Latest News

OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications.

Three more VS Code extensions were infected last week and the malware has emerged in GitHub repositories as well.

The Cl0p website lists major organizations such as Logitech, The Washington Post, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland.

Multiple vulnerabilities across QNAP’s portfolio could lead to remote code execution, information disclosure, and denial-of-service (DoS) conditions.

Australia mirrored the US’s recent sanctions against bankers, financial institutions, and others allegedly involved in laundering funds for North Korea.

Other noteworthy stories that might have slipped under the radar: rogue ransomware negotiators charged, F5 hack prompts OT security guidance, Germany targets Huawei tech.

Threat actors exploited CVE-2025-21042 to deliver malware via specially crafted images to users in the Middle East. 

When leaders redefine power as trust instead of control, teams unlock their potential — and organizations find their edge.

The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks.

ClickFix prompts typically contain instructions for Windows users, but now they are tailored for macOS and they are getting increasingly convincing.

Google’s acquisition of Wiz is expected to close in 2026, but there are other reviews that need to be cleared.

The Congressional Budget Office confirmed it had been hacked, potentially disclosing important government data to malicious actors.

An out-of-bounds write flaw in WebGPU tracked as CVE-2025-12725 could be exploited for remote code execution.

Multiple state-sponsored Russian groups are targeting Ukrainian entities and European countries linked to Ukraine.

Between 2016 and 2021, the suspects defrauded 4.3 million cardholders in 193 countries of €300 million (~$346 million).