(Credit: Timon – stock.adobe.com)

(Credit: Timon – stock.adobe.com)

Cursor vulnerability enables stealthy RCE via indirect prompt injection

Laura FrenchJanuary 15, 2026

An attacker could have triggered certain shell built-in commands without user approval.

RESOURCES

Patch/Configuration Management
How autonomous patch management strengthens operational resilience
Email security
Beyond the SEG: Rethinking email security for the modern enterprise
Endpoint/Device Security
From change prevention to continuous improvement: Automating patch cycles with guardrails, rings, and proof
SC Awards
Bouncing back better: Submit your nominations for the Resilient CISO Award
Leadership
A serial entrepreneur’s journey from marketing to cybersecurity: Founder Stories

PODCASTS

Leadership
The Future Of Proactive Security Before Building an AI Enabled Enterprise – Erik Nost – BSW #430
Vulnerability Management
Are you dead?, AI Hellscape, Copilot, Blue Delta, Quishing, Confer, Aaran Leyland… – SWN #546
Application security
Secure By Design Is Better Than Secure By Myth – Bob Lord – ASW #365
Zero trust
Keys Without People — John Heasman on Cleaning Up Non-Human Access – John Heasman – CSP #220
AI benefits/risks
The State of Cybersecurity Hiring, 2026 content plans, and the weekly news – ESW #441

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Cyber Insurance: Protects organizations against the costs of data breaches, cyberattacks, and related liabilities in an increasingly digital world, close-up

Security Operations

Only 15% of CISOs say they have visibility into third-party risk

Steve ZurierJanuary 14, 2026

The Panorays survey noted that only 21% of CISOs have tested crisis response plans in place.

Security Operations

Broadcom chip software flaw affecting ASUS routers enables DoS

Laura FrenchJanuary 14, 2026

The exploit requires no authentication and requires a manual router reset to reconnect.

Security Operations

Magecart network targeted Amex, Diners Club, MasterCard since 2022

Steve ZurierJanuary 13, 2026

Experts point out that Magecart attacks exploit third-party scripts on web browsers, bypassing traditional security controls.

Threat Management

‘Pig butchering-as-a-service’ provides ready-to-use kits, infrastructure

Laura FrenchJanuary 13, 2026

Infoblox researchers detail the offerings of entities known as UWORK and the Penguin Account Store.

AI monitoring and detecting cybersecurity threats, identifying data breaches and system vulnerabilities to enhance digital protection and prevent cyberattacks Parse

Application security

2026 AI reckoning: Agent breaches, NHI sprawl, deepfakes

Stephen WeigandJanuary 13, 2026

Experts warn 2026 brings agent-driven breaches, NHI abuse and deepfake trust shocks.

Russia and Presidential elections

Threat Management

Russia-linked APT28 targets energy and defense groups tied to NATO

Steve ZurierJanuary 12, 2026

Active since 2004, APT28’s sustained campaign for the past year focused on credential harvesting.

Computer keyboard, close-up button of the flag of North Korea.

Threat Management

FBI: Kimsuky steals credentials via QR code ‘quishing’ attacks

Steve ZurierJanuary 9, 2026

North Koreans use quishing to steal identities on mobile devices.

(Credit: Krot_Studio – stock.adobe.com)

Honeypots detect threat actors mass scanning LLM infrastructure

Laura FrenchJanuary 9, 2026

GreyNoise honeypots captured more than 80,000 sessions probing LLM endpoints over the last 11 days.

EVENTS