Laura French

Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA

• identity
• phishing
• ransomware

Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA

Laura French April 3, 2026

The campaign leverages a newly-discovered phishing kit called VENOM.

Read More Read more about Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA

Venom Stealer MaaS handles attacks from ClickFix to crypto theft

• malware
• ransomware
• threat-intelligence
• threat-management

Venom Stealer MaaS handles attacks from ClickFix to crypto theft

Laura French April 1, 2026

The stealer persists on the victim’s machine and immediately exfiltrates data with no local staging.

Read More Read more about Venom Stealer MaaS handles attacks from ClickFix to crypto theft

Axios npm supply chain attack: Malicious updates add remote access trojan

• application-security
• devsecops
• identity
• malware
• supply-chain
• threat-intelligence

Axios npm supply chain attack: Malicious updates add remote access trojan

Laura French March 31, 2026

The axios npm package, with about 100 million weekly downloads, was compromised via a maintainer’s account.

Read More Read more about Axios npm supply chain attack: Malicious updates add remote access trojan

OpenAI fixes Codex flaw that could lead to GitHub token theft

• aiml
• application-security
• identity
• supply-chain

OpenAI fixes Codex flaw that could lead to GitHub token theft

Laura French March 31, 2026

A command injection hidden in a branch name could cause an OAuth token to be exfiltrated.

Read More Read more about OpenAI fixes Codex flaw that could lead to GitHub token theft

RSAC 2026: Treat AI like a ‘junior developer’ to catch coding errors

• aiml
• devsecops
• rsac
• vulnerability-management

RSAC 2026: Treat AI like a ‘junior developer’ to catch coding errors

Laura French March 27, 2026

OX Security found AI coding assistants make the same common mistakes as humans.

Read More Read more about RSAC 2026: Treat AI like a ‘junior developer’ to catch coding errors

Identity at RSAC 2026: Continuous, AI-ready and quantum-safe

• aiml
• identity
• privileged-access-management
• rsac

Identity at RSAC 2026: Continuous, AI-ready and quantum-safe

Laura French March 27, 2026

Identity talks in San Francisco focused on new realities challenging traditional authentication schemes.

Read More Read more about Identity at RSAC 2026: Continuous, AI-ready and quantum-safe

RSAC 2026: 5 ways AI is our worst enemy, and 3 ways to make it SOC’s best friend

• incident-response
• patchconfiguration-management
• rsac
• soc
• threat-intelligence
• vulnerability-management

RSAC 2026: 5 ways AI is our worst enemy, and 3 ways to make it SOC’s best friend

Laura French March 25, 2026

Keynotes from Splunk and the SANS Institute reinforce the double-edged nature of AI.

Read More Read more about RSAC 2026: 5 ways AI is our worst enemy, and 3 ways to make it SOC’s best friend

AI-related job cuts mostly hit entry-level roles, as AI skills become essential

• rsac
• security-staff-acquisition-development

AI-related job cuts mostly hit entry-level roles, as AI skills become essential

Laura French March 23, 2026

“Cybersecurity practitioners who use AI are likely to replace those who don’t,” said SANS Institute CEO James...

Read More Read more about AI-related job cuts mostly hit entry-level roles, as AI skills become essential

Critical Langflow RCE vulnerability exploited within 20 hours

• patchconfiguration-management
• threat-intelligence
• threat-management
• vulnerability-management

Critical Langflow RCE vulnerability exploited within 20 hours

Laura French March 20, 2026

CVE-2026-33017 could enable an unauthenticated attacker to execute arbitrary Python code on the server.

Read More Read more about Critical Langflow RCE vulnerability exploited within 20 hours

Fake interactive Zoom call leads to malicious ScreenConnect download

• phishing
• ransomware
• threat-intelligence
• threat-management

Fake interactive Zoom call leads to malicious ScreenConnect download

Laura French March 20, 2026

JavaScript is used to imitate a glitchy Zoom call, prompting the user to install an “update.”

Read More Read more about Fake interactive Zoom call leads to malicious ScreenConnect download