OP-512 is the fourth China-linked group in 12 months to attack IIS servers, employing three proprietary web shells with cryptographic controls and automated callback functionality.
Three vulnerabilities in Fortinet FortiSandbox (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) are being actively exploited; two were patched since April 2026, the newest only a week old.
Microsoft’s benchmarking shows only marginal added value (under 0.05%) for additional email security tools, but experts emphasize that a percentage figure does not reveal the full risk picture and a single missed threat can be critical.
Europe is avoiding direct confrontation over the U.S. export controls blocking Anthropic’s new models and is instead attempting to position AI safety as a field for cooperation.
Cyber resilience is becoming a strategic business question, requiring CISOs to assume business responsibility and integrate regulatory requirements into governance processes.
At least 15 malicious plugins in the JetBrains Marketplace were designed to steal AI API keys from developers and gain access to internal corporate services.
Google provides sign-in services with auth_time and amr metadata to verify login freshness and authentication methods for implementing risk-based access control.
Outsider, a Chinese phishing network, abused Gemini to mass-produce fraudulent SMS messages and websites, caused $1.9 billion in damages, and was shut down through U.S. law enforcement action.