AWS KY3P report now available for third-party supplier due diligence
We’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture....
Hackers Use Fake Microsoft Teams Downloads to Deploy ValleyRAT Malware
Hackers have been caught running a deceptive campaign that uses fake Microsoft Teams download websites to trick users into installing ValleyRAT, a remote access...
New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most
Verizon’s 2026 DBIR shows vulnerability exploitation, AI-enabled attacks, third-party risk, and ransomware are reshaping cyber threats.
The post New Verizon Report Reveals the Security Gap...
The art of being ungovernable
Welcome to this week’s edition of the Threat Source newsletter. “It takes very little to govern good people. Very little. And bad people can’t be governed at all. Or if...
Cybercriminal VPN Dismantled in Europol Crackdown
First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol - Read more
Police op targets VPN service favoured by ransomware gangs
A multinational police operation has taken down the infamous First VPN service that provided cover for cyber criminal gangs and ransomware operators. -...
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Fixed a typographical error. This is an information change only. - Read more
Q1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement
The first quarter of 2026 reinforced that attackers are moving faster, operating with greater coordination, and exploiting weaknesses before most organizations can respond effectively....
Dragonica Lunaris – 126,293 breached accounts
In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth...
The Vulnerability Flood Is Now a Board Conversation. Here’s How to Lead It.
I've had some version of the same conversation dozens of times since Mythos and Daybreak emerged. CISOs want to know how worried they...
Latest article
Unpatched ChromaDB flaw leaves servers open to remote code execution
Researchers have published details about a critical vulnerability in ChromaDB that could allow unauthenticated attackers to execute arbitrary code and...
[R1] Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities
Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/21/2026 - 16:00
Sensor Proxy leverages third-party software to help provide underlying functionality....
AWS KY3P report now available for third-party supplier due diligence
We’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture....
Hackers Use Fake Microsoft Teams Downloads to Deploy ValleyRAT Malware
Hackers have been caught running a deceptive campaign that uses fake Microsoft Teams download websites to trick users into installing ValleyRAT, a remote access...
