CVE-2026-39808 is a critical unauthenticated RCE vulnerability in FortiSandbox 4.4.0–4.4.8 with a public PoC exploit. Security teams must patch immediately, audit logs, and inspect web root directories for signs of prior exploitation. … More CVE-2026-39808: FortiSandbox PoC Exploit Released — What Security Teams Must Do Now
Russian authorities dismantled LeakBase, a marketplace hosting hundreds of millions of stolen credentials. The platform re-emerged within days — underscoring why security teams must treat credential compromise as a baseline condition, not an exceptional event. … More LeakBase Taken Down: What the Dismantling of a Major Credential Marketplace Means for Security Teams
Pay2Key has re-emerged as a Linux-capable RaaS operation targeting ESXi, cloud workloads, and enterprise servers. One compromised hypervisor can cascade into an enterprise-wide outage. Here’s how to harden your Linux estate against this threat. … More Pay2Key Linux Ransomware: Why Your ESXi Hosts and Cloud Workloads Are Now Prime Targets
OpenAI's GPT-5.4 Mini and Nano accelerate the democratisation of capable AI. Lightweight AI at scale raises pressing questions about prompt injection, threat actor capability uplift, and AI governance. … More OpenAI’s GPT-5.4 Mini and Nano: Security Implications of Lightweight AI at Scale
Reverse engineering — analysing binaries to understand their behaviour — is an increasingly essential security skill in a world of rapidly evolving malware, supply chain attacks, and AI-generated threats. This post covers the core concepts, toolchain, and learning path for security professionals. … More Applied Reverse Engineering for Security Professionals: Why This Skill Is More Relevant Than Ever
