch management to air-gapped environments. Developed in response to growing demand from government agencies, critical infrastructure operators, and large enterprises managing highly secure environments, AirGap for OneSite Patch enables organizations to securely patch isolated systems without compromising the physical separation those environments…

n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in…

On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and four allied cyber authorities published a guide telling software vendors how to build a coordinated vulnerability disclosure (CVD) program. Six days earlier, CISA published a blog post explaining how a security researcher had tried and failed, repeatedly, to report a serious problem to CISA…
I finally ditched Notes on my Mac for this beautiful, Liquid Glass-like alternative. Here’s why.
Agentic AI use is exploding, yet most security teams are building agents in isolation. Tenable is hosting Swarm, a build event at Black Hat 2026, for security practitioners to create and collaborate on agentic, open-source tooling to drive collective defense and stop adversaries together. Key takeaways According to Gartner®, by 2028, an average global Fortune…
Microsoft’s July 2026 Patch Tuesday drew immediate attention not just because of its record scale, but because two actively exploited zero-days hit some of the most sensitive parts of enterprise infrastructure. CVE-2026-56164 targets on-premises SharePoint Server and is remotely exploitable in low-complexity attacks, while CVE-2026-56155 targets Active Directory Federation Services and allows privilege escalation from…

Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that’s been spreading via websites infected with ClickFix lures since late April 2026. “The malware is full-featured, lightweight, and modular,” Elastic Security Labs researcher Cyril François said in a technical report. “While the number of C2 [command-and-control] domains is currently small, the daily
SonicWall has patched two actively exploited zero-days affecting SMA 1000 Series secure remote access appliances. The issues are CVE-2026-15409, a critical unauthenticated SSRF flaw in the Workplace interface, and CVE-2026-15410, a post-authentication code injection flaw in the Appliance Management Console that can lead to arbitrary OS command execution as administrator under certain conditions. Public reporting…

ClickLock Stealer, a new macOS infostealer, answers a victim’s refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and when the victim cancels, installs two LaunchAgents and quietly exits. At the next…
It has completely replaced my Pomodoro timer and task tracker, and it’s free.

Google DeepMind CEO Demis Hassabis is pushing for the US AI industry to self-regulate, with the support of government, as a starting point for an international creating shared international standards. In a blog post, he called for a focus on artificial general intelligence (AGI) and national security. But it is precisely that focus on national…

The US Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to immediately secure Microsoft SharePoint deployments after warning that three vulnerabilities affecting the on-premises collaboration platform are being actively exploited. A recent advisory from the federal cybersecurity watchdog asked administrators to patch vulnerable servers, review Microsoft’s mitigation guidance, and assume that internet-facing SharePoint instances remain attractive…

Delinea, a runtime identity security platform governing humans, machines, and AI agents, is launching a new partner program to drive partner profitability. Delivering AI-powered enablement to the channel The Delinea Partner Advantage Program provides partners with a comprehensive framework to deliver identity security technology, protected discounts, and ease of doing business. The program is meant…
‘AI is a tool, just like other tools we use. And it’s clearly a useful one.’

A Russian-speaking threat actor known as “bandcampro” used a jailbroken Gemini CLI, Google’s open-source terminal-based AI agent, to deploy and operate a small command-and-control (C2) botnet, according to TrendAI. Operational overview (Source: TrendAI) In more than 200 sessions between March 19 and April 21, 2026, the threat actor worked with Gemini to deploy and operate…

The US Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to immediately secure Microsoft SharePoint deployments after warning that three vulnerabilities affecting the on-premises collaboration platform are being actively exploited. A recent advisory from the federal cybersecurity watchdog asked administrators to patch vulnerable servers, review Microsoft’s mitigation guidance, and assume that internet-facing SharePoint instances…

More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions. The investigation revealed previously undocumented backdoor behavior, hidden infrastructure relationships, and multiple attack arms behind a campaign

ValorC3 Data Centers today announced the general availability of Backup as a Service, a fully managed offering that protects the SaaS data businesses rely on most, including Microsoft 365, Entra ID and Salesforce. Every backup is immutable, so data stays recoverable after deletion, corruption or a ransomware attack. Most companies falsely assume SaaS vendors provide…

Intruder has announced the launch of AI Pentesting for web applications, providing on-demand penetration testing. Following its initial release of issue-level investigations last quarter, the platform now allows organizations to securely connect their codebases via GitHub or GitLab to automatically scope and launch penetration tests in minutes, with results and audit-ready reporting in hours. Mythos…

An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig. Daxin (“srt64.sys”), as the kernel-mode rootkit is referred to, was first documented by Broadcom-owned Symantec in March 2022, with evidence indicating its use in targeted…
TuxBot v3, an AI-built IoT botnet for 17 architectures, shipped with LLM bugs and safety disclaimers the developer never removed. Palo Alto Networks’ Unit 42 identified a previously undocumented modular IoT botnet framework called TuxBot v3 Evolution, and it comes with an unusual detail: the developer used a large language model to write significant portions…

Thinking Machines Lab, the San Francisco startup founded by former OpenAI CTO Mira Murati, has released Inkling, its first general-purpose AI model. The launch adds another US-developed entrant to an open-weight market where Chinese developers produce several leading coding and reasoning models. Inkling uses a mixture-of-experts architecture with 975 billion total parameters, of which 41 billion are active…
AI is changing the landscape for managing cyber security risks – affecting attackers, defenders, and responders alike.

The Cybersecurity and Infrastructure Security Agency (CISA) and four international cybersecurity agencies have published guidance urging software manufacturers and online service providers to establish coordinated vulnerability disclosure (CVD) programs, saying structured engagement with security researchers can help improve vulnerability management and product security. Published jointly with the US National Security Agency (NSA), Japan Computer Emergency…

Security updates are not just for enterprises with a dedicated security team and a change-management calendar. For consumers and small businesses, they are one of the simplest ways to shut down known attack paths before criminals get a chance to use them. That matters because attackers love these flaws. because browser bugs, code execution issues,…

Romania’s National Agency for Cadastre and Land Registration (ANCPI) suffered a major disruption on Tuesday, July 14, when its e-Terra cadastre and land registry app became unavailable to users. What was first declared to be a “major technical incident” has now been confirmed as a cyber attack. While the circumstances are still being investigated by…

It’s not so much generosity that’s behind Anthropic’s decision to extend free access to its most advanced model, Fable, for paid subscribers until July 19, analysts say. Its a last-minute move to grab users, data and model evaluation results. After the free-access period, Anthropic plans to convert Fable to a pay-per-use model, at $10 per…

Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can read code quickly, generate payloads, summarize attack surfaces, explain unfamiliar APIs, and run repetitive testing workflows at impressive speed. That is a real advantage for…
Should we let AI run our threat hunts? The debate usually splits into two camps. One says, “Yes, obviously! The sheer scale of our security telemetry is impossible for humans to deal with.” The other says, “Absolutely not! You can’t trust an AI with something this important.” The thing is, I think both are wrong,…

Cisco Talos is disclosing UAT-11795, a sophisticated, Russian-speaking, financially motivated adversary that has been conducting a malicious campaign targeting users in the U.S. and Europe since at least June 2025. Talos has discovered that the actor in this campaign delivers a Python-based remote access tool (RAT) that we track as “Starland RAT” and a command-and-control (C2) memory implant known as the “WLDR agent.” …

If you pay for something, you expect it to work as intended. The vendor shouldn’t start turning features off just because you won’t accept its new rules. Someone should tell Samsung, which just upset users of its health app by threatening exactly that—before changing course after a user backlash. Nice data you have there. Shame…
Tenable has announced the expansion of the Tenable One Exposure Management Platform, unifying application security risks with all other exposure data. By integrating static code vulnerability data, Tenable One delivers complete, code-to-runtime visibility across the entire attack surface. Security teams have long struggled with a code security problem where vulnerable code reaches production faster than…

Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people’s Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the house, and take the Wi-Fi password in plaintext. A researcher publishing under the handle tokay0 put the…

Chinese actors used Claude Code and DeepSeek to automate attacks that breached government systems and targeted financial firms. Hunt.io researchers stumbled onto an active intrusion campaign in June 2026 while pivoting on known TencShell command-and-control infrastructure. A single HTTP header fingerprint on port 1111 led them to 13 Hong Kong-based servers and, on one of…

Lineation.ai has announced the public launch of its comprehensive agentic security platform. Delivering a solution at the intersection of GenAI Application Security and Runtime Defense, Lineation introduces a Zero Trust unified control plane and a lightweight endpoint daemon that secures autonomous AI agents directly at execution. As enterprises adopt autonomous AI agents that read sensitive…

An app has appeared in India that lets anyone with a smartphone stop a passing e-rickshaw dead in its tracks – no login, no passwords, no permissions needed. Meanwhile, Geoff – swimming in money and Lamborghinis, as all published authors are – has been on the receiving end of a slew of AI-generated scam pitches…

A few years ago, I was retained to conduct a digital risk review for the chief executive of a mid-sized financial services firm. The brief was standard. Assess what was publicly available about the executive, identify exposure and advise on remediation. The AI tools I used completed the substantive reconnaissance in under ten minutes. What…
An original threat intelligence investigation uncovering how trusted government infrastructure became an attack channel, placing banking organizations and public-sector systems at risk while revealing previously undocumented infrastructure relationships and actionable mitigation guidance for security leaders. ANY.RUN analysts have uncovered an active PhantomEnigma campaign abusing compromised government infrastructure and fake police-themed documents to target banking and public-sector organizations in Brazil. Trusted emails and legitimate…