Latest coverage for Report

ENISA NIS360 2026 shows cybersecurity improving across EU critical sectors, but health, water, rail, and space remain in the risk zone. ENISA has published its third annual NIS360 report, assessing the cybersecurity maturity and criticality of all sectors covered by the NIS2 directive. The headline finding is that things are improving across the board. The […]

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and detection opportunities to help organizations identify and disrupt related activity. The post Malicious npm packages abuse dependency confusion to profile developer environments appeared first on Microsoft Security Blog.

June Meetings Could Shape Which Entities Must Report Cyber IncidentsThe Cybersecurity and Infrastructure Security Agency's June town halls will give critical infrastructure operators a final opportunity to influence how the agency defines covered entities, reportable incidents and compliance requirements before issuing long-awaited CIRCIA regulations.

A report from the Commerce Inspector General details how mismanagement allowed a backlog of 27,000 unprocessed security flaws to grow unchecked, while the agency duplicated work with a similar CISA program. The post Federal audit reveals NIST’s NVD is plagued by poor planning and duplication appeared first on CyberScoop.

Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop

ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe

The Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI/CD credentials across developer environments. This report details the attack chain, detection opportunities, and mitigation guidance to help organizations identify and disrupt related activity. The post Typosquatted npm packages used to steal cloud and CI/CD secrets appeared first on Microsoft Security Blog.

State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily concentrated among a small group of AI power users and a

Separate Breach Details Can Bleed Into Each Other, Incident Responders FindCybersecurity investigators who use artificial intelligence tools to draft incident response reports, beware: Information tied to one security incident can contaminate a report into a separate incident, if both get drafted using the same AI tool in the same session, researchers warn.

Ransomware and vendor breaches persist. The "2026 Data Breach Investigations Report" (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable.

Verizon's 2026 Data Breach Investigations Report (DBIR) finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys.

Verizon’s annual Data Breach Investigations Report uncovered a surge of exploited vulnerabilities, and a growing lack of critical defect remediation industrywide. The post Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches appeared first on CyberScoop.

Patch Rollout Slows and Ransomware Incident Volume Rises, Finds Latest Verizon DBIRThe frequency of hackers exploiting vulnerabilities in hardware and software to gain initial access to a victim's environment continues to surge, and half of all successful breaches also now involve some type of "ransomware action," according Verizon's 2026 Data Breach Investigations Report.

Bridewell report calls out emergence of “fix-style” attacks

Déjà Vu: Is Mythos in Hands of Bad Actors Akin to Cobalt Strike, Brute Ratel Abuse?Anthropic's Claude Mythos and similarly powerful artificial intelligence tools pose elevated cyber risk to the healthcare sector, warns a new report. Addressing the onslaught of newly discovered bugs will require healthcare organizations to evolve their vulnerability mindsets.

A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that "no product changes were made," despite the researcher documenting a silent fix. [...]

New Report Warns China Could Reach Frontier AI Near-Parity by 2028Anthropic warned that weak chip export controls, model distillation and expanded Chinese access to advanced compute infrastructure could erode Washington’s frontier AI advantage and accelerate Beijing’s push toward near-parity in advanced AI systems.

Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed

Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating

Rough Monday