In July 2025, a buyer acquired around 30 WordPress plugins for a six-figure sum and implanted a backdoor. Activated eight months later, this case reveals a gap that traditional supply-chain detection fails to address. Read article
BSI published advisories on F5 BIG-IP, Citrix NetScaler, and Trivy in March/April 2026. What operators of critical infrastructure must patch and report this week. Read article
AD with Entra ID sync, hybrid hyperscaler roles, fragmented IdP landscape: Three setups reveal where documentation and reality diverge. Read article
Which security conferences in 2026 deliver real value and where the ROI turns—RSAC, it-sa, Black Hat Europe, DEF CON under sober editorial review. Read article
BSI, data protection authorities, and insurers expect parallel reports with individual deadlines in 2026. What the NIS2 initial report requires—and where reporting runs into problems. Read article
Three anonymized examples from twelve months of post-mortems: what truly gets restructured in production after a ransomware incident. Read article
RedLine, Lumma, Raccoon: Infostealer malware steals session cookies and bypasses MFA. What truly works in 2026. Read article
AI weapons in action: How deepfakes and AI-powered attacks are revolutionizing cybersecurity. Who controls this threat? Read article
Secure Boot certificates 2026: Don’t wait! How to protect your Windows fleet in time against critical security vulnerabilities. Read article
Starting from September 11, 2026, the CRA reporting obligation applies: 24-hour early warning, 72-hour full report, 14-day final report. What security teams need to implement now. Read article
Anthropic has built an AI model that finds vulnerabilities faster than most security teams. Claude Mythos discovered a 27-year-old bug in OpenBSD and several privilege escalation paths in the Linux kernel. The situation assessment. Read article
Gmail rejects emails without DMARC. How to set up SPF, DKIM, and DMARC correctly in 5 days. Read article
Only 25% of ransomware victims still pay. What happens when you pay and why preparation is the only real solution. Read article
NIST has finalized three post-quantum standards. BSI deadline 2030/2032. Why PQC migration must start now. Read article
Deepfake CEO fraud is real: USD 25M in the Arup case. How companies can protect their payment processes. Read article
7 min read Every request to a cloud AI service constitutes a data transfer to a third party. With open-source models like Google’s Gemma 4, AI can now be operated... Read article
The open-source agent OpenClaw has become the primary distribution channel for Chinese AI services globally. Over 42,900 exposed instances, prompt injection risks, and data sovereignty concerns make this an urgent topic for CISOs. Read article
North Korean hackers compromised two versions of the npm package Axios and injected a cross-platform remote access trojan. With over 100 million weekly downloads, a three-hour window was enough to demonstrate a new dimension of supply chain attacks. Read article
Most Kubernetes breaches result from misconfigurations. 8 concrete measures to harden your cluster in 5 days. Read article
7 min Reading Time A missing exclusion rule in the build pipeline exposed Anthropic’s full production code on March 31, 2026. 512,000 lines of TypeScript, packaged into a 59.8 MB... Read article
8 min Reading Time The global threat intelligence market will grow to $8.2 billion by 2026. By 2034, it will exceed $31 billion. But threat intelligence is not just a... Read article
