While ECH Adoption Is Low, Risks Remain for Enterprises, End Users

An upgraded cybercrime tool is designed to make targeted ransomware attacks as easy and effective as possible, with features like EDR-spotting and DNS-based C2 communication.

Merchants and retailers will now face penalties for not being compliant with PCI DSS 4.0.1, and the increased security standards make it clear they cannot transfer compliance responsibility to third-party service providers.

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to

A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.

This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance. Scale amplified the damage. A single weak configuration rippled out…

SonicWall said a breach it disclosed last month affected firewall configuration files for all customers who have used SonicWall’s cloud backup service — up from its previous 5% estimate.