The KEV list is useful but largely misunderstood. KEVology explains what it is, and how best to use it.
The signs of a cyberattack were identified on systems EU’s main executive body uses for mobile device management.
Potential breach at Flickr exposes usernames, email addresses, IP addresses, and activity data.
Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP.
The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience.
To all those who are fighting the good fight in the world of cyber, keep collaborating to ensure our world never succumbs to the chaos of the Upside Down.
By integrating identity threat detection with MFA, organizations can protect sensitive data, maintain operational continuity, and reduce risk exposure.
Security leaders chart course beyond predictions with focus on supply chain, governance, and team efficiency.
Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise.
RegisterSecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats.
Register
SecurityWeek’s 2026 Ransomware Summit is a must-attend event for cybersecurity professionals as ransomware attacks continue to hit big-name victims across industries with ruthless efficiency.
[February 25, 2026 | Virtual]
SecurityWeek’s 2026 Supply Chain Security Summit is where top security experts unpack the complexity of modern software supply chain threats and proven strategies to mitigate risk.
[March 18, 2026 | Virtual]
SecurityWeek’s 2026 ICS Lockdown is an online extension of the ICS Cybersecurity Conference and will dive deep into the world of industrial cybersecurity to help those charged with protecting OT environments.
[April 29, 2026 | Virtual]
SecurityWeek’s 2026 Threat Detection & IR Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and more.
[May 20, 2026 | Virtual]
-
Vulnerable SolarWinds Web Help Desk instances were exploited in December 2025 for initial access. (February 9, 2026)
-
The KEV list is useful but largely misunderstood. KEVology explains what it is, and how best to use it. (February 9, 2026)
-
The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests. (February 6, 2026)
-
CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks. (February 6, 2026)
-
Other noteworthy stories that might have slipped under the radar: AT&T and Verizon response to Salt Typhoon, AI agents solve security challenges, man arrested… (February 6, 2026)
-
Criminals are using AI to clone professional websites at an industrial scale. A new report shows how one AI-powered network grew to 150+ domains… (February 5, 2026)
-
Hackers rely on evolved vishing and login harvesting to compromise SSO credentials for unauthorized MFA enrollment. (February 2, 2026)
-
A total of 87 individuals, mostly Venezuelan nationals, have been charged for their role in the ATM jackpotting scheme. (January 28, 2026)
