What Happened Sophos researchers documented a threat actor deploying QEMU virtual machines on compromised Windows hosts as part of the Payouts King ransomware operation. The attack chain uses QEMU to run a hidden Alpine Linux VM that executes attacker tooling — completely invisible to host-based endpoint security. The campaigns, tracked as
A 13-year-old remote code execution vulnerability in Apache ActiveMQ has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog after threat actors were confirmed actively exploiting it in the wild. The flaw, tracked as CVE-2026-34197, was patched in March 2026 — but remained undetected in production environments for over
Payouts King ransomware operators are abusing QEMU virtual machines as a covert staging environment on compromised Windows hosts — effectively using the emulator to run a hidden Linux attack platform that sits beneath endpoint security tools. Security researchers at Sophos documented the technique in two active campaigns this week, and the
There is a quiet revolution happening in security operations, and most practitioners have not yet decided how to feel about it. AI language models — particularly those explicitly designed for security reasoning, threat analysis, and defensive operations — are entering the workflows of the people who keep systems running and breaches contained.
HTTP security headers are one of the most cost-effective defenses in your stack. They require no code changes, they deploy at the infrastructure layer, and they meaningfully reduce the attack surface of every page you serve. Most mature applications have them — few have them well. This is a guide to