Palo Alto Networks PAN-OS GlobalProtect Auth Bypass

Attackers are actively exploiting a PAN-OS GlobalProtect authentication bypass vulnerability to gain unauthorized VPN access to exposed Palo Alto Networks firewalls. An attacker who...

Recorded Future Launches Impact and Metrics Dashboard

Today, Recorded Future is announcing the Impact and Metrics Dashboard, a new way for every Recorded Future customer to see the value their...

Entra Agent ID: The blueprint blast radius

Entra Agent ID is an extension of Entra's application model that provides identities for AI agents. Unlike applications, the agent identity model allows linking...

Compliance work is overdue for a new approach

Elastic Security introduces agentic compliance in Agent Builder, starting with PCI DSS v4.0.1. Ask questions over live telemetry, inspect ES|QL evidence and scope claims,...

Cyber-Enabled Maritime Sanctions Evasion

Executive Summary Iranian and Russian shadow fleet vessels, along with multiple sanctions evasion networks (SENs), are using online infrastructure likely designed to facilitate...

University of Nottingham – 454,635 breached accounts

In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign....

CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice

Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows...

Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency

Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities online,...

Fake Software Tutorials on TikTok Spread Vidar Stealer

Threat actors push fake free-software tutorials on TikTok and Instagram to spread Vidar stealer - Read more

Latest article

Indian Govt Bans Apps Being Misused to Stop E-Rickshaws Remotely

The Indian government has directed Google and Apple to take down three mobile applications, BAT-BMS, Lossigy, and Epoch-i-ion, after they were allegedly misused to...

Microsoft 365 users fall victim to one-in-a-million password spray attack

Microsoft users have been hit by a massive, automated password spray attack. Among those targeted by the attack were clients...

Apple’s ‘Hide My Email’ Privacy Flaw Exposes Real Email Addresses

Researchers say Apple’s Hide My Email flaw may expose real addresses, despite two fixes. Here’s what users should know about the privacy risk. The post...

Catan and Mouse

Welcome to this week’s edition of the Threat Source newsletter.  “I do not know everything; still many things I understand.” ― Madeleine L'Engle, A Wrinkle...