Information

ESET Threat Report H1 2026

ESET Research Threat Reports A view of the H1 2026 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. Jiří Kropáč 08 Jul 2026  •  , 2 min. read The first half of 2026 shows how attackers continue to improve the efficiency and scalability of their operations. Rather than relying on entirely new methods and tools, they are quickly adapting established techniques to new platforms, technologies,…

Read More

QIZ Security Raises $17 Million for Cryptographic Governance Platform

Israeli startup QIZ Security announced on Thursday that it has raised $17 million in seed funding for its cryptographic posture and post-quantum cryptography (PQC) management platform. The funding round was led by Bessemer Venture Partners and Merlin Ventures, with participation from Evolution Equity Partners, Qbeat Ventures, Singtel Innov8, and Qino Cyber Capital.  The investment will be used to accelerate the company’s growth and enhance its platform. QIZ Security has developed a platform designed to help…

Read More

Accenture Confirms Data Breach After Hacker Claims Source Code Theft

Professional services giant Accenture confirmed a data breach after a hacker claimed the theft of internal source code from the company. The incident came to light this week, when a threat actor boasted on the hacker forum PwnForums about compromising Accenture and stealing 35 gigabytes of data. According to the hacker, the information, including Azure access keys and tokens, configuration files, RSA and SSH keys, and source code, was exfiltrated from Accenture earlier this month.…

Read More

Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names. The X/Twitter account IRIS C2 (@C2IRIS) has gained more than 4,000 followers since its creation in January 2025, posting frequently about security vulnerabilities, AI and software exploits. IRIS C2…

Read More

CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) is using Anthropic’s powerful Mythos AI model to scan and audit federal government software for security vulnerabilities, according to a report from Reuters. Citing three sources familiar with the matter, Reuters reported that CISA is utilizing Mythos to scan code repositories across federal agencies. The operation aims to proactively discover and patch security bugs that could otherwise be exploited by foreign intelligence agencies and cybercriminals. The audits are…

Read More

The Shift Toward Business-Aligned Risk Management

In the movie Moneyball, the Oakland A’s didn’t need more data; they needed to know which data actually won games. Risk assessment data has the same problem. A CVSS score of 9.1 might mean little to a CFO; the fact that it represents a vulnerability in a payment system processing $2 million daily means a great deal. This data must therefore link to information about operational disruptions that can cause financial loss, product delays, or…

Read More

Cyber readiness for SMBs: Getting the basics right

Business Security AI is changing cybercrime, but SMB cyber readiness still largely depends on closing the familiar gaps Phil Muncaster 03 Jul 2026  •  , 5 min. read AI is changing attackers’ toolkits. It can help criminals write better lures, scale social engineering and speed up reconnaissance, all while generally lowering the barrier to entry for less skilled attackers. Organizations are right to pay attention, especially because malicious use of AI makes old gaps a…

Read More

In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting

SecurityWeek’s cybersecurity news weekly roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Anonymous-linked hacker Aubrey Cottle jailed over Texas GOP cyberattack Aubrey Cottle,…

Read More

Agentic AI Used to Conduct Ransomware Attack via Langflow

A threat actor exploited a vulnerability in Langflow to access an organization’s instance and abuse it in an agentic ransomware attack, cloud security firm Sysdig reports. Langflow is a Python-based, LLM-agnostic open source framework used for building LLM-driven applications and agent workflows. As part of the attack, a threat actor tracked as JadePuffer gained access to an internet-exposed Langflow instance through the exploitation of CVE-2025-3248 (CVSS score of 9.8), a critical missing authentication vulnerability disclosed…

Read More

Medtronic Data Breach Impacts 3.8 Million People

Medical technology giant Medtronic is notifying more than 3.8 million individuals that their personal and medical information was compromised in a recent data breach. The incident occurred in April 2026, when the infamous extortion group ShinyHunters accessed the company’s corporate IT systems. Medtronic confirmed the attack in late April, noting that its products and manufacturing and distribution operations were not affected. ShinyHunters had added the company to its Tor-based leak site on April 17, claiming…

Read More