Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Researchers at Bitdefender are tracking 40 separate SMS phishing (smishing) campaigns impersonating transport authorities, toll operators, and parking services around the world. The researchers have observed more than 79,000 scam text messages with over 29,000 unique variants. The attacks are targeting users in multiple languages. “These scam messages are designed to create a sense of urgency and pressure drivers into acting quickly,” the researchers write.

DDI Central version 6.1 introduced significant enhancements to the IPAM section, bringing a segmented view for sites, clusters, and supernets, along with multiple display options: table, tree, and card views. The release also added trusted feed configurations, root hint templates, and unmapped subnet monitoring, giving network admins greater flexibility and control over their DNS and DHCP resources.

A critical vulnerability (CVE-2026-7482), dubbed “Bleeding Llama”, has been disclosed in Ollama, a widely used open-source framework for running large language models (LLMs) locally. With a CVSS v3.1 score of 9.1, the issue is classified as Critical and affects versions prior to 0.17.1. The vulnerability exposes organisations using self-hosted AI infrastructure to significant information disclosure risks.

CurrentWare v12.0.2 release focuses on a single shift: Turning passive visibility into decision-ready intelligence. From energy cost visibility to fair productivity measurement, from real-time behavioral alerts to cloud first deployment, this update helps IT, security, HR, and operations leaders act faster, with more confidence and less friction.

The financial services industry is the fourth most-targeted sector globally, accounting for 12% of all observed activity. eCrime and nation-state adversaries spanning all motivations target these organizations due to their unique convergence of valuable assets, strategic intelligence, and geopolitical significance.

The security landscape has fundamentally changed, and many organizations haven’t caught up. If you’re still relying on quarterly scans, annual penetration tests, or spreadsheet-based vulnerability tracking to manage risks within your applications, you’re not managing risk. You’re documenting it after the fact.

Sophos X-Ops looks at the Atomic macOS Stealer and its capabilities Sophos Managed Detection and Response (MDR) teams recently responded to a customer incident involving an infostealer infection on a macOS host. When we investigated, we found that the infostealer appeared to be a variant of AMOS (Atomic macOS), a well-known malware family we’ve written about before. The attack began with a ClickFix-style ruse, where a user was tricked into running a terminal command.

The days when compliance was only a documentation exercise are long gone. Now, it’s a critical priority for a wide variety of organizations. But compliance is more of a result than a goal. The goal is achieving resilience. Cybersecurity and data protection regulations are rapidly evolving far beyond traditional compliance checklists. Global frameworks and regulations such as NIS 2, DORA, GDPR, HIPAA, SOX and NIST 2.0 are placing greater emphasis on operational resilience.