SC Media

01/16/2026

Gootloader is using malformed “hashbusting” ZIPs to dodge analysis — 500 to 1,000 concatenated archives that break 7zip/WinRAR but open in Windows. Expel Security shared YARA and behavior detections.

7zip and WinRAR fail to extract the archive’s contents, while the Windows default tool easily opens it.

01/16/2026

Printers are still an overlooked edge threat, says HP's Aurelio Maruggi in this commentary. In 2026, AI-driven attacks, quantum-readiness deadlines, and identity fatigue will force orgs to secure print/IoT fleets with visibility, monitoring, and control.

AI-driven threats, quantum risk, and identity fatigue put printers at the center of enterprise security.

01/16/2026

Microsoft and law enforcement dismantled RedVDS, a $24/mo “cybercrime-as-a-service” used in phishing and payment diversion tied to $40M+ U.S. losses.

Virtual cybercrime subscription service stole $40 million in the U.S. alone.

01/16/2026

01/16/2026

01/15/2026

Zero-trust stops at the inbox. Permanent email whitelist “exceptions” can undo costly security programs and fuel BEC losses ($50K–$120K per hit). Ask who approves, expires, and audits trust, says StrongestLayer's Alan LeFort in this commentary.

Here’s how teams can prevent email whitelist from becoming a large hole in their zero-trust programs.

01/15/2026

Only 15% of CISOs have full visibility into third-party risk, despite rising incidents, according to Panorays. Shadow and weak crisis testing are widening blind spots across supply chains.

The Panorays survey noted that only 21% of CISOs have tested crisis response plans in place.

01/15/2026

01/14/2026

A Broadcom Wi-Fi chipset bug hits some ASUS routers: a single malformed 5GHz frame can knock all clients offline, bypassing WPA2/3 and may enable evil-twin traps, according to Black Duck research. Patch now.

The exploit requires no authentication and requires a manual router reset to reconnect.

01/14/2026

The National Institute of Standards and Technology (NIST) and MITREcorp's $20M security push is a wake-up call: AI is entering OT where mistakes have physical impact. Productivity is real, but so are cascading failures. Govern access and accountability now, says Xona's Bill Moore.

NIST's creation of two AI Security Centers will force the industry to confront the realities of AI.

01/14/2026

Autonomous patching turns remediation into a continuous, intelligence-driven process, shrinking exposure windows, reducing disruption, and easing ops strain so resilience doesn’t hinge on manual work.

Manual patching can't stay ahead of today's complex, dynamic enterprise environments. Automated patch management solves this by maintaining resilience through continuous consistency.

01/14/2026