Security Unlocked

Supply-Chain

Behavioral Security

Defenders Under Siege: How Adversaries Turned Security Tools Into Weapons This Week

Three incidents this week reveal the same strategic pattern: attackers turning trusted defensive infrastructure into weapons. Microsoft Defender zero-days, the Trivy scanner compromise that breached the European Commission, and UNC6783's live-chat social engineering all exploit a cognitive constant: defenders don't question the tools they depend on.

7 min read
Threat Intelligence

Mythos Finds Zero-Days. npm Found Three More.

The same week Anthropic unveiled an AI that autonomously finds zero-days, its own CLI shipped a CVSS 9.8 command injection, exposed by a debugging artifact that had been sitting in an npm package since March 31.

6 min read
Threat Intelligence

Trust Is the Exploit

From a six-month DPRK social engineering operation to mass exploitation of developer ecosystems, this week's threat landscape reveals that the most reliable attack surface is the trust we extend by default.

7 min read