Microsoft reported a cryptojacking campaign that uses poisoned search results, AI-surfaced software recommendations, fake utility downloads, and abused ScreenConnect access. Here is what SMBs and government contractors should defend first.
CISA added CVE-2026-48172 to KEV after active exploitation of a LiteSpeed cPanel user-end plugin flaw that can let compromised hosting accounts execute scripts as root.
Google’s reporting on Chinese-language phishing-as-a-service shows why MFA bypass, real-time OTP interception, and digital wallet fraud require phishing-resistant authentication and session monitoring.
Mandiant’s KnowledgeDeliver CVE-2026-5426 report shows how shared ASP.NET machine keys can turn ViewState into unauthenticated RCE and user-facing malware delivery.
A Laravel-Lang package compromise shows why trusted dependency tags, Composer autoload behavior, and runtime secrets need security monitoring—not just engineering review.
The South Staffordshire Water breach shows why outsourced SOC coverage, legacy server risk, and vulnerability management must be proven—not assumed—for SMBs, utilities, and government contractors.
Unit 42’s ROADtools research shows why Microsoft Entra ID token abuse, rogue device registration, and Graph API enumeration need to be treated as core incident-response signals for SMBs and government contractors.
Drupal CVE-2026-9082 is already being scanned and exploited in the wild. The lesson for SMBs and government contractors: know where your Drupal sites are, verify PostgreSQL exposure, patch fast, and review logs before probing turns into compromise.
Microsoft analyzed an intrusion where an F5 BIG-IP edge appliance led to Linux access, Confluence compromise, credential theft, and identity relay attempts. Here is what SMBs and government contractors should tighten first.
Iran-nexus Screening Serpens used recruitment and meeting lures, new RAT variants, and .NET AppDomainManager hijacking. Here is what SMBs and government contractors should tighten now.
