If you're running FortiGate NGFWs and haven't patched three specific vulnerabilities from the last 90 days, you have a problem. SentinelOne documented two complete attack chains in early 2026 where threat actors got in, sat quietly, harvested credentials, and were on their way to full domain
Sednit's advanced implant team went quiet in 2019. ESET's latest research shows they never left — they just got smarter about hiding. If you've been tracking APT28 (Sednit, Fancy Bear, Forest Blizzard — pick your alias), you probably noticed their custom malware all but vanished from
Three CVEs. Two incidents. One consistent outcome: attackers walked from the firewall straight into domain controllers. SentinelOne's DFIR team just published what they found investigating multiple FortiGate intrusions in early 2026, and it's a blueprint for how edge device compromise turns into full AD takeover. If
Attackers haven't moved on from Fortinet. SentinelOne's incident responders published a new analysis of ongoing FortiGate network breaches — and the same playbook that's been running since late 2025 is still working in March 2026. Patches exist. Organizations just aren't applying them fast
Supply chain attacks aren't new. But GlassWorm is something different — a campaign that has spent months quietly expanding its footprint across every layer of the developer toolchain, and it's still active right now. Here's where things stand as of March 17, 2026. Three Attack
title: "Chrome Zero-Days Under Active Exploitation: Two Flaws in Skia and V8, Patch Now" slug: chrome-zero-days-cve-2026-3909-3910-active-exploitation tags: [chrome, zero-day, google, browser-security, cve] excerpt: "Google rushed out an emergency Chrome update today patching CVE-2026-3909 and CVE-2026-3910 — two high-severity zero-days already being exploited in the wild. Don't
This week our feed indexed 3,174 security articles. I read through the high-priority incidents looking for a pattern. It didn't take long. Four separate stories, four different attack methods, one common thread: attackers are targeting AI tools and developer infrastructure specifically because security teams aren't
Fancy Bear went quiet for about five years. The Russian GRU hacking unit — known as Sednit, APT28, Forest Blizzard, Sofacy — was still running phishing campaigns, but the sophisticated custom malware that made them famous had largely disappeared from researcher telemetry after 2019. ESET researchers now know why: the group'
CISA added two Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog today, and for once the urgency label actually fits. Both CVE-2026-3909 and CVE-2026-3910 are being actively exploited in the wild. If your Chrome hasn't updated in the last few days, you're exposed. Google confirmed
Published: March 13, 2026 At approximately 3:30 AM Eastern on March 11, someone with admin credentials to Stryker's Microsoft Intune tenant issued a Remote Wipe command. Not to one device, or a hundred. To everything. Laptops. Servers. Phones. Corporate-owned equipment in 79 countries. Personal iPhones employees had
Published: March 7, 2026 For years, the security industry's nightmare scenario was a nation-state with unlimited resources, elite hackers, and purpose-built malware tearing through government infrastructure. What happened to Mexico's government agencies last winter was something different, and in some ways worse: one unidentified person with
Published: March 3, 2026 In 2017, a hacking tool called EternalBlue leaked from the National Security Agency and infected the world. WannaCry shut down hospitals. NotPetya cost businesses $10 billion. The damage was staggering, and it all started with one US government weapon that got out. Researchers say the same
