The Mandos Brief gives you a quick, 3-minute rundown of the week's top cybersecurity updates. It's your go-to source for staying informed and cyber-aware, fast.
Socket discovers 60 malicious npm packages exfiltrating network data. Meta releases open-source LlamaFirewall to protect AI agents. FBI reports record $16.6B in cybercrime losses.
Chinese threat actors exploit critical SAP vulnerability across 581 systems. Anthropic CISO predicts AI virtual employees within a year. AI virtual employees pose new security challenges.
Cisco IOS XE controllers face CVSS 10.0 vulnerability allowing root access. GitHub Actions security recommendations following supply chain attacks. New Shadow MCP servers creating AI governance gaps.
Lazarus Group deploys triple malware threat through fake crypto companies. Dwell time increases for first time since 2010. Palo Alto Networks acquires Protect AI for $500+ million.
Executives targeted through fake Bloomberg invites exploiting Zoom's remote control feature. SMBs hit hard with 88% of breaches involving ransomware. Terra secures funding for AI penetration testing.
Task Scheduler vulnerabilities enable privilege escalation without user approval. Multi-layered phishing campaigns delivering Agent Tesla through evasion techniques. AI-related security incidents jumped 56.4% in 2024.
NVIDIA container escape flaw remains exploitable despite patching. Threat actors maintain access to FortiGate devices through symlinks. Microsoft addresses shadow AI risks with new enterprise security guide.
OpenAI increases bug bounties to $100K. Dragos reports 87% surge in industrial ransomware attacks. 80 security professionals replaced by AI they trained.
FBI alerts on malware via document converters. Research shows only 2-5% of security alerts need immediate action. Wiz launches searchable cloud vulnerability database