--- title: "Cisco SD-WAN Flaw, Critical NGINX Exploit, Foxconn Ransomware Attack – Cybersecurity News [May 11, 2026] | DuoCircle" description: "Critical cybersecurity threats emerge as Cisco SD-WAN, NGINX, Microsoft Exchange, and PAN-OS flaws face active exploitation worldwide." image: "https://www.duocircle.com/images/og-default.png" canonical: "https://www.duocircle.com/blog/cybersecurity-news-update-week-20-of-2026/" --- Quick Answer Cisco patched a critical SD-WAN flaw actively exploited in attacks, while researchers disclosed a severe NGINX vulnerability and Foxconn faced a ransomware breach with 8TB of data reportedly stolen. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fcybersecurity-news-update-week-20-of-2026%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cisco%20SD-WAN%20Flaw%2C%20Critical%20NGINX%20Exploit%2C%20Foxconn%20Ransomware%20Attack%20%E2%80%93%20Cybersecurity%20News%20%5BMay%2011%2C%202026%5D&url=undefined%2Fblog%2Fcybersecurity-news-update-week-20-of-2026%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fcybersecurity-news-update-week-20-of-2026%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fcybersecurity-news-update-week-20-of-2026%2F&title=Cisco%20SD-WAN%20Flaw%2C%20Critical%20NGINX%20Exploit%2C%20Foxconn%20Ransomware%20Attack%20%E2%80%93%20Cybersecurity%20News%20%5BMay%2011%2C%202026%5D "Share on Reddit") [ ](mailto:?subject=Cisco%20SD-WAN%20Flaw%2C%20Critical%20NGINX%20Exploit%2C%20Foxconn%20Ransomware%20Attack%20%E2%80%93%20Cybersecurity%20News%20%5BMay%2011%2C%202026%5D&body=Check out this article: undefined%2Fblog%2Fcybersecurity-news-update-week-20-of-2026%2F "Share via Email") ![Cybersecurity News](https://media.mailhop.org/duocircle/spf-permerror-5610-1779093389633.jpg) ## **Cisco Catalyst SD-WAN Controller Vulnerability Rated a Perfect 10” Actively Exploited** Cisco released updates to address a maximum-severity authentication bypass flaw in [Catalyst SD-WAN Controller tracked](https://www.cybersecuritydive.com/news/attackers-exploit-critical-flaw-in-cisco-catalyst-sd-wan-controller/820368/) as CVE-2026-20182, carrying a CVSS score of 10.0\. The flaw stems from a malfunction in the **peering authentication mechanism**, which an attacker could exploit by sending crafted requests to allow them to log in as an internal, high-privileged user account. Cisco attributed the active exploitation of CVE-2026-20182 with high confidence to UAT-8616, a threat cluster known for targeting government, diplomatic, and defense sectors in **Europe and Central Asia**. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on May 15, requiring Federal Civilian Executive Branch agencies to remediate the issue by May 17, 2026. A CVSS score of 10.0 is as bad as it gets. Organizations running Cisco SD-WAN infrastructure should treat this patch as an emergency” [threat actors](https://www.darkreading.com/ics-ot-security/iranian-threat-actors-us-critical-infrastructure-exposed-plcs) are already inside the door. ## **18-Year-Old Flaw in NGINX Goes Public and Is Immediately Exploited in the Wild** _An 18-year-old security flaw in NGINX Plus and NGINX Open Source, tracked as CVE-2026-42945 with a CVSS score of 9.2, came under active exploitation in the wild just days after its public disclosure_. The flaw is a heap buffer overflow in the ngx\_http\_rewrite\_module affecting NGINX versions 0.6.27 through 1.30.0, **introduced back in 2008**. Successful exploitation allows an unauthenticated attacker to crash worker processes or execute remote code with crafted HTTP requests, though remote code execution is only possible on devices where [Address Space Layout Randomization (ASLR)](https://www.techtarget.com/searchsecurity/definition/address-space-layout-randomization-ASLR) is turned off. NGINX powers a significant portion of the world’s web infrastructure. The fact that this bug sat undetected for nearly two decades” and was then weaponized almost immediately after disclosure ” underscores why continuous, **AI-assisted scanning** of mature codebases is no longer optional. ![Spf Validator 1464](https://media.mailhop.org/duocircle/spf-validator-1464-1779093679912.jpg) ## **Foxconn Hit by Ransomware” 8TB of Data Reportedly Stolen** Foxconn, the multinational electronics manufacturer and major Apple supplier, confirmed that some of its North American facilities were impacted by a cyberattack. A threat group tracked as “Nitrogen” claimed responsibility, alleging theft of more than eight terabytes of data comprising 11 million files, including schematics from other **major technology companies**, according to security researchers from Arctic Wolf. Foxconn confirmed it is in the process of restoring normal operations to the affected facilities. The company detected the breach on May 4 and engaged [Palo Alto Networks](https://en.wikipedia.org/wiki/Palo%5FAlto%5FNetworks) Unit 42 for incident response. No ransomware group had publicly claimed the attack at the time of initial disclosure, and Foxconn had not confirmed whether personal information was involved. Manufacturing environments are [high-value ransomware targets](https://cybermagazine.com/news/inside-the-foxconn-cyberattack-by-nitrogen-ransomware-group) precisely because downtime hits revenue immediately. The reported theft of hardware schematics could have far-reaching implications beyond Foxconn itself. ![Spf Record Tester 1463](https://media.mailhop.org/duocircle/spf-record-tester-1463-1779095810322.jpg) ## **Grafana’s GitHub Codebase Downloaded by Attacker After Token Theft** Grafana Labs disclosed on **May 16, 2026**, that an unauthorized party obtained a token granting access to its GitHub environment, enabling the threat actor to download its codebase. The root cause was traced to a recently enabled GitHub Action that contained a “Pwn Request” vulnerability” a misconfiguration in a workflow triggered on pull\_request\_target events that granted external contributors access to production secrets during CI runs. The attacker forked a Grafana repository, injected malicious code via a curl command, and dumped environment variables to a **file encrypted** with a [private key](https://www.digicert.com/blog/where-is-your-private-key), successfully extracting privileged tokens. Grafana stated that no customer data or personal information was accessed during the incident, and it found no evidence of impact to **customer systems or operations**. The attacker then attempted to extort Grafana. _This incident is a textbook example of CI/CD pipeline risk” a single misconfigured GitHub Action was enough to expose an entire codebase to a malicious external contributor_. ## **OpenAI Employee Devices Compromised in TanStack npm Supply Chain Attack** _OpenAI disclosed that two employee devices were breached in the TanStack supply chain attack, which impacted hundreds of npm and PyPI packages_. The company rotated code-signing certificates for its applications as a precaution. **OpenAI stated** the damage was limited to the employees’ devices and did not affect user data or its production systems, and that none of its intellectual property was stolen. Even with elite security teams, a compromised upstream package can be the thin edge of the wedge. This attack signals that [supply chain security](https://www.computerweekly.com/news/366617488/US-Treasury-incident-a-clear-warning-on-supply-chain-security-in-2025) is not just a developer concern — it directly threatens even the most closely guarded AI companies. ![Sender Policy Framework 1462](https://media.mailhop.org/duocircle/sender-policy-framework-1462-1779095928410.jpg) ## **node-ipc npm Package Poisoned with Credential-Stealing Backdoor** Socket detected malicious activity in newly published versions of node-ipc, an npm package with 822,000 weekly downloads. Three versions were confirmed as malicious: node-ipc@9.1.6, node-ipc@9.2.3, and node-ipc@12.0.1\. Socket’s AI scanner flagged the malware within approximately **three minutes of publication**. The malware fires automatically on module load, fingerprints the host, and sweeps the filesystem for over 100 credential and configuration targets. Critically, it does not use HTTP or HTTPS for exfiltration” instead tunneling stolen data through [DNS TXT queries](https://medium.com/aardvark-infinity/dns-txt-record-data-transfer-exfiltrating-data-through-dns-queries-4ef17325785a) to a domain disguised as a Microsoft Azure Static Web Apps address, designed to slip past casual firewall inspection. The sophistication here is striking” [DNS tunneling](https://www.infosecurity-magazine.com/news/dns-tunneling-scan-track-victims/) for data exfiltration, combined with a lookalike Microsoft domain, makes this attack hard to catch with **standard network monitoring**. Any developer using node-ipc should audit their environment immediately. ## **Palo Alto PAN-OS Zero-Day Linked to Chinese State Actors** Palo Alto Networks disclosed CVE-2026-0300, a critical buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS that allows unauthenticated remote code execution with root privileges. The company confirmed the flaw had been exploited as a zero-day. Post-exploitation activity involved the deployment of EarthWorm and ReverseSocks5, network tunneling tools previously attributed to China-linked groups including **Volt Typhoon and APT41**, to establish persistent proxy access to compromised environments. Palo Alto Networks stopped short of formal attribution but said the activity pattern is consistent with a state-sponsored operator. _This is a particularly dangerous vulnerability given how widely Palo Alto firewalls are deployed across government and enterprise networks_. The use of open-source tunneling tools makes detection harder by blending in with legitimate traffic patterns. ## **Microsoft Exchange Zero-Day Under Active Exploitation via Crafted Emails** CISA added CVE-2026-42897, a Cross-Site Scripting vulnerability in Microsoft Exchange Server carrying a CVSS score of 8.1, to its Known Exploited Vulnerabilities catalog on May 15, 2026\. _Federal agencies were required to apply mitigations by May 29, 2026_. Microsoft shared interim mitigations for the flaw while a permanent patch is being prepared for affected Exchange Server versions. On-premises Exchange Server continues to be a prime target for threat actors. Organizations that have not migrated to Exchange Online should apply Microsoft’s mitigations immediately and begin planning for either patching or accelerated [cloud migration](https://www.geeksforgeeks.org/cloud-computing/cloud-migration/). ![Spf Record Check 1461](https://media.mailhop.org/duocircle/spf-record-check-1461-1779095883130.jpg) ## **Salt Typhoon and Twill Typhoon Expand Global Targeting** Salt Typhoon targeted an Azerbaijani oil and gas company using the ProxyNotShell exploit chain and Deed RAT via DLL sideloading — a notable departure from its **typical telecom focus**. Meanwhile, Twill Typhoon targeted Asia-Pacific entities with an updated remote access tool. Security analysts report that both [China-linked APT groups](https://www.securityweek.com/chinese-apts-expand-targets-update-backdoors-in-recent-campaigns/) have expanded their targeting scope and refined their malware in recent campaigns. The broadening of Salt Typhoon’s focus from telecom to **energy infrastructure** is a significant shift that critical infrastructure operators worldwide should take seriously. Nation-state actors are increasingly treating energy as a strategic target alongside communications. ## Fragnesia Linux Kernel Flaw Grants Root Access — Third Such Bug in Two Weeks _Details emerged about a new variant of the recent Dirty Frag Linux local privilege escalation vulnerability that allows local attackers to gain root access_. Codenamed Fragnesia and tracked as CVE-2026-46300 with a **CVSS score of 7.8**, it is the third such kernel bug to be identified within two weeks. Linux distributions rolled out patches for the high-severity kernel privilege escalation vulnerability, which allows attackers to run malicious code as root. Three significant Linux kernel privilege escalation bugs in two weeks is an uncomfortable pattern. Any attacker with even limited local access to a Linux system could potentially use Fragnesia to fully compromise it. Patching should be treated as urgent across all [Linux-based infrastructure](https://www.csoonline.com/article/4169659/linux-kernel-maintainers-suggest-a-kill-switch-to-protect-systems-until-a-zero-day-vulnerability-is-patched.html). ## Ghostwriter APT Targets Ukrainian Government with Geofenced PDF Phishing The [Belarus-aligned threat group](https://www.eset.com/us/about/newsroom/research/belarus-frostyneighbor-attacks-ukrainian-government-eset-research/?srsltid=AfmBOopeG9f-NhbJq79kSKB5GgPeQKaXsXduO4FMrQrMEAbm48QWUNXI) Ghostwriter was attributed to a fresh set of attacks targeting Ukrainian government organizations, using geofenced PDF phishing lures combined with Cobalt Strike. The use of geofencing in phishing campaigns” where the [malicious payload](https://cybersecuritynews.com/new-malware-uses-obfuscation-and-staged-payload/#google%5Fvignette) only activates for victims in a specific geographic region” is a growing sophistication tactic designed to evade sandbox analysis by security researchers outside the target zone. Ukrainian institutions remain on the front lines of state-sponsored cyber operations. ![Spf Validator 6710](https://media.mailhop.org/alumniforwarding/spf-validator-6710-1779097166431.jpg) ## Pwn2Own Berlin 2026: Researchers Pocket Over $900K Exposing Zero-Days _On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-day vulnerabilities_. During the second day, competitors collected an additional $385,750 after exploiting 15 unique [zero-day vulnerabilities](https://www.csoonline.com/article/4171903/exchange-server-zero-day-vulnerability-can-be-triggered-by-opening-a-malicious-email.html) across multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. Over $900,000 paid out in two days” and every single one of those vulnerabilities represents a real attack path that criminals could have discovered instead. [Pwn2Own serves](https://www.securityweek.com/hackers-earn-1-3-million-at-pwn2own-berlin-2026/) as a powerful reminder that the **software we rely** on daily still harbors critical, undiscovered flaws. ## WordPress Funnel Builder Plugin Under Active Exploitation for Payment Card Theft A critical security vulnerability in the **Funnel Builder plugin** for WordPress came under active exploitation in the wild. Attackers injected malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data from customers at the point of purchase. _Payment skimming attacks via compromised WordPress plugins are a recurring and highly effective threat, particularly because store owners often install plugins without closely tracking their security status_. Any WooCommerce site using the Funnel Builder plugin should update immediately and audit recent transactions for [suspicious activity](https://www.bloomberg.com/news/articles/2026-03-05/fbi-found-suspicious-activity-on-its-computer-networks). ## Turla APT Upgrades Kazuar Backdoor into Modular P2P Botnet The [Russia-linked Turla APT group](https://securityaffairs.com/192231/apt/russian-apt-turla-builds-long-term-access-tool-with-kazuar-botnet-evolution.html), associated with the **FSB’s Center 16**, upgraded its Kazuar backdoor into a modular peer-to-peer botnet, significantly raising the stealth bar for detection and attribution. Turla is one of the most technically sophisticated threat actors in the world, with a history of patient, long-term espionage operations. Evolving **Kazuar into a P2P architecture** means that taking down a single [command-and-control server](https://www.twingate.com/blog/glossary/command-and-control-server) is no longer sufficient to disrupt their operations” making defensive response significantly more difficult. [SPF](https://www.duocircle.com/email/spf-management/), [DKIM](https://www.duocircle.com/blog/email-hosting/what-is-dkim-and-why-you-should-use-it-to-secure-your-email/), and [DMARC](https://www.duocircle.com/email/dmarc/) help stop [phishing emails](https://www.duocircle.com/content/email-phishing-prevention/how-to-stop-phishing-emails), block spoofed domains, and strengthen [email security](https://www.duocircle.com/) against the growing wave of ransomware, zero-day exploits, and supply chain cyberattacks. ## Topics SecurityEmailSecuritySPFDKIMDMARCNewsUpdates ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) Brad Slavin General Manager General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio. ## Secure your email infrastructure Protect, authenticate, and deliver. Contact our team to find the right solution. [Contact Sales](/contact/) [Explore Products](/products/) ## Related Articles [ News 6m LastPass Users Phished, Amazon Down US, UK Cybersecurity Boost, Cybersecurity News \[March 02, 2026\] Mar 9, 2026 ](/blog/announcements/cyber-security-news-update-week-10-of-2026/)[ News 6m Vapor Apps Malware, Coinbase Phishing Scam, Medusa Ransomware Attack , Cybersecurity News \[March 17, 2025\] Mar 24, 2025 ](/blog/announcements/cyber-security-news-update-week-13-of-2025/)[ News 5m Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News \[April 06, 2026\] Apr 13, 2026 ](/blog/announcements/cyber-security-news-update-week-15-of-2026/)[ News 6m Ransomware EDR Bypass, Apache Parquet Exposure, CISA Oil Threats, Cybersecurity News \[May 05, 2025\] May 13, 2025 ](/blog/announcements/cyber-security-news-update-week-20-of-2025/) ```json {"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cisco SD-WAN Flaw, Critical NGINX Exploit, Foxconn Ransomware Attack – Cybersecurity News [May 11, 2026]","description":"Critical cybersecurity threats emerge as Cisco SD-WAN, NGINX, Microsoft Exchange, and PAN-OS flaws face active exploitation worldwide.","url":"https://www.duocircle.com/blog/cybersecurity-news-update-week-20-of-2026/","datePublished":"2026-05-18T00:00:00.000Z","dateModified":"2026-05-18T00:00:00.000Z","dateCreated":"2026-05-18T00:00:00.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/cybersecurity-news-update-week-20-of-2026/"},"articleSection":"news","keywords":"Security, EmailSecurity, SPF, DKIM, DMARC, News, Updates","image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/spf-permerror-5610-1779093389633.jpg","caption":"Cybersecurity News"},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"news"},{"@type":"ListItem","position":3,"name":"Cisco SD-WAN Flaw, Critical NGINX Exploit, Foxconn Ransomware Attack – Cybersecurity News [May 11, 2026]","item":"https://www.duocircle.com/blog/cybersecurity-news-update-week-20-of-2026/"}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"news","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cisco SD-WAN Flaw, Critical NGINX Exploit, Foxconn Ransomware Attack – Cybersecurity News [May 11, 2026]","item":"https://www.duocircle.com/blog/cybersecurity-news-update-week-20-of-2026/"}]} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cisco SD-WAN Flaw, Critical NGINX Exploit, Foxconn Ransomware Attack – Cybersecurity News [May 11, 2026]","description":"Critical cybersecurity threats emerge as Cisco SD-WAN, NGINX, Microsoft Exchange, and PAN-OS flaws face active exploitation worldwide.","url":"https://www.duocircle.com/blog/cybersecurity-news-update-week-20-of-2026/","datePublished":"2026-05-18T00:00:00.000Z","dateModified":"2026-05-18T00:00:00.000Z","dateCreated":"2026-05-18T00:00:00.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/cybersecurity-news-update-week-20-of-2026/"},"articleSection":"news","keywords":"Security, EmailSecurity, SPF, DKIM, DMARC, News, Updates","image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/spf-permerror-5610-1779093389633.jpg","caption":"Cybersecurity News"},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ```