Axios Was Backdoored Last Night. 83 Million Weekly Downloads, Three RAT Payloads.
Attackers compromised the primary Axios npm maintainer account and published malicious versions that drop a cross-platform RAT targeting Windows, macOS, and Linux. The attack was staged 18 hours in advance and designed to self-destruct.
LiteLLM Was Backdoored This Morning. Here's the Full Attack Chain.
Attackers compromised a security scanner, stole a PyPI token, and published credential-stealing malware to LiteLLM versions 1.82.7 and 1.82.8. The three-hour window, the .pth file trick, and what to check right now.
SharePoint RCE CVE-2026-20963 Is Being Actively Exploited
CISA confirmed that CVE-2026-20963, an unauthenticated SharePoint RCE patched in January, is now under active exploitation. Microsoft originally rated it "less likely." Here is what to check and why patching alone is not enough.
Two More Chrome Zero-Days in March 2026: CVE-2026-3909 and CVE-2026-3910
Google patched two actively exploited Chrome zero-days in March 2026, both now in CISA's KEV catalog. That's three Chrome zero-days in four weeks. Here's what your business needs to do right now.
HIPAA Penetration Testing Requirement 2026: Senate HELP Committee Advances Bill
The Senate HELP Committee advanced a healthcare cybersecurity bill that includes penetration testing as a minimum standard for HIPAA-regulated entities. Combined with the 2026 HIPAA Security Rule update, annual pentesting is quickly becoming a requirement you can plan for now.
Six Exploited Zero-Days in One Patch Tuesday: How I Triage Microsoft’s February 2026 Updates
February 2026 Patch Tuesday shipped with six exploited zero-days. This is how I prioritize patches, tighten controls, and hunt for the boring indicators that usually show up right before ransomware.
Cyber Insurance Now Requires Penetration Testing. Are You Ready?
Cyber insurance carriers are tightening requirements in 2026. MFA, EDR, and penetration testing are now table stakes. Here is what your business needs to qualify for coverage.
Small Businesses Are the #1 Target for Cyberattacks in 2025 to 2026. Here's What to Do.
Small businesses are targeted because attackers can automate phishing, credential theft, and ransomware at scale. Learn the practical controls that cut risk fast, plus when to use a pentest and vCISO retainer.
Chrome Zero-Day CVE-2026-2441: What Your Business Needs to Do Right Now
A critical Chrome zero-day is being actively exploited in the wild. Here is what CVE-2026-2441 means for your organization and the steps you need to take immediately.
External vs Internal Penetration Testing: What's the Difference and Why You Need Both
Most companies only do external pentesting. Learn why internal testing is equally important and why PCI DSS 4.0 now requires both.
New HIPAA Rules Will Require Annual Pentesting
HHS has proposed a major update to the HIPAA Security Rule that would mandate annual penetration testing for all covered entities and business associates, regardless of size.
5 Signs Your Company Needs a Penetration Test
Not sure if your company needs a pentest? Here are five clear indicators that it is time to get a professional penetration test.