Executive Summary The week of April 20, 2026 presents an exceptionally active threat landscape dominated by a converging supply chain crisis, nation-state escalation, and critical infrastructure targeting. The SCC pipeline processed 58 intelligence items this week, including 7 items on the CISA Known Exploited Vulnerabilities catalog, multiple critical-rated CVEs with active exploitation confirmed, and 4 […]
Executive Summary The week of April 20, 2026 presents an elevated and unusually broad risk posture driven by converging nation-state activity, a catastrophic software supply chain attack, and multiple actively exploited vulnerabilities across widely deployed enterprise products. The SCC pipeline tracked 57 intelligence items this week, including 8 CISA KEV additions, 6 critical CVEs (CVSS […]
Executive Summary The week of April 13, 2026 presents one of the most operationally demanding threat landscapes of the year, with simultaneous pressure across critical infrastructure, the software supply chain, cloud identity systems, and developer tooling. The SCC pipeline processed 62 intelligence items this week, tracking 6 critical CVEs, 4 CISA KEV additions with imminent […]
Adversarial ML Researchers discover novel attacks against ML systems — evasion, poisoning, extraction, and inference. Requires deep ML knowledge and the ability to publish findings. 191 Glassdoor postings; Capital One, Google, Anthropic actively hiring. Salary range $157K–$222K.
AI Model Risk Analysts assess and quantify risks in AI/ML models for regulated industries, particularly financial services under SR 11-7. Bank of America and Citi are actively hiring. The most accessible entry point into AI security from GRC/compliance backgrounds. Salary range $100K–$160K.
AI Infrastructure Security Specialists secure the compute, networking, and storage that AI systems run on — GPU clusters, model serving platforms, training pipelines, and cloud environments. OpenAI, NVIDIA, and CoreWeave are actively hiring. Salary range $160K–$240K.
Executive Summary The week of April 6, 2026 presents an exceptionally high-density threat landscape dominated by a coordinated software supply chain campaign (TeamPCP) that compromised multiple widely-deployed security and developer tools, including Aqua Security Trivy, LiteLLM, Checkmarx KICS, and the Axios npm package, resulting in confirmed breaches of European Commission AWS accounts and exposure of […]
Executive Summary The week of March 30, 2026 presents an elevated threat posture across cloud infrastructure, mobile platforms, critical infrastructure OT/ICS systems, and the software supply chain. The SCC pipeline processed 60+ intelligence items this week, identifying multiple concurrent critical-priority threats demanding immediate security team attention. The most urgent items include an active AI-augmented OAuth […]
Executive Summary The week of March 23, 2026 presents a high-density threat environment characterized by converging supply chain attacks, AI-enabled malware evolution, and sustained ransomware pressure against public-sector and critical infrastructure targets. The SCC pipeline processed over 60 intelligence items this week, identifying three actively exploited CVEs with CISA KEV designations (CVE-2026-3909 in Google Skia, […]
More than 207,000 professionals worldwide have earned the ISACA CISA, and it’s still the credential hiring managers list first for IT audit and compliance roles. That’s not nostalgia (it’s market reality. With the 2024 exam update folding in AI governance, cloud security, and expanded incident management, the CISA now maps directly to what organizations are […]