Python Infostealers Hit macOS While Google Looker Faces Critical Cross-Tenant Vulnerabilities

The threat landscape just got more interesting for those of us defending multi-platform environments. This week brought some eye-opening developments that highlight how attackers are expanding their reach beyond traditional Windows targets, while also serving up a reminder that even enterprise-grade platforms aren’t immune to serious security flaws.

Attackers Branch Out to macOS with Python-Based Infostealers

Microsoft’s Defender Security Research Team dropped some concerning intelligence about information-stealing attacks rapidly expanding to target Apple macOS environments. What makes this particularly noteworthy isn’t just the platform shift – it’s the methodology behind it.

Critical n8n Vulnerabilities and Rising Nation-State Threats: What Security Teams Need to Know This Week

If you’ve been following the security news this week, you’ve probably noticed a few stories that deserve our immediate attention. While we’re seeing some positive developments in identity management and industry expansion, there are also some concerning vulnerabilities and threat predictions that we need to discuss.

Two Critical Flaws Put AI Workflows at Risk

Let’s start with the most urgent issue: Pillar Security just discovered two critical vulnerabilities in n8n, the popular AI workflow automation platform. These aren’t your typical bugs – we’re talking about flaws that could lead to complete system takeover, supply chain compromise, and credential harvesting.

AI-Powered Phishing Doubles While Microsoft Finally Gives Windows 11 Built-in Sysmon

I’ve been watching some interesting developments unfold in our corner of the security world, and there are a few stories that really caught my attention this week. The biggest one? AI is absolutely changing the phishing game, and not in a good way for us defenders.

The AI Phishing Problem Gets Real

Cofense just dropped some sobering numbers showing that AI has literally doubled the volume of phishing attacks over the past year. But here’s what really worries me – it’s not just about quantity anymore. These AI-generated phishing emails are becoming genuinely sophisticated and personalized in ways that would have taken human attackers hours to craft.

When Default Passwords Meet Nation-States: Why February’s Security Wake-Up Calls Hit Different

I’ve been staring at this week’s security news, and honestly, it feels like we’re watching several different movies play out simultaneously – and none of them have happy endings. From AI tools quietly shipping code to China to nation-state actors exploiting the most basic security failures, February 2nd delivered a reality check that’s worth unpacking.

The Poland Attack: When Basic Security Hygiene Becomes a National Security Issue

Let’s start with what should be the most shocking story, but somehow isn’t anymore. Poland’s CERT released details about attackers hitting their energy infrastructure using – wait for it – default credentials on industrial control systems.

Supply Chain Attacks Hit Developer Tools Hard: What the Notepad++ and VSCode Incidents Tell Us

If you thought supply chain attacks were just about big enterprise software, this week’s news should change your mind. We’re seeing attackers go after the everyday tools developers use – and they’re getting frighteningly good at it.

The most concerning story comes from the Notepad++ compromise, where Chinese state-sponsored hackers managed to hijack the popular code editor’s update mechanism for six months. Six months! That’s not a quick hit-and-run – that’s a sustained, strategic operation targeting one of the most trusted tools in a developer’s toolkit.

When Security Goes Wrong: From Jailed Pen Testers to Supply Chain Attacks

You know that sinking feeling when you realize your perfectly legitimate security test might look suspicious to someone watching? Well, imagine that “someone” is law enforcement, and instead of a quick explanation, you end up spending time in jail. That’s exactly what happened to two penetration testers in Iowa back in 2019, and the fallout is still making waves in our community.

Supply Chain Attacks Are Getting Personal: What This Week’s Incidents Tell Us About Our Blind Spots

I’ve been tracking several concerning incidents from this week that paint a pretty clear picture of where attackers are focusing their efforts in 2026. What’s particularly striking is how these campaigns are targeting the tools we trust most – from our development environments to our file sharing services – while simultaneously getting more aggressive in their extortion tactics.

That Record-Breaking 31.4 Tbps DDoS Attack Should Change How We Think About Defense

I’ll be honest – when I first saw the numbers from December’s Aisuru/Kimwolf botnet attack, I had to double-check them. 31.4 terabits per second. That’s not just a new record; it’s a quantum leap that makes our previous understanding of “massive” DDoS attacks look quaint.

For context, the previous record was around 3.47 Tbps. We’re talking about a roughly 900% increase in attack volume. To put that in perspective, 31.4 Tbps is equivalent to downloading the entire contents of Netflix’s catalog in about 30 seconds. When threat actors can marshal that kind of firepower, we need to seriously reconsider our defensive strategies.

When Gaming Mods Meet Corporate Networks: Why Your Security Perimeter Just Got More Complicated

You know that feeling when you think you’ve got your security boundaries figured out, and then reality comes along to remind you otherwise? That’s exactly what happened this week as we watched everything from Chinese APT groups upgrading their toolkits to kids’ gaming mods becoming corporate security nightmares.

Let me walk you through what caught my attention in the security world lately, because some of these developments are going to change how we think about protecting our organizations.

MongoDB Attacks and Million-Device Botnets: Why Basic Security Still Matters Most

I’ve been watching the security news this week, and honestly, it feels like we’re stuck in a time loop. While everyone’s talking about AI threats and nation-state actors, cybercriminals are still making bank from the same fundamental mistakes we’ve been warning about for years.

The MongoDB Problem That Won’t Go Away

Let’s start with something that should be ancient history by now: exposed MongoDB instances getting hit by extortion attacks. I know, I know – we’ve been talking about securing database deployments since MongoDB first hit the scene. But here we are in 2026, and threat actors are still running automated scripts to find unsecured instances, steal the data, wipe the databases, and demand relatively small ransoms for restoration.