Metasploit Wrap-Up 02/20/2026
Hacking Churches and Backdooring EmacsThis release packs some solid exploit module additions! Two new unauthenticated RCE modules are a major win: the StoryChief WordPress plugin...
AI-augmented threat actor accesses FortiGate devices at scale
Commercial AI services are enabling even unsophisticated threat actors to conduct cyberattacks at scale—a trend Amazon Threat Intelligence has been tracking closely....
Google Blocked 1.75M Harmful Apps From Play Store in 2025
Google used AI-driven review systems to block 1.75 million policy-violating apps and ban 80,000 developer accounts in 2025, expanding Play Store and Android security...
Hacktivism and the Winter Olympics 2026: What We’re Seeing and What it Signals
The 2026 Winter Olympics have been live for several weeks, and the cyber activity many predicted is already unfolding.Threat intelligence reporting from Intel471 highlights...
Dramatic Escalation in Frequency and Power of DDoS Attacks
DDoS attack frequency has risen to ‘alarming levels,’ warns Radware report - Read more
Android Malware Hijacks Google Gemini to Stay Hidden
A new Android malware implant using Google Gemini to perform persistence tasks was discovered on VirusTotal and analyzed by ESET - Read more
How to build an incident response plan, with examples, template
Threats from cyberattacks continue to grow in frequency and severity. Considering the potential disruptions from such events, an organization needs an incident response plan.....
Reduce Phishing MTTR Without Adding SOC Headcount
Your SOC is not understaffed. It is overloaded with noise.Phishing response does not fail because teams lack skill. It fails because too much time...
CarMax – 431,371 breached accounts
In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique...
How to check the impact of third-party CVEs on your Elastic deployment
Instantly check the impact of third-party CVEs on your Elastic deployment with the new self-service CVE Impact Statements on the Support Hub. Quickly filter...
Latest article
Operation Endgame 4.0 – 153,527 breached accounts
On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems...
Accelerate security investigations with Kiro CLI
When a security event occurs in your Amazon Web Services (AWS) environment, rapid response is critical. However security teams often struggle with time-consuming, manual...
Close Encounters of the Human Kind
Welcome to this week’s Threat Source newsletter. I love a Spielberg summer. His ability to imbue a sense of wonder, awe, curiosity, and connection means he’s in a...
New iPhone BootROM Vulnerability Exposes Apple SoCs to Full Chain-of-Trust Compromise
A novel BootROM vulnerability, dubbed usbliter8, affects Apple devices powered by A12, S4/S5, and A13 SoCs. The exploit chains a hardware-level bug in the...
