Python Infostealers Hit macOS While Google Looker Faces Critical Cross-Tenant Vulnerabilities

The threat landscape just got more interesting for those of us defending multi-platform environments. This week brought some eye-opening developments that highlight how attackers are expanding their reach beyond traditional Windows targets, while also serving up a reminder that even enterprise-grade platforms aren’t immune to serious security flaws.

Attackers Branch Out to macOS with Python-Based Infostealers

Microsoft’s Defender Security Research Team dropped some concerning intelligence about information-stealing attacks rapidly expanding to target Apple macOS environments. What makes this particularly noteworthy isn’t just the platform shift – it’s the methodology behind it.

When Governments Get Breached and SolarWinds Gets Hit Again: This Week’s Security Reality Check

Coffee’s getting cold as I write this, but these stories from this week are too important to wait. We’ve got a massive government data breach claim in Mexico, SolarWinds back in the vulnerability spotlight (again), and some fascinating insights into why incident response teams succeed or fail in those crucial first moments.

Mexico’s 36 Million Person Question Mark

A hacktivist group is claiming they’ve stolen 2.3 terabytes of data from the Mexican government, potentially exposing information on 36 million citizens. That’s roughly a quarter of Mexico’s entire population. The government’s response? Essentially “nothing sensitive here, move along.”

Critical n8n Vulnerabilities and Rising Nation-State Threats: What Security Teams Need to Know This Week

If you’ve been following the security news this week, you’ve probably noticed a few stories that deserve our immediate attention. While we’re seeing some positive developments in identity management and industry expansion, there are also some concerning vulnerabilities and threat predictions that we need to discuss.

Two Critical Flaws Put AI Workflows at Risk

Let’s start with the most urgent issue: Pillar Security just discovered two critical vulnerabilities in n8n, the popular AI workflow automation platform. These aren’t your typical bugs – we’re talking about flaws that could lead to complete system takeover, supply chain compromise, and credential harvesting.

AI-Powered Phishing Doubles While Microsoft Finally Gives Windows 11 Built-in Sysmon

I’ve been watching some interesting developments unfold in our corner of the security world, and there are a few stories that really caught my attention this week. The biggest one? AI is absolutely changing the phishing game, and not in a good way for us defenders.

The AI Phishing Problem Gets Real

Cofense just dropped some sobering numbers showing that AI has literally doubled the volume of phishing attacks over the past year. But here’s what really worries me – it’s not just about quantity anymore. These AI-generated phishing emails are becoming genuinely sophisticated and personalized in ways that would have taken human attackers hours to craft.

When Your Security Tools Become the Attack Vector: This Week’s Supply Chain Wake-Up Call

You know that sinking feeling when you realize the tools meant to protect you might be working against you? This week delivered a particularly sobering reminder of just how fragile our security infrastructure can be, with attackers successfully compromising antivirus update servers and finding creative new ways to abuse legitimate platforms.

The eScan Breach: When Protection Becomes Infection

The biggest story this week has to be the compromise of eScan’s update infrastructure. Unknown attackers managed to hijack the legitimate update mechanism for this Indian antivirus solution, pushing multi-stage malware directly to enterprise and consumer systems that thought they were getting security patches.

When Default Passwords Meet Nation-States: Why February’s Security Wake-Up Calls Hit Different

I’ve been staring at this week’s security news, and honestly, it feels like we’re watching several different movies play out simultaneously – and none of them have happy endings. From AI tools quietly shipping code to China to nation-state actors exploiting the most basic security failures, February 2nd delivered a reality check that’s worth unpacking.

The Poland Attack: When Basic Security Hygiene Becomes a National Security Issue

Let’s start with what should be the most shocking story, but somehow isn’t anymore. Poland’s CERT released details about attackers hitting their energy infrastructure using – wait for it – default credentials on industrial control systems.

Supply Chain Attacks Hit Developer Tools Hard: What the Notepad++ and VSCode Incidents Tell Us

If you thought supply chain attacks were just about big enterprise software, this week’s news should change your mind. We’re seeing attackers go after the everyday tools developers use – and they’re getting frighteningly good at it.

The most concerning story comes from the Notepad++ compromise, where Chinese state-sponsored hackers managed to hijack the popular code editor’s update mechanism for six months. Six months! That’s not a quick hit-and-run – that’s a sustained, strategic operation targeting one of the most trusted tools in a developer’s toolkit.

When Security Goes Wrong: From Jailed Pen Testers to Supply Chain Attacks

You know that sinking feeling when you realize your perfectly legitimate security test might look suspicious to someone watching? Well, imagine that “someone” is law enforcement, and instead of a quick explanation, you end up spending time in jail. That’s exactly what happened to two penetration testers in Iowa back in 2019, and the fallout is still making waves in our community.

Supply Chain Attacks Are Getting Personal: What This Week’s Incidents Tell Us About Our Blind Spots

I’ve been tracking several concerning incidents from this week that paint a pretty clear picture of where attackers are focusing their efforts in 2026. What’s particularly striking is how these campaigns are targeting the tools we trust most – from our development environments to our file sharing services – while simultaneously getting more aggressive in their extortion tactics.

That Record-Breaking 31.4 Tbps DDoS Attack Should Change How We Think About Defense

I’ll be honest – when I first saw the numbers from December’s Aisuru/Kimwolf botnet attack, I had to double-check them. 31.4 terabits per second. That’s not just a new record; it’s a quantum leap that makes our previous understanding of “massive” DDoS attacks look quaint.

For context, the previous record was around 3.47 Tbps. We’re talking about a roughly 900% increase in attack volume. To put that in perspective, 31.4 Tbps is equivalent to downloading the entire contents of Netflix’s catalog in about 30 seconds. When threat actors can marshal that kind of firepower, we need to seriously reconsider our defensive strategies.