SolarWinds Serv-U Exploitation Shows File Transfer Availability Is Security
CISA added actively exploited SolarWinds Serv-U CVE-2026-28318 to KEV. Here is what SMBs and government contractors should do about file-transfer availability risk.
Pink Extortion Shows Microsoft 365 Defense Starts With Vishing Controls
Unit 42 is tracking Pink / CL-CRI-1147, a Com-affiliated extortion brand using vishing, credential theft, and Microsoft 365 data exfiltration. Here is what SMBs and government contractors should lock down now.
ChatGPT Lockdown Mode Shows Prompt Injection Defense Is About Egress Control
OpenAI’s ChatGPT Lockdown Mode is a useful reminder that prompt-injection defense is not just about model behavior. It is about limiting outbound paths, connector permissions, and tool access around sensitive work.
PAN-OS GlobalProtect Exploitation Shows VPN Access Needs Log Review, Not Just Patching
Unit 42 reports active exploitation attempts against PAN-OS GlobalProtect CVE-2026-0257. Defenders should patch, but also review VPN sessions, authentication override cookie behavior, and edge-device telemetry for signs of unauthorized access.
UNC3753 Brings Vishing, RMM Abuse, and Physical Intrusions to U.S. Law Firms
Mandiant reports that UNC3753, also known as Luna Moth / Silent Ransom Group, is targeting U.S. law firms and professional services with vishing, RMM abuse, rapid data theft, and suspected physical office intrusions. Here is what SMBs and government contractors should lock down now.
Cisco SD-WAN Zero-Day Shows Edge Controllers Need Compromise Review
Cisco says CVE-2026-20245 has been exploited against Catalyst SD-WAN Manager. Defenders should preserve evidence, review controller logs, validate edge-device configuration, and restrict management-plane access.
Agentic AI Failure Modes Show Why AI Tools Need Supply-Chain Controls
Microsoft’s updated agentic AI failure-mode taxonomy turns AI agents into a practical security architecture problem: plugins, prompts, memory, browser use, and human approvals all need controls.
Error 524 Smishing Shows Why Fraud Infrastructure Needs CTI
Group-IB documented a global smishing operation using fake error pages, geofencing, and encrypted WebSocket exfiltration. Here is what SMBs and government contractors should take from it.
Fuel Tank Gauge Attacks Show Why Small OT Still Needs Internet Exposure Control
Federal agencies warn that attackers are compromising internet-exposed automatic tank gauge systems. The lesson for SMBs, fuel operators, farms, logistics firms, and gov contractors is simple: small OT is still operational infrastructure.
Stock Exchange Mailbox Espionage Shows Executive Email Is Strategic Infrastructure
A five-month espionage campaign against a stock exchange executive mailbox shows why senior email accounts need privileged-asset controls, cloud exfiltration monitoring, and scheduled-task hunting.