editorially independent. We may make money when you click on links
to our partners.
Learn More
Major Threats & Vulnerabilities
Zero-Day and Critical Exploits
A new zero-day vulnerability in Adobe Acrobat Reader is being actively exploited through malicious PDFs. Attackers can steal data and compromise systems, with no patch currently available. Security teams are urged to block untrusted PDFs, disable JavaScript, and use sandboxing with outbound traffic monitoring.
The Fortinet EMS vulnerability (CVE-2026-35616) is under active exploitation, allowing unauthenticated API access for command execution and privilege escalation. Fortinet has released a hotfix and advises immediate patching and restricted network access to EMS servers.
AI and Emerging Threats
Researchers uncovered the GrafanaGhost AI flaw, which enables silent data exfiltration through prompt injection and validation bypass. While no active exploitation has been reported, the issue underscores the growing risks of AI-assisted features in enterprise software.
The Cisco 2026 State of Wireless Report highlights a surge in AI-driven wireless attacks, with 58% of organizations reporting losses — half exceeding $1 million. Cisco recommends implementing WPA3, network segmentation, and WIDS/WIPS systems to mitigate these threats.
Malware and Exploitation Campaigns
Over 50 Android apps on Google Play were found distributing NoVoice malware, infecting more than 2.3 million devices. The malware used dormant code to evade detection and targeted outdated devices for data theft.
Meanwhile, hackers are exploiting WhatsApp to deliver VBS malware to Windows PCs, using UAC bypass and cloud-hosted payloads to establish persistence and backdoor access.
Industry News
Major Data Breaches
$3.6 million was stolen from Bitcoin Depot after attackers breached internal systems using compromised credentials. The breach highlights the importance of enforcing MFA, securing keys in cold storage, and implementing multi-signature approvals for financial transactions.
A data breach at Eurail exposed sensitive information for over 300,000 travelers, including passports and IDs. Some data has already surfaced on dark web forums, underscoring the need for encryption, MFA, and fraud monitoring.
The LAPD-linked breach exposed 7.7TB of sensitive data through a third-party discovery platform. The incident reinforces the need for strict access controls and vendor risk management.
Meta suspended collaboration with Mercor following a breach involving malicious LiteLLM packages on PyPI. A forensic review is underway to determine the extent of data exposure.
A CareCloud breach disrupted EHR systems for eight hours and exposed patient data, emphasizing the risks of SaaS-based healthcare systems and the importance of PHI protection.
An alleged Starbucks data leak exposed firmware and source code for Mastrena II espresso machines, raising concerns about operational and supply chain security.
Corporate and Technology Developments
Apple announced encrypted RCS messaging for iPhone-to-Android communication, following FBI warnings about SMS vulnerabilities. The update enhances privacy and reduces carrier-based risks.
Samsung will shut down its Messages app in July 2026, transitioning users to Google Messages with RCS and AI scam detection features.
Amazon is negotiating a $9 billion acquisition of Globalstar to compete with Starlink in satellite internet services, though regulatory and partnership complexities remain.
Nutanix introduced its Agentic AI platform to simplify enterprise agent creation and reduce token costs through integration with NVIDIA tools and secure development environments.
Security Tips & Best Practices
Data Protection and Resilience
The article How Resilient Is Your Data Protection Strategy? recommends minimizing stored sensitive data, enforcing least privilege with PAM, and using MFA and encryption for data in transit and at rest. Implementing DLP solutions with continuous monitoring can detect exfiltration early.
Risk Assessment and Governance
How to Run a Cybersecurity Risk Assessment in 5 Steps provides a nine-page guide to identify vulnerabilities and prioritize mitigation strategies using structured assessments.
API and Cloud Security
Could Your APIs Be an Entry Point? advises enforcing strong authentication, implementing rate limiting, and validating inputs and outputs through API gateways to prevent data exposure.
For cloud users, Enhancing iCloud Usage Security emphasizes following organizational policies and ensuring secure handling of data when accessing iCloud services.
Skills and Workforce Development
Cybersecurity Skills Development encourages professionals to learn ethical hacking and cybersecurity fundamentals to strengthen defenses against evolving threats.
Your Data Assistant offers a $20 lifetime AI tool that allows users to analyze spreadsheets locally, generate charts, and interact with data securely without cloud dependencies.
The ESG Economic Validation report highlights optimized data protection solutions designed for cloud economics, helping organizations avoid cost overruns when adapting on-premises tools.
For developers, no-code database builders like Airtable, AppSheet, and Zoho offer flexible solutions for creating custom applications without extensive coding.
Finally, AI-based multi-cloud optimization tools are helping enterprises reduce waste and improve performance through predictive demand management and automated governance.
If you want to see more from our Newsletter Archive please click here.
