Latest News

Eight days before patches, a threat actor exploited CVE-2025-10035 as a zero-day to create a backdoor admin account.

Leading to remote code execution and privilege escalation, the flaws were exploited on Cisco ASA 5500-X series devices that lack secure boot.

Prompt injection has been leveraged alongside an expired domain to steal Salesforce data in an attack named ForcedLeak.

Threat actors impersonating PyPI ask users to verify their email for security purposes, directing them to fake websites.

RedNovember has been targeting government, defense and aerospace, and legal services organizations worldwide.

The aerospace and defense giant has disclosed the cyberattack in a filing with the SEC.

Bringing politics into professional spaces undermines decision-making, collaboration, and ultimately weakens security teams.

Google’s Threat Intelligence Group and Mandiant link the BrickStorm campaign to UNC5221, warning that hackers are analyzing stolen code to weaponize zero-day vulnerabilities.

New framework from the Cloud Security Alliance helps SaaS customers navigate the shared responsibility model with confidence.

The Miljödata data breach has impacted numerous organizations, education institutions, and Swedish municipalities.

The security defect allows remote attackers with administrative privileges to execute arbitrary code as the root user.

Boyd Gaming has informed the SEC about a data breach affecting the information of employees and other individuals.

The hackers remained undetected for three weeks, deploying China Chopper, remote access scripts, and reconnaissance tools.

Cybersecurity researchers believe the attack on Collins Aerospace involved a piece of ransomware known as HardBit.

GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing.