SC Media

01/09/2026

Ransomware, OT intrusions, and geopolitics are converging in 2026, experts predict, pushing attackers from utilities into healthcare, water, food, and logistics. Legacy ICS and SaaS supply chains are in the crosshairs.

Experts warn 2026 will bring AI-scaled OT attacks, pre-positioning, and wider supply-chain hits.

01/09/2026

Executive security isn’t a perk anymore — it’s risk management, says 360 Privacy's Trinity Davis in this commentary. can stitch public data into targetable profiles in minutes. Boards should treat leader protection like cyber: essential.

The idea of executive security as a luxurious corporate perk no longer makes sense.

01/09/2026

OpenAI patched a prompt-injection flaw that could’ve leaked ChatGPT and connector data by tricking the model into opening attacker URLs. Radware says the new exfil chain bypassed prior guards — now fixed.

Indirect prompt injections via Connectors could have stealthily leaked sensitive information.

01/09/2026

01/08/2026

The Cybersecurity and Infrastructure Security Agency placed a maximum-severity HPE OneView bug on its Known Exploited Vulnerabilities (KEV) catalog. Hewlett Packard Enterprise warned teams to apply a hot fix for CVE-2025-37164, which could lead to RCE, on Dec. 16.

U.S. agency confirms that HPE OneView vulnerability, CVE-2025-37164, exploited in the wild.

01/08/2026

N8n fixed two CVSS 10.0 flaws that can lead to RCE — one auth arbitrary file write, one unauth file read → session forgery. Patch to 1.121.3 ASAP and lock down Git/webhook nodes.

One of the flaws could potentially enable an unauthenticated attacker to access arbitrary files.

01/08/2026

Veeam Software patched 3 backup RCE flaws (one critical). Treat backup/tape operator roles as tier-0 — patch fast, lock down access, and monitor hard or recovery becomes the target.

Attackers target Veeam backup to make it harder for victims to recover from a ransomware incident.

01/08/2026

Many security pros expect third-party supply chains to become the primary entry point for breaches, as threat actors exploit the sprawling web of integrations and dependencies that most organizations struggle to inventory.

Cloud attacks and SaaS supply chains converge as monoculture, AI and outages amplify risk.

01/08/2026

Hiring is now an attack surface, says Fable Security's Nicole Jiang in this commentary. AI-assisted interviews, deepfakes, and VPN tricks make identity fraud easier.

AI threats can make recruiting more challenging – here’s how to hire more safely today.

01/08/2026

IDEs like Cursor/Windsurf/Antigravity recommended extensions that didn’t exist, creating an opening for attackers to claim those names in OpenVSX and ship malware, according to Koi research.

Koi Security claimed the unclaimed namespaces to prevent threat actors from doing the same.

01/07/2026

01/07/2026

Attackers aren’t breaking in — they’re logging in. In 2026, credentials, tokens and machine identities will be the easiest path to major breaches. Treat identity as core resilience, not IT hygiene, says Rig Security's Guy Kozliner in this commentary.

Identity attacks are the new breach engine — secure logins, tokens, and vendors or risk 2026.