Deepfake CEO Fraud: How Executives Can Fend Off Voice Cloning
Cybersecurity against deepfakes: Just a few seconds of audio can be enough to clone a voice. What playbook protects executives from CEO fraud. Read article
Apple’s Password App Now Automatically Changes Passwords
Apple's password app now proactively changes weak passwords. Why this hardens hygiene and simultaneously opens up a new attack surface. Read article
When the Backup Server Itself Becomes the Vulnerability
Veeam Security Update: Two high-severity vulnerabilities affect Veeam Agent for Windows and the Linux Appliance. What admins need to patch now. Read article
The Divided Kernel is the Vulnerability: Why Copy Fail Escapes the Container
Sharing the host kernel: Why the "Copy Fail" gap breaks out of the container and which layers truly protect against kernel errors. Read article
PAM without Enterprise Budget: Controlling Admin Rights
Privileged accounts are the primary targets of attackers. Here’s how mid-sized businesses can implement PAM with three core principles-without buying an… Read article
Type Confusion in Chrome’s V8: Why the Same Class of Vulnerabilities Keeps Reappearing
A manipulated website is enough: Type-Confusion vulnerabilities in Chrome's V8 engine are hitting the browser in series. Read article
The Token That Bypasses MFA: Why OAuth Theft Is the New Entry Point
OAuth token theft bypasses MFA because the token itself contains the authentication. A 375% surge in OAuth phishing-why SOCs must defend the session. Read article
Defender under fire: Two actively exploited vulnerabilities and the blind spot in the SOC
Microsoft Defender has two actively exploited vulnerabilities-one enabling privilege escalation-with a CISA deadline of June 3. Read article
Security Awareness That Works: Continuously Instead of Annually
Phishing detection lapses after just a few months. Why the annual training fizzles out-and only continuous awareness and a reporting culture have real… Read article
CVE-2026-32202: CISA KEV Listing Forces CISOs to Act
CVE-2026-32202 (CVSS 8.8) has been listed in CISA KEV since April 28, 2026: APT28 is exploiting an incomplete Windows kernel patch. Read article
BKA Hunts REvil Leader After 130 Attacks on German Targets
At the end of April 2026, the BKA identified the alleged leader of the REvil group and initiated an international arrest warrant request. 130 documented attacks... Read article
Customers at Risk After Trellix Code Leak
Trellix confirmed a source-code breach in early May 2026. The cybersecurity vendor now joins a list that includes Microsoft, Okta and LastPass—security-tool manufacturers themselves becoming targets. For... Read article
BSI Warns Against Unpatched Ivanti Systems
Two Ivanti EPMM zero-days were exploited in series at the end of April 2026 – 130 unique IP addresses actively tested the vulnerabilities within 24 hours... Read article
CISA KEV April 2026: Samsung, D‑Link Actively Exploited
6 Min. reading time The CISA added eight new entries to its Known Exploited Vulnerabilities Catalog within one week at the end of April 2026. Three systems stand out: Samsung... Read article
Top-Tier Phishing: How CISOs Protect Their Channels
Signal verification code theft at Klöckner, Prien, Hubertz plus Graichen own goal on X. Three CISO moves for 2026. Read article
GDPR April Cases Shift Risk for Mid-Sized Firms
In April 2026, the Romanian data protection authority sanctioned Renault Commercial Roumanie following a cyberattack with insufficient security measures, the Spanish AEPD imposed €950,000 on YOTI for biometric processing without... Read article
Adaptive MFA in NIS2 2026: ENISA Guidance on…
NIS2 requires multi-factor authentication (MFA) “where appropriate,” and in Germany, the BSI enforcement mandate enters its operational phase in May 2026. For security and compliance officers, the central question is... Read article
Squidex SSRF CVE-2026-41172: 72-Hour Response Plan for Ops Teams
Squidex SSRF CVE-2026-41172 is patched in version 7.23.0. Operations teams additionally need a 72-hour plan: Egress-Allowlist, IMDSv2-Lockdown and WAF-Profile-Review. Read article
Terrarium Sandbox Escape CVE-2026-5752: 72-Hour Response Plan
CVE-2026-5752 in Terrarium by Cohere AI (not Cloudflare): CVSS 9.3, Sandbox Escape with Root Code Execution. 72-Hour Response Plan for Edge and Platform Teams. Read article
ASP.NET Core 0-Day CVE-2026-40372: CVSS 9.1, Patched Since Apr 22
Microsoft Out-of-Band April 22: ASP.NET Core CVE-2026-40372 with CVSS 9.1. Patch in DataProtection 10.0.7. 72-hour response plan for Security-Operations. Read article
CISA Expands KEV Catalog: 8 Vulns, Deadlines Apr 23 & May 4
CISA KEV Update from April 20, 2026 with eight vulnerabilities, patch deadlines on April 23 and May 4. 14-day response plan for DACH security teams. Read article
