Right now, the biggest stories for cybersecurity professionals: Zero-days and KEV alerts force urgent enterprise patching; Microsoft security gets tested by zero-days and phishing; AI is reshaping SIEM and SOC operations fast — and 2 more. Real stories, real sources, updated every few hours. Not generated guesses.
vulnerability-managementhigh engagement
Zero-days and KEV alerts force urgent enterprise patching
A concentrated vulnerability-response wave spans multiple high-value enterprise and infrastructure products. Signals include Microsoft Defender's RoguePlanet zero-day, Oracle PeopleSoft exploitation in ransomware attacks, Fortinet FortiSandbox vulnerabilities being targeted in the wild, VMware CVEs entering CISA KEV, Joomla added to KEV, Splunk Enterprise pre-auth RCE, Tanium Connect RCE, and CISA-driven prioritization of actively exploited vulnerabilities.
Draft a post from this →microsoft-securityhigh engagement
Microsoft security gets tested by zero-days and phishing
Microsoft's security stack is in the spotlight from multiple angles: Intune endpoint governance, Defender email and endpoint positioning, Defender for Cloud guidance, and the RoguePlanet zero-day affecting Defender. The cluster also includes a device-code phishing campaign against Microsoft 365, showing how Microsoft's identity, endpoint, and mail defenses are being tested in practice and debated in the market.
Draft a post from this →siemhigh engagement
AI is reshaping SIEM and SOC operations fast
Major security operations platforms are competing on AI assistance, detection quality, and workflow automation. Google touts its SIEM leadership and SOC agents, CrowdStrike highlights XDR and next-gen SIEM momentum, Elastic earns XDR recognition, Databricks acquires Panther to build a security lakehouse, and Securonix and Splunk-related tools reinforce the shift toward AI-assisted SOC triage and incident response.
Draft a post from this →identity-securityhigh engagement
Identity security races to control AI agents and browsers
Identity vendors are retooling access governance for a world of AI agents and browser-mediated workflows. Okta expands partnerships with Google Cloud and SpyCloud, SailPoint launches AI tools for identity cloud migration, Opal adds AI-guided access reviews, 1Password acquires Apono for credential brokering and just-in-time access, and CrowdStrike launches Continuous Identity for AI agents.
Draft a post from this →ransomwaremedium engagement
Attackers keep hiding malware in trusted enterprise channels
Attack reporting shows ransomware and intrusion operators using more stealthy delivery and lateral movement patterns. Coverage includes DragonForce hiding C2 in Microsoft Teams relays, OnionDrop delivering LegionLoader, ClickFix campaigns deploying loaders and RATs, Huntress detailing endpoint coverage gaps, and Mackay Sugar's ransomware disruption as real-world impact context.
Draft a post from this →