// Blog

Security Insights Blog

Expert insights, threat analysis, and cybersecurity best practices from our security research team

Supply Chain Apr 15, 2026

Developer Tool Supply Chain Risk: A Practical Guide

Why CI tools, scanners, and build dependencies keep turning up as attack vectors, and what actually works to reduce the blast radius when a trusted tool gets compromised.

Read Full Article

Threat Landscape Apr 15, 2026

How SMBs Became the Primary Ransomware Target

Verizon's 2025 DBIR shows SMBs had roughly four times more confirmed breaches than large organisations, and 88% of those involved ransomware. A look at why the shift happened and what reasonable defence looks like without a SOC.

Opinion Apr 10, 2026

Claude Mythos: Substance vs Coverage

Anthropic's Mythos model finds vulnerabilities at scale. The coverage was huge. But finding bugs and exploiting them are different problems, and these tools are available to everyone now.

Threat Intelligence Apr 9, 2026

CVE-2026-20160: Cisco SSM On-Prem Hands Out Root Because an Internal Service Wasn't Internal

Cisco patched a CVSS 9.8 unauthenticated RCE in Smart Software Manager On-Prem caused by an internal service that was reachable from the network it should never have seen.

Threat Intelligence Apr 6, 2026

Drift Protocol: How North Korea Stole $285 Million in 12 Minutes

A six-month social engineering operation by DPRK-linked hackers culminated in the largest DeFi hack of 2026. The attack combined fake tokens, manipulated oracles, and pre-signed transactions.

Threat Intelligence Apr 6, 2026

EU Commission Breach: When Your Security Scanner Is the Attack Vector

TeamPCP compromised the Trivy vulnerability scanner and used it to breach the European Commission's AWS environment. 340GB of data stolen, 29 EU entities affected.

Threat Intelligence Apr 2, 2026

CVE-2026-5281: Chrome's Fourth Zero-Day of 2026 Is a WebGPU Use-After-Free

Google patches an actively exploited use-after-free in Dawn, its WebGPU implementation. CISA added it to KEV the same day. All Chromium browsers affected.

Supply Chain Security Mar 31, 2026

Claude Code Source Leak: What It Teaches Us About Build Pipeline Security

Anthropic accidentally shipped source maps in their Claude Code npm package, exposing 512,000 lines of source code. A breakdown of what happened and how to prevent it.

Threat Intelligence Mar 30, 2026

CVE-2025-53521: F5 BIG-IP APM RCE Actively Exploited by Chinese State Actor

Critical F5 BIG-IP APM vulnerability reclassified from DoS to RCE. Linked to UNC5221, the Brickstorm backdoor, and a year-long breach of F5's own network. Patch now.

Security Testing Mar 26, 2026

DAST vs SAST vs Vulnerability Scanning: Understanding the Differences

A comprehensive guide comparing three application security testing approaches and how they work together to protect your organisation.

Threat Intelligence Mar 23, 2026

ShinyHunters Breach 400 Companies Through Salesforce Misconfigurations. What Went Wrong

ShinyHunters exploited misconfigured Salesforce Experience Cloud guest user permissions to steal data from hundreds of companies. Here's how it happened and what your team should do about it.

Threat Intelligence Mar 10, 2026

2026 Ransomware Trends: What CISOs Need to Know

Analysis of the latest ransomware tactics and strategic defense recommendations for enterprise security teams navigating an increasingly hostile threat landscape.

Vulnerability Management Mar 5, 2026

The Strategic Benefits of Automated Vulnerability Scanning in 2026

How automated vulnerability scanning transforms security operations, reduces risk exposure, and delivers measurable ROI. Updated with the latest 2026 data.