Industry news, vulnerability disclosures, compliance updates, and threat intelligence—handpicked for relevance to your environment.
Each item includes our perspective on why it matters to your security posture.
A new, separate cyberattack on Iran's banking IT provider Informatics Services Corporation knocked out card payment services nationwide.
Why it matters: Two distinct attacks on the same national banking infrastructure within two weeks point to either a persistent adversary or a systemic weakness that the first incident didn't fully address. If you depend on a shared infrastructure/IT provider across multiple institutions, make sure incident response and containment don't stop at 'patched the first attack' — verify the underlying access path is actually closed.
Read source →LastPass says customer contact data leaked via a breach at third-party vendor Klue, but vault contents and passwords remain unaffected.
Why it matters: The vault stayed safe, but names, emails, and phone numbers leaking through a support-tooling vendor is exactly the kind of exposure that fuels targeted phishing. If your org integrates a vendor like Klue, review what customer data it can touch and treat your support-stack integrations as part of your attack surface, not just your product.
Read source →8x8 reports a data leak after attackers exploited a third-party Klue integration to gain unauthorized access to its Salesforce instance.
Why it matters: This is the same Klue supply-chain compromise that hit LastPass — a third-party integration is turning into a multi-victim breach. Audit every third-party app connected to your CRM (Salesforce, HubSpot, etc.) and revoke or scope down integration permissions you no longer need, especially for sales-intelligence tools like Klue.
Read source →Air Security researchers built a trusted-looking AI agent skill, then flipped it malicious post-adoption, gaining control of 26,000 agents.
Why it matters: Treat agent skills exactly like any third-party dependency: pin them to a hash and version, block them from pulling additional instructions from external domains, restrict tool/file permissions to the minimum needed, and monitor their behavior continuously after install.
Read source →Cloudflare evolved a single code-review skill into a two-stage multi-agent pipeline that found and triaged over 20,000 findings across 100+ repos.
Why it matters: If you're scaling AI-assisted code review, Cloudflare's split between a discovery pipeline and a separate validation/fix pipeline (using a different model to check findings) is worth copying — it's what keeps signal-to-noise manageable as scope grows past a handful of repos.
Read source →AWS now enforces stricter session duration controls for IAM Identity Center, reducing default session timeout from 12 hours to 8 hours.
Why it matters: If your team uses IAM Identity Center for federated access, review your session timeout policies. Shorter sessions improve security posture but may impact developer workflows. This is an opportunity to consolidate your identity baseline.
Read source →A privilege escalation vulnerability in Kubernetes allows authenticated users to escalate to cluster admin. Patches available for v1.28+ immediately.
Why it matters: If you run self-managed Kubernetes clusters, this is a priority patch. Cloud-managed services (EKS, GKE, AKS) are patched automatically. Verify your cluster version and update within 48 hours if you're managing the control plane yourself.
Read source →The European Commission extends the critical incident reporting window from 24 to 72 hours for operators across finance, healthcare, energy, and digital services.
Why it matters: This affects any team serving EU customers or operating in the EU. The extended window gives more time to investigate, but your logging and detection infrastructure must be ready to correlate events across all systems within hours. Audit your incident response timelines now.
Read source →