Most ransomware playbooks don't address machine credentials. Attackers know it.

The gap between ransomware threats and the defenses meant to stop them is getting worse, not better. Ivanti’s 2026 State of Cybersecurity Report found that the preparedness gap widened by an average [...]

New UK law would ban ransomware payments by publicly funded orgs

The British government has announced plans to move forward with a law that would bar public organizations from paying off ransomware attackers. The proposed legislation would add schools, town council [...]

Akai just released a portable and relatively budget-friendly MPC sampler

Akai just revealed specs and other details about the MPC Sample after teasing the gadget earlier this month. This is a portable sampler and groovebox that looks eerily similar to Teenage Engineering&# [...]

In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now

Every enterprise running AI coding agents has just lost a layer of defense. On March 31, Anthropic accidentally shipped a 59.8 MB source map file inside version 2.1.88 of its @anthropic-ai/claude-code [...]

How recruitment fraud turned cloud IAM into a $2 billion attack surface

A developer gets a LinkedIn message from a recruiter. The role looks legitimate. The coding assessment requires installing a package. That package exfiltrates all cloud credentials from the developerâ [...]

Your IT stack is the enemy: How 84% of attacks evade detection by turning trusted tools against you

It’s 3:37 am on a Sunday in Los Angeles, and one of the leading financial services firms on the West Coast is experiencing the second week of a living-off-the-land (LOTL) attack. A nation-state cybe [...]

Anthropic published the prompt injection failure rates that enterprise security teams have been asking every vendor for

Run a prompt injection attack against Claude Opus 4.6 in a constrained coding environment, and it fails every time, 0% success rate across 200 attempts, no safeguards needed. Move that same attack to [...]

Researchers broke every AI defense they tested. Here are 7 questions to ask vendors.

Security teams are buying AI defenses that don't work. Researchers from OpenAI, Anthropic, and Google DeepMind published findings in October 2025 that should stop every CISO mid-procurement. Thei [...]

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Securit [...]