US: Iran-linked actors are actively exploiting our critical infrastructure

Steve ZurierApril 8, 2026

Joint advisory says likely targets include the energy, water, and transportation sectors, as well as the defense industrial base.

RESOURCES

Ransomware
Ransomware reimagined: Why containment alone is no longer enough
Identity
Rethinking identity security for a borderless attack surface
Email security
Email authentication in 2026: What every organization still gets wrong
Data Security
Your DLP can’t stop a smartphone: The data-leak crisis no one talks about
Governance, Risk and Compliance
Building institutional capacity: Why AI-augmented security is the new standard

PODCASTS

Leadership
Zero Trust Readiness and Two RSAC 2026 Interviews from Fenix24 and Absolute Security – John Bruggeman, John Anthony Smith, Christy Wyatt – BSW #442
Vulnerability Management
Cthullu, BlueHammer, NK, CUPs, Axios, Fortinet, Cognitive Surrender, Aaran Leyland – SWN #570
Application security
AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design – Idan Plotnik, Raj Mallempati – ASW #377
Data Security
Battling payment fraud with tokenization and executive interviews from RSAC 2026 – Brian Oh, Mickey Bresman, Ashish Jain, Thyaga Vasudevan, Jimmy White – ESW #453
Vulnerability Management
DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet… – SWN #569

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

(Credit: Bilal Ulker – stock.adobe.com)

Vulnerability Management

Docker fixes AuthZ bypass bug that created containers with excessive privileges

Laura FrenchApril 8, 2026

A crafted HTTP request can make restricted containers invisible to AuthZ plugins.

(Adobe Stock)

ID Dataweb outlines the need for continuous identity threat detection

Steve ZurierApril 7, 2026

The industry needs tools that can verify users throughout the entire identity lifecycle without disrupting daily business processes.

Threat Intelligence

North Korea recruits Iranian workers for IT job fraud

Laura FrenchApril 7, 2026

Internal records reveal how North Korean facilitators scout and coach workers.

(Credit: Rafael Henrique – stock.adobe.com)

Vulnerability Management

Fortinet issues Easter weekend hotfix for FortiClient EMS

Steve ZurierApril 6, 2026

Experts warn to apply hotfix right away for critical bug exploited in the wild.

Axios maintainer’s post mortem confirms social engineering by UNC1069

Laura FrenchApril 3, 2026

Jason Saayman says he installed a remote access trojan disguised as a Teams update.

A 3D-Illustration of the word Linux on metallic cubes

Chaos malware now targeting 64-bit Linux servers

Steve ZurierApril 3, 2026

Analysis of China-nexus groups also discovers double-pronged strategy, one on immediacy, the other around long dwell times.

Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA

Laura FrenchApril 3, 2026

The campaign leverages a newly-discovered phishing kit called VENOM.

Vulnerability Management

Apple expands updates to iOS 18 devices affected by DarkSword exploit

Steve ZurierApril 2, 2026

Experts say Apple’s move shows it understood that older iOS and iPadOS devices were vulnerable and being exploited by DarkSword.

EVENTS