❌

Reading view

1K+ cloud environments infected following Trivy supply chain attack

Crims 'creating a snowball effect' across open source projects

RSAC 2026Β  Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy supply-chain attack last week, and now the crims that compromised the open source scanners are working with notorious extortion crews like Lapsus$.…

  •  

Lightning-fast exploits make it essential to patch fast, ask questions later

Here's where you ought to spend your security billable hours budget this year

Strengthen your MFA policies, double-down on anti-phishing training, and for Jobs' sake, patch all your vulns right away. The past year of intelligence collected by Cisco's Talos threat hunters suggests that attackers are moving faster to exploit vulns, and fooling more staff than ever into giving up their credentials. …

  •  

Smooth criminals talking their way into cloud environments, Google says

Voice phishing is second most common initial access method across all IR probes, and top in cloud break-ins

RSAC 2026Β  Voice phishing surged last year to become the second most common method used by cybercriminals to gain initial access to their victims' IT estate – and the No. 1 tactic used when breaking into cloud environments.…

  •  

RSAC 2026: Uncle Sam backs out, and AI agents are everywhere

Infosec pros descend on San Francisco

kettleΒ  When El Reg cybersecurity editor Jessica Lyons joins infosec industry colleagues in San Francisco for RSAC 2026 this week, she's expecting agentic AI to be on everyone's lips - at least those who aren't busy gossiping about the lack of presence from any representatives of the US federal government.…

  •  

The drone swarm is coming, and NATO air defenses are too expensive to cope

Ukraine's battlefield lessons show quantity and affordability now trump exquisite hardware

NATO is unprepared to deal with attacks by cheap, mass-produced drones and urgently needs layered, affordable air defense systems to counter the threat, taking a cue from the experience gained by Ukrainian forces over the past four years.…

  •  

Russians are posing as Signal support to launch phishing attacks

PLUS: US takes down Iranian propaganda sites; Marketing company asks 'Why Do We Have Your Information?' And more!

Infosec In BriefΒ  Russian intelligence-affiliated parties are posing as customer support services on commercial messaging applications such as Signal to compromise accounts and conduct phishing attacks, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned last Friday.…

  •  

Cryptographers engage in war of words over RustSec bug reports and subsequent ban

Rust security maintainers contend Nadim Kobeissi's vulnerability claims are too much

UpdatedΒ  Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to address what he says are critical bugs. For his efforts, he's been dismissed, ignored, and banned from Rust security channels.…

  •  

Starmer's digital ID reboot raises same old questions as its Blair-era ancestor

Audit trails aplenty, but no price tag – and no clue how long your data sticks around

OpinionΒ  Last week's UK government consultation on its plans for digital identity had quite a few things missing. It did not include a price estimate - something it said was due to decisions yet to be taken on the scheme's scope - or how long the government would keep "audit trail" records of ID checks.…

  •  
❌