Policy & Government
White House Details ‘Gold Eagle’ Clearinghouse for AI Cyber Threats
A White House policy signal on AI cyber threats — federal-adjacent organizations align this week.
Nation-State Cyber Threats
A nation-state mobile-network-vulnerability disclosure with defense-sector implications — coverage this week.
Supply Chain Attack
A large-scale JavaScript-ecosystem supply-chain compromise — defender inventory work this week.
Artificial Intelligence (AI)
An AI-IDE supply-chain finding — defender review for organizations using Cursor this week.
Artificial Intelligence (AI)
An AI-browser extension disclosure with cross-tenant data implications — defender review for Claude for Chrome deployments this week.
Threat Intelligence
Microsoft maps ShinyHunters' Salesforce activity — defender review for SaaS-heavy organizations this week.
Cybercrime
A UK fraud-platform prosecution at scale — law-enforcement coverage this week.
Policy & Government
A CMMC-framework pause from the Pentagon — defense-contractor compliance work re-scoped this week.
Policy & Government
A US Treasury sanctions package targeting VPN and cryptor infrastructure that reportedly supports ransomware — regulatory coverage this week.
Vulnerabilities
A message-queue vulnerability with OAuth and multi-tenancy implications — defender review for RabbitMQ deployments this week.
A seven-flaw Avi Load Balancer patch cycle from VMware — defender verification this week.
Two Joomla-extension zero-days under active attack — Joomla operators accelerate patch verification this week.
Two SonicWall SMA zero-days under active attack — immediate defender posture review this week.
Adobe's ColdFusion patch cycle continues — defender verification across deployments this week.
A CVSS 9.9 NetWeaver ABAP flaw anchors SAP's critical patch cycle — defender verification across products this week.
Eleven old Microsoft-signed shims land as bypasses of Secure Boot — Linux-boot defender review this week.
A decade-old Secure Boot revelation — lifecycle-security implications for defender teams this week.
A SharePoint JWT auth bypass patched in July's Patch Tuesday — defender verification this week.
Microsoft's July Patch Tuesday breaks its own record — 622 CVEs, two zero-days under active attack, and defender triage stakes rise this week.
A macOS notarization-abuse malware disclosure — defender review for Mac-issuing organizations this week.
A new named PhaaS platform targeting Microsoft 365 — defender teams review posture and OAuth-hygiene this week.
Another AI-agent supply-chain finding — defender posture review for organizations deploying memory-enabled agents this week.