The Mandos Brief gives you a quick, 3-minute rundown of the week's top cybersecurity updates. It's your go-to source for staying informed and cyber-aware, fast.
Initial Access Brokers surge 90% targeting smaller US companies. Machine identities now outnumber humans 80 while most orgs lack AI security controls.
LayerX researchers expose "Man-in-the-Prompt" attacks turning AI assistants into hacking copilots. CISA releases zero trust microsegmentation guidance as Python skills become mandatory for 50%+ of cyber jobs.
RomCom exploits WinRAR zero-day for malware deployment. North Korean UNC4899 steals millions in cryptocurrency through sophisticated cloud attacks.
Auto-Color backdoor exploits SAP NetWeaver via CVE-2025-31324 targeting US chemicals company. Cursor IDE vulnerability enables full RCE through prompt injection attacks.
Scattered Spider resurfaces with $592M in damages across 11 major attacks. Nigerian cybercrime ring targets aviation execs with six-figure BEC losses.
Critical NVIDIA vulnerability enables container escape with 3-line Dockerfile. Amazon launches enterprise AI agent platform. Scattered Spider causes $592M damage across 11 attacks.
Major breaches hit McDonald's hiring platform and Louis Vuitton UK. Researchers discover systematic LLM agent vulnerabilities.
Attackers increasingly weaponize legitimate tools in 84% of incidents. Ransomware recovery costs plummet to $1.53M. Financial sector faces strategic DDoS campaigns with 23% spike in app-layer attacks.
Major development platforms compromised via extensions marketplace. AI systems vulnerable to data exfiltration attacks. Global leaders rank cyber as top business threat.
Join security leaders who receive knowledge and resources on becoming a more effective security leader. One actionable newsletter every week.
Trusted by security professionals at
