US dominance of agentic AI at the heart of new NIST initiative
This week, the US National Institute of Standards and Technology (NIST) announced a new listening exercise, the AI Agent Standards...
Using AI to defeat AI
Welcome to this week’s edition of the Threat Source newsletter. Generative AI and agentic AI are here to stay. Although I believe that the advantages...
Adidas Investigates Alleged Data Breach – 815,000 Records of Customer Data Stolen
Adidas has confirmed it is actively investigating a potential data breach involving one of its independent third-party partners after a threat actor operating under...
Remcos RAT Expands Real-Time Surveillance Capabilities
New Remcos RAT variant enhances real-time surveillance and evasion techniques to compromise Windows - Read more
CVE-2026-21528 Azure IoT Explorer Information Disclosure Vulnerability
Corrected the CVE description and title. This is an informational change only. - Read more
Figure Data Breach Exposes Nearly 1 Million Customers Online
Fintech lender Figure suffered a social-engineering breach that led to a data dump online. Have I Been Pwned found 967,200 exposed email records.
The post...
ICO wins appeal over data protection obligations in Currys cyber attack
The ICO has won an important appeal relating to data protection obligations arising from a 2017-18 cyber attack at electronics retailer Currys PC World....
Jinan USR IOT Technology Limited (PUSR) USR-W610
View CSAF
Summary
Successful exploitation of these vulnerabilities could result in authentication being disabled, a denial-of-service condition, or an attacker stealing valid user credentials, including administrator...
Valmet DNA Engineering Web Tools
View CSAF
Summary
Successful exploitation of this vulnerability could allow an unauthenticated attacker to manipulate the web maintenance services URL to achieve arbitrary file read access.
The...
EnOcean SmartServer IoT
View CSAF
Summary
Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and bypass ASLR.
The following versions of EnOcean SmartServer IoT...
Latest article
Operation Endgame 4.0 – 153,527 breached accounts
On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems...
Accelerate security investigations with Kiro CLI
When a security event occurs in your Amazon Web Services (AWS) environment, rapid response is critical. However security teams often struggle with time-consuming, manual...
Close Encounters of the Human Kind
Welcome to this week’s Threat Source newsletter. I love a Spielberg summer. His ability to imbue a sense of wonder, awe, curiosity, and connection means he’s in a...
New iPhone BootROM Vulnerability Exposes Apple SoCs to Full Chain-of-Trust Compromise
A novel BootROM vulnerability, dubbed usbliter8, affects Apple devices powered by A12, S4/S5, and A13 SoCs. The exploit chains a hardware-level bug in the...
