Real-world incidents, breaking threats, and what they mean for critical infrastructure and OT security.
The npm maintainer account for axios was compromised on March 31, 2026. Two malicious versions were published. Check your lockfiles and block sfrclak.com immediately.
Hospitals in the Iran conflict are being targeted with hidden spyware. The line between cyber and kinetic is gone. What does that mean for critical infrastructure operators outside active conflict zones?
A Sandworm attack in December 2025 hit 30 Polish energy facilities, permanently damaged ICS devices, and left operators blind across the grid. Initial access: default credentials on a FortiGate firewall.
Attackers impersonated a legitimate open-source tool on GitHub and pushed infostealers via Bing AI search results. The breach didn’t start with a firewall failure. It started with a search result.
New research shows most attacks on cyber-physical systems used basic remote access tools to reach exposed HMI and SCADA systems — not zero-days. The entry point was visibility, not sophistication.
Mandiant M-Trends 2026 shows attackers using AI to accelerate reconnaissance. The question worth asking: what does your defense look like when the recon window shrinks from weeks to hours?