FISA

  What's Happening? U.S. cybersecurity and intelligence agencies, including the FBI and CISA, have issued a formal warning confirming that Iranian-affiliated threat actors are actively targeting internet-facing Operational Technology (OT) devices, specifically Programmable Logic Controllers (PLCs), deployed across critical infrastructure sectors in the United States. The consequences are real and already documented: degraded PLC functionality, falsified readings on industrial control screens, operational disruptions, and in some cases, direct financial losses. Who Is Being Targeted and How? The attacks are focused on Rockwell Automation and Allen-Bradley PLC devices, particularly CompactLogix and Micro850 models. The targeted sectors include: Government services and facilities Water and Wastewater Systems (WWS) Energy infrastructure The attack method is methodical. The threat actors leveraged third-party hosted infrastructure combined with legitimate engineering software,...

Security teams have been talking about alert fatigue for years. And yet, for many SOCs, the problem isn’t getting better. It’s getting worse. As environments expand across cloud, SaaS, identity, and legacy systems, analysts are flooded with signals that all demand attention but rarely arrive with enough context to act quickly. Staffing shortages only amplify the issue. The result is a SOC stuck reacting to noise instead of responding to real risk. Recent industry research reinforces what analysts already know. False positives remain one of the top challenges in detection and response, and many analysts encounter low-value alerts so frequently that it slows investigations and contributes directly to burnout. Alert fatigue isn’t just an efficiency problem. It’s an operational risk. Why alert fatigue persists, and why it’s not your fault Alert fatigue isn’t a reflection of weak analysts or underperforming teams. It’s the outcome of security models that haven’t kept pace with modern compl...

  Last week, the industry learned that Anthropic was developing Claude Capybara, also called Mythos, a powerful new AI model with substantially improved capabilities in vulnerability discovery, exploit development, and multi-step attack reasoning. While the details emerged through a data leak rather than a formal launch, the market response was unmistakable: AI has crossed a critical cyber security threshold. The frontier models are accelerating attack lifecycles and will enable attackers to identify and exploit vulnerabilities at scale, speed and through novel methods that previously were the domain of advanced nation state entities. For security leaders, this development is both a warning and a call to action. It crystallizes a trend we’ve been closely monitoring and preparing for: the democratization and industrialization of cyber attacks. Two Structural Shifts Redefining Cyber Risk Claude Mythos is the early signal of two profound shifts in the threat landscape: 1.  ...

  AI assistants like ChatGPT have quickly become trusted environments for handling some of the most sensitive data people own. Users discuss medical symptoms, upload financial records, analyze contracts, and paste internal documents—often assuming that what they share remains safely contained within the platform.   That assumption was challenged when new research uncovered a previously unknown vulnerability that enabled silent data leakage from ChatGPT conversations without user knowledge or consent. While the issue has since been fully resolved by OpenAI, the discovery delivers a much broader lesson for enterprises and security leaders: AI tools should not be assumed secure by default.   Just as organizations learned not to blindly trust cloud providers, the same logic now applies to AI vendors. Native security does not equal sufficient security. AI requires an independent security layer on top.   From Trusted Assist...

  What's Happening? Security researchers at VulnCheck have confirmed that malicious actors are actively exploiting a critical vulnerability in Flowise, a popular open-source platform used to build AI agents and workflows. The flaw carries the highest possible severity rating, a CVSS score of 10.0, meaning it requires no special privileges to exploit and can result in complete system compromise. The Vulnerability: CVE-2025-59528 The flaw, tracked as CVE-2025-59528, is a code injection vulnerability residing in Flowise's CustomMCP node, a component that lets users configure connections to external Model Context Protocol (MCP) servers. The problem lies in how the node processes user-provided configuration strings: it executes JavaScript code embedded in those strings without any security validation whatsoever. Because Flowise runs with full Node.js runtime privileges, a successful attacker gains access to powerful system modules including: child_process — enabling arbi...

  What Happened Solana-based decentralized exchange Drift confirmed that attackers drained approximately $285 million from the platform on April 1, 2026. The attack was notable for what it  wasn't : Drift stated the breach did not exploit a vulnerability in its programs or smart contracts, and there is no evidence of compromised seed phrases.  Instead, it was a sophisticated social engineering operation. The attackers obtained sufficient multisig approvals and executed a malicious admin transfer within minutes to gain control of protocol-level permissions, ultimately using that access to introduce a malicious asset and remove all pre-set withdrawal limits. How the Attack Worked Drift described the incident as involving "unauthorized or misrepresented transaction approvals obtained prior to execution, likely facilitated through durable nonce mechanisms." Preparations for the hack were underway as early as March 23, 2026 — more than a week before execution.  ...

  Executive Summary The next major breach hitting an organization probably won't come from inside its own walls. It'll arrive through a trusted vendor, a SaaS tool a business unit quietly adopted, or a subcontractor nobody in IT knows about. That's the new attack surface — and most organizations are underprepared for it. The Perimeter Has Dissolved Traditional cybersecurity strategy revolved around a defined boundary: firewalls, endpoint controls, identity management. That model no longer reflects reality. Today, client data lives in third-party SaaS applications, flows through vendor APIs, and is processed by subcontractors that internal IT teams may not even be aware of. The numbers back this up. The 2025 Verizon Data Breach Investigations Report found third parties involved in 30% of all breaches. IBM's 2025 Cost of a Data Breach Report puts the average remediation cost of a third-party breach at $4.91 million. This is no longer an edge case — it's a core fe...