The Mandos Brief gives you a quick, 3-minute rundown of the week's top cybersecurity updates. It's your go-to source for staying informed and cyber-aware, fast.
TeamPCP compromised the Telnyx Python SDK on PyPI using audio steganography, partnered with LAPSUS$ and a ransomware group, and turned developer tools into entry points for extortion campaigns.
Happy Sunday! In this week's brief: * Trivy CanisterWorm Supply Chain Attack: A self-spreading worm infected 47 npm packages using blockchain-based C2, harvesting developer tokens to automatically compromise entire package ecosystems. Time to audit those postinstall hooks. * Stryker Wiper Attack: Iran-linked Handala group destroyed thousands of devices across 79
Happy Thursday! In this week's brief: * CrackArmor Linux Apocalypse: Nine vulnerabilities in AppArmor, hiding since 2017, let any unprivileged user escalate to root on 12.6 million enterprise Linux servers. Patch now. * AI Malware Is Real: IBM X-Force caught ransomware group Hive0163 deploying AI-generated malware in a live
Insider risk costs surge to $19.5M per org as shadow AI creates invisible data loss. CISA leadership in chaos during government shutdown.
WEF reports 87% of leaders flag AI as fastest-growing risk. Claroty raises $150M at $3B valuation with 2027 IPO planned.
Check Point just dropped $150 million on three Israeli startups in a single earnings call. That's on top of the $190 million Lakera AI deal two months ago.
77% of advanced email threats bypass Microsoft E3/E5 defenses. LLMjacking marketplace sells stolen AI access at 60% discount.
VS Code malware installs ScreenConnect RAT with Rust fallback mechanisms. AI cybercrime subscriptions start at $30/month enabling novice attackers. Automotive security market hits $28B by 2036.
First AI-generated malware framework VoidLink built in under a week with rootkit capabilities. 50% of SMBs already breached while only 34% have incident response plans. FortiGate SSO exploits create persistence accounts.
Join security leaders who receive knowledge and resources on becoming a more effective security leader. One actionable newsletter every week.
Trusted by CISOs, Founders, and Cybersecurity Builders
