Latest News

Security advice fails when it comes from those who don’t bear the consequences and won’t be responsible for making it work.

Impersonating a legitimate extension from AITOPIA, the two malicious extensions were also exfiltrating users’ browser activity.

An error in the firmware-upload handler leads to devices starting an unauthenticated root-level Telnet service.

Four vulnerabilities have been fixed in the latest release of Veeam Backup & Replication.

2025 was the strongest year for cybersecurity funding since the 2021 peak, according to Pinpoint Search Group.

The critical-severity vulnerability allows unauthenticated, remote attackers to execute arbitrary shell commands.

Threat actors spoof legitimate domains to make their phishing emails appear to have been sent internally.

From dismantling online games as a child to uncovering real-world vulnerabilities, Katie Paxton-Fear explains how autism, curiosity, and a rejection of ambiguity shaped her path into ethical hacking.

We can’t outpace the adversary by trying to stop every attack, but we can outlast them by engineering systems and culture to take a punch and try to quickly rebound.

Using fake accounts and synthetic data to lure the hackers, the researchers gathered information on their servers.

The flaw is tracked as CVE-2025-54957 and its existence came to light in October 2025 after it was discovered by Google researchers.

Fake Booking reservation cancellations and fake BSODs trick victims into executing malicious code leading to RAT infections.

The initial access broker (IAB) relies on credentials exfiltrated using information stealers to hack organizations.

The VPN company has conducted an investigation after a threat actor claimed to have hacked its systems. 

Significant cybersecurity M&A deals announced by Akamai, Red Hat, Checkmarx, Silent Push, and ServiceNow.