Key Points Check Point Research identified a zero-day vulnerability in the TrueConf client application, tracked as CVE-2026-3502, with a CVSS score of 7.8. The flaw stems from…
Key Takeaways Sensitive data shared with ChatGPT conversations could be silently exfiltrated without the user’s knowledge or approval. Check Point Research discovered a hidden outbound…
High-value assets including domain controllers, web servers, and identity infrastructure are frequent targets in sophisticated attacks. Microsoft Defender applies asset-aware protection using Microsoft Security Exposure…
Welcome to this week’s edition of the Threat Source newsletter. Anyone who spoke with me in the last several weeks has had to deal with me loudly waiting in anticipation for the long-awaited “Project…
A significant proportion of cyber incidents are linked to supply chain attacks, and this proportion is constantly growing. Over the past year, we have seen…
Introduction On March 4, 2026, Google and iVerify published reports about a highly sophisticated exploit kit targeting Apple iPhone devices. According to Google, the exploit…
Introduction Zerobot, a Mirai-based botnet known for targeting Internet of Things (IoT) devices, has leveraged a critical vulnerability tracked as CVE-2025-68613, to compromise instances of…
In modern organizations, sensitive data lives everywhere and is constantly moving. It is created, accessed, transformed, and shared across endpoints, browsers, SaaS applications, cloud services,…
Interest in cloud-native application protection platforms (CNAPPs) has exploded over the recent years, partly due to their ability to reduce alert noise by translating siloed…
Summary Microsoft Defender disrupted a human operated ransomware incident targeting a large educational institution with more than a couple of thousand devices. The attacker attempted to…
The 2025 Talos Year in Review is now available to view online. The pace and scale of adversary activity in 2025 placed sustained pressure on security…
Excerpt: CTI-REALM is Microsoft’s open-source benchmark for evaluating AI agents on real-world detection engineering—turning cyber threat intelligence (CTI) into validated detections. Instead of measuring “CTI…
