Asia's Cyber Insurance Market Shows Signs of Life
A new report by broker UIB and analytics firm CyberCube finds cyber‑insurance penetration in APAC remains below 6%, despite a surge in ransomware attacks. Large enterprises purchase modest limits, while fewer than 5% of SMEs have standalone policies. Adoption rates doubled between 2024 and 2025, indicating nascent growth. The soft market, marked by falling premiums, creates an opportunity for insurers as digitalisation expands the attack surface.
With Complex Cloud Integrations, Small Errors Lead to Major Compromises
Token Security researchers exposed a five‑step exploit that could have seized control of Zapier’s low‑code automation platform by leveraging an over‑permissive AWS Lambda role and lingering secrets. The chain began with custom code in Zapier’s sandbox, uncovered a misnamed “allow_nothing_role”,...
Nordic CISOs Handle Rising Cyber Threats Remarkably Well
Truesec’s 2026 Nordic CISO report finds that, despite a surge in overall cyber activity, 91% of surveyed CISOs say severe incident rates have remained flat since 2024. The average dwell time for attackers dropped dramatically from 53 days to just...
Latin American Cybercriminals Hoover Up Government Data
Latin American cybercriminal groups have made public administration the region's most‑breached sector, accounting for 21% of all breaches (543 incidents) in the past year. High‑profile compromises include Uruguay's Antel identity service, data theft from 25 Mexican agencies, and a wave...
AI-Assisted Exploit Development Outpaces Scanner Detection
Researchers at Cogent Security found that AI‑assisted exploit creation slashed the time needed to weaponize a disclosed vulnerability from 125 days in early 2025 to just 0.5 days by April 2026. The acceleration, driven by publicly available large language models that can read patch...
Microsoft Issues Out-of-Band SharePoint Patch
Microsoft issued an out‑of‑band update to fix a critical remote‑code‑execution flaw in SharePoint Server (CVE‑2026‑45659). The vulnerability carries an 8.8 CVSS score and can be exploited by an authenticated user with only low‑privilege site‑member rights. No public exploit has been...
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
Verizon’s 2026 Data Breach Investigations Report shows social engineering has re‑emerged as one of the top three breach patterns in healthcare, accounting for 81 % of incidents alongside system intrusion and miscellaneous errors. The surge is linked to attackers leveraging generative...
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments
China‑aligned APT group Webworm has pivoted from Asian targets to European government agencies, including Belgium, Italy, Serbia, Spain, Poland, and South Africa. In 2025 the group abandoned legacy malware for two novel backdoors—EchoCreep, which uses Discord, and GraphWorm, which exploits...
Google API Keys Remain Active After Deletion
Researchers at Aikido Security discovered that Google Cloud Platform API keys remain usable after deletion, with a median revocation window of about 16 minutes and a maximum of 23 minutes. The study showed wide variability across regions—some tests saw a...
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
Chinese state‑aligned APT groups have been deploying a Linux post‑exploitation framework called Showboat, also known as kworker, against telecommunications providers in Central Asia and beyond. The tool, observed in Afghanistan, Ukraine’s Donbas region and other low‑maturity markets, is shared among...
Content Delivery Exploit Opens Websites to Brand Hijacking
Researchers at ADAMnetworks have identified a new exploit called Underminr that lets attackers hijack brand‑trusted websites by manipulating DNS, SNI and Host fields, effectively bypassing CDN mitigations. The flaw affects roughly 42% of all domains worldwide and over half of...
GitHub Confirms Breach, 4K Internal Repos Stolen
GitHub disclosed that a malicious Visual Studio Code extension compromised an employee’s device, leading to the exfiltration of roughly 4,000 private internal repositories. The financially motivated group TeamPCP posted the stolen source code for sale on a dark‑web forum and...
_Brain_light_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Processes and Culture Top Reasons Behind Data Breaches
The Massachusetts Municipal Cybersecurity Summit highlighted a new state‑wide study showing persistent data‑breach gaps in 2024. Officials warned that weak passwords, missing multifactor authentication and poor patch management remain common across municipalities and private firms. Under‑reporting of incidents, especially by...
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
Verizon’s 2026 Data Breach Investigations Report warns that vulnerability exploitation surged 31% to become the leading initial‑access vector, while only 26% of critical flaws were fully remediated in 2025. The volume of detected vulnerabilities exploded, with records rising from 68.7 million...
CISA Exposes Secrets, Credentials in 'Private' Repo
GitGuardian researcher uncovered a public GitHub repository labeled “Private‑CISA” that belonged to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The repo, accessible since Nov 13 2025, contained 844 MB of sensitive data—including plain‑text passwords, AWS tokens, SAML certificates, CI/CD logs, and Kubernetes...