The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation
The developer ecosystem recently faced one of its most significant architectural threats to date, with the threat actor group TeamPCP unleashing Mini Shai-Hulud—a self propagating…
Category: VendorResearch
Understanding Illicit Ecosystems: The Hybrid Threat of “The Com”
What is “The Com”? The Community, more widely known as “The Com” is a sophisticated hybrid threat ecosystem in which cybercrime serves as the venture…
Microsoft recognized as a Leader in The Forrester Wave for Workforce Identity Security Platforms
Identity is the backbone of modern cybersecurity. Every access decision carries risk, across employees, partners, devices, workloads, and an expanding set of AI-powered agents. But…
The Vulnerability Flood Is Now a Board Conversation. Here’s How to Lead It.
I’ve had some version of the same conversation dozens of times since Mythos and Daybreak emerged. CISOs want to know how worried they should be.…
What’s new in Microsoft Security: May 2026
At Microsoft, security innovations are purpose-built to help every organization protect end-to-end with the speed and scale of AI. Our vision is simple: security should…
Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow
In this article The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they…
AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communities
A finance employee joins a video call with their CFO and several colleagues. The request is routine. The faces match. The voices sound authentic. Minutes…
At Mythos Speed: A Defender’s Playbook for the AI Vulnerability Surge in 2026
Key Takeaways Discovery has been commoditized. Frontier AI models like Mythos and GPT 5.5 are making vulnerability discovery cheap, fast, and broadly accessible. The defender’s…
How to better protect your growing business in an AI-powered world
AI is rapidly reshaping how work gets done in companies and organizations. In celebrating National Small Business Month, we want to acknowledge the unique challenges…
Q1 2026 Android threat landscape
IT threat evolution in Q1 2026. Mobile statisticsIT threat evolution in Q1 2026. Non-mobile statistics In the third quarter of 2025, we updated the methodology…
April 2026 CVE Landscape
In April 2026, Insikt Group® identified 37 high-impact vulnerabilities that should be prioritized for remediation, 35 of which had a Very Critical Recorded Future Risk…
NIST NVD Enrichment Policy Change: Prioritizing Vulnerabilities with Attacker Behavior Signals
As of April 15, 2026, NIST enriches only CVEs that appear in the CISA Known Exploited Vulnerabilities catalog, federal government software, or software designated critical…