Python Infostealers Hit macOS While Google Looker Faces Critical Cross-Tenant Vulnerabilities

The threat landscape just got more interesting for those of us defending multi-platform environments. This week brought some eye-opening developments that highlight how attackers are expanding their reach beyond traditional Windows targets, while also serving up a reminder that even enterprise-grade platforms aren’t immune to serious security flaws.

Attackers Branch Out to macOS with Python-Based Infostealers

Microsoft’s Defender Security Research Team dropped some concerning intelligence about information-stealing attacks rapidly expanding to target Apple macOS environments. What makes this particularly noteworthy isn’t just the platform shift – it’s the methodology behind it.

Critical n8n Vulnerabilities and Rising Nation-State Threats: What Security Teams Need to Know This Week

If you’ve been following the security news this week, you’ve probably noticed a few stories that deserve our immediate attention. While we’re seeing some positive developments in identity management and industry expansion, there are also some concerning vulnerabilities and threat predictions that we need to discuss.

Two Critical Flaws Put AI Workflows at Risk

Let’s start with the most urgent issue: Pillar Security just discovered two critical vulnerabilities in n8n, the popular AI workflow automation platform. These aren’t your typical bugs – we’re talking about flaws that could lead to complete system takeover, supply chain compromise, and credential harvesting.

AI-Powered Phishing Doubles While Microsoft Finally Gives Windows 11 Built-in Sysmon

I’ve been watching some interesting developments unfold in our corner of the security world, and there are a few stories that really caught my attention this week. The biggest one? AI is absolutely changing the phishing game, and not in a good way for us defenders.

The AI Phishing Problem Gets Real

Cofense just dropped some sobering numbers showing that AI has literally doubled the volume of phishing attacks over the past year. But here’s what really worries me – it’s not just about quantity anymore. These AI-generated phishing emails are becoming genuinely sophisticated and personalized in ways that would have taken human attackers hours to craft.

When Default Passwords Meet Nation-States: Why February’s Security Wake-Up Calls Hit Different

I’ve been staring at this week’s security news, and honestly, it feels like we’re watching several different movies play out simultaneously – and none of them have happy endings. From AI tools quietly shipping code to China to nation-state actors exploiting the most basic security failures, February 2nd delivered a reality check that’s worth unpacking.

The Poland Attack: When Basic Security Hygiene Becomes a National Security Issue

Let’s start with what should be the most shocking story, but somehow isn’t anymore. Poland’s CERT released details about attackers hitting their energy infrastructure using – wait for it – default credentials on industrial control systems.

Supply Chain Attacks Hit Developer Tools Hard: What the Notepad++ and VSCode Incidents Tell Us

If you thought supply chain attacks were just about big enterprise software, this week’s news should change your mind. We’re seeing attackers go after the everyday tools developers use – and they’re getting frighteningly good at it.

The most concerning story comes from the Notepad++ compromise, where Chinese state-sponsored hackers managed to hijack the popular code editor’s update mechanism for six months. Six months! That’s not a quick hit-and-run – that’s a sustained, strategic operation targeting one of the most trusted tools in a developer’s toolkit.

Supply Chain Attacks Are Getting Personal: What This Week’s Incidents Tell Us About Our Blind Spots

I’ve been tracking several concerning incidents from this week that paint a pretty clear picture of where attackers are focusing their efforts in 2026. What’s particularly striking is how these campaigns are targeting the tools we trust most – from our development environments to our file sharing services – while simultaneously getting more aggressive in their extortion tactics.

When Gaming Mods Meet Corporate Networks: Why Your Security Perimeter Just Got More Complicated

You know that feeling when you think you’ve got your security boundaries figured out, and then reality comes along to remind you otherwise? That’s exactly what happened this week as we watched everything from Chinese APT groups upgrading their toolkits to kids’ gaming mods becoming corporate security nightmares.

Let me walk you through what caught my attention in the security world lately, because some of these developments are going to change how we think about protecting our organizations.

When Cloud Backups Become Attack Vectors: The Marquis-SonicWall Connection Shows Why Third-Party Risk Matters More Than Ever

We’ve all been there – explaining to management why we need to audit every single vendor in our supply chain. Well, the recent Marquis Software Solutions incident gives us a perfect case study for why those conversations matter so much.

The Domino Effect That Hit Dozens of Financial Institutions

Here’s what happened: Marquis Software Solutions, a Texas-based financial services provider, suffered a ransomware attack in August 2025 that rippled through dozens of U.S. banks and credit unions. But here’s the kicker – Marquis is pointing the finger at a SonicWall cloud backup breach that wasn’t even disclosed until a month after their attack.

ShinyHunters’ New SSO Tricks and Why Traditional MFA Isn’t Enough Anymore

I’ve been digging through this week’s security news, and there’s one story that really caught my attention – not just because it’s technically interesting, but because it shows how attackers are getting frighteningly good at bypassing what we thought were solid defenses.

Mandiant’s latest research reveals that ShinyHunters has been running a sophisticated campaign targeting SSO credentials through voice phishing and company-branded phishing sites. What makes this particularly concerning is how they’re not just stealing passwords – they’re capturing MFA codes in real-time and using them to access cloud environments.

When Nation-States Hit Wind Farms and Google Engineers Go Rogue: This Week’s Security Reality Check

The past few days have served up a particularly sobering reminder that cyber threats don’t take weekends off. While we were dealing with the usual phishing campaigns and patch cycles, some significantly more concerning events were unfolding that deserve our attention.

Poland’s Energy Grid Under Coordinated Attack

Let’s start with what might be the most significant story: CERT Polska revealed that coordinated cyber attacks hit over 30 wind and solar farms on December 29, 2025. This wasn’t some script kiddie testing their skills – we’re talking about a systematic campaign that also targeted a manufacturing company and a combined heat and power plant serving nearly half a million customers.