Ryan Naraine

The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.

Trend Micro researchers flagging problems with Nvidia’s patch for a critical, code execution vulnerability in the Nvidia Container Toolkit.

The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.

Trump orders a termination of any active security clearances held by Krebs and a suspension of clearances held by individuals at SentinelOne.

Google plans to unleash automated AI agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators.

Patch Tuesday: Microsoft ships urgent cover for another WIndows CLFS vulnerability already exploited in the wild.

The Adobe Patch Tuesday rollout covers 54 vulnerabilities, including code execution issues in the oft-targeted Adobe ColdFusion software.

Silicon Valley startup secures big investment from Menlo Ventures and Mayfield Fund to solve the “shadow AI” security problem.

Experimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant.

Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits.

Adaptive is pitching a security platform designed to replicate real-world attack scenarios through AI-generated deepfake simulations. 

Cyberhaven bags $100 million in funding at a billion-dollar valuation, a sign that investors remain bullish on data security startups.

Using the Security Copilot tool, Microsoft discovered 20 critical vulnerabilities in widely deployed open-source bootloaders.

An undocumented remote access backdoor in the Unitree Go1 Robot Dog allows remote control over the tunnel network and use of the vision cameras...

OpenAI has raised its maximum bug bounty payout to $100,000 (up from $20,000) for high-impact flaws in its infrastructure and products.

Exploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub)

The late-stage startup said the round was led Coatue Management and brings Island’s total external funding to approximately $730 million.

The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks targeting organizations in Russia.

The effects of the backlog are already being felt in vulnerability management circles where NVD data promises an enriched source of truth.

News analysis: Google positions itself to compete with Microsoft for enterprise security dollars. How does this deal affect startup ecosystem?