AI Agent Security Risks in 2026: A Practitioner's Guide
Gartner predicted in 2021 that 45% of organisations would experience software supply chain attacks by 2025. The reality exceeded their
UK Government Slashes Cyber Fix Times by 84%
Published March 2026
The UK government's Vulnerability Monitoring Service (VMS) is a centrally funded scanning service that continuously
Two Notepad Attacks in One Week: Your Tools Are the Target
Software supply chain attacks more than doubled in 2025, with developer workstations identified as high-value targets across multiple industry reports
OpenClaw Security Risks: The AI Agent Threat Explained
Updated March 1, 2026: Added ClawHavoc final campaign data (1,184+ malicious skills), six new CVEs from Endor Labs (nine
Notepad++ Compromised for 6 Months: Check Your Version Now
Notepad++ update servers were compromised from June through December 2025 by a Chinese state-sponsored threat group. The attackers hijacked the
CVE-2026-24858: The Fortinet Patch That Wasn't
Organisations running the latest FortiOS firmware, fully patched against December's critical SSO bypass, still got compromised in January.
What is ClickFix? The Social Engineering Attack That Became the #1 Initial Access Method
Updated March 2026: Added CrashFix variant, DNS-based delivery, MIMICRAT campaign, and compromised Chrome extension attacks from Q1 2026.
ClickFix is
MongoBleed Exploit: The MongoDB Memory Leak Hitting 87,000 Servers
Updated January 10, 2026: CISA's remediation deadline for federal agencies is January 19. Ubuntu has retracted its claim
CVE-2025-55182: React2Shell Detection and Fix Guide
UPDATE (Jan 1, 2026): RondoDox botnet now weaponizing React2Shell. Shadowserver reports 90,300 instances still vulnerable. Multiple nation-state actors actively
