Eduard Kovacs

Marlboro-Chesterfield Pathology has been targeted by the SafePay ransomware group, which stole personal information from its systems.

UK retailer Marks & Spencer expects the disruptions caused by the recent cyberattack to continue through July. 

More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535.

Many of the industrial control system (ICS) instances seen in internet scanning are likely or possibly honeypots, not real devices.

An OpenPGP.js vulnerability tracked as CVE-2025-47934 allows message signature verification to be spoofed. 

The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization. 

New CISA Deputy Director Madhu Gottumukkala has joined the agency from South Dakota’s Bureau of Information and Technology.

The UK’s Legal Aid Agency was targeted in a cyberattack in April and it recently determined that hackers have stolen sensitive data.

Serviceaide exposed a database containing personal and medical information belonging to Catholic Health patients.

Pwn2Own participants demonstrated exploits against VMs, AI, browsers, servers, containers, and operating systems.

The 15th edition of NATO’s Locked Shields cyber defense exercise brought together 4,000 experts from 41 countries.

Pwn2Own participants have earned tens of thousands of dollars for Red Hat, Windows, Oracle VirtualBox, Docker Desktop, and AI exploits.

American steel giant Nucor on Wednesday disclosed a cybersecurity incident that bears the hallmarks of a ransomware attack.

Enterprise cybersecurity giant Proofpoint is buying Germany-based Microsoft 365 security solutions provider Hornetsecurity.

Nova Scotia Power says a wide range of personal and financial information was stolen in the recent cyberattack.

Intel, AMD and Arm each published security advisories on Patch Tuesday, including for newly disclosed CPU attacks.

Experts say the European Vulnerability Database, or EUVD, should be a good resource, but only if ENISA manages to maintain it properly.

Industrial giants Siemens, Schneider Electric and Phoenix Contact have released ICS security advisories on the May 2025 Patch Tuesday.

The Radware Cloud WAF product vulnerabilities disclosed by CERT/CC were addressed two years ago.

An information exposure flaw in TeleMessage has been added to CISA’s Known Exploited Vulnerabilities catalog.