A multi-stage phishing campaign targeting Russia abuses GitHub and Dropbox to disable Microsoft Defender and deploy Amnesia ...

CISA added VMware vCenter vulnerability CVE-2024-37079 to its KEV list after confirmed in-the-wild exploitation, urging ...

AI agents break traditional IAM by enabling delegated access, authorization bypass, and high-risk ownerless organizational ...

ESET links Russia-backed Sandworm to a failed December 2025 cyberattack using DynoWiper malware against Poland’s power and ...

CISA added four actively exploited vulnerabilities to its KEV catalog, urging U.S. federal agencies to apply fixes by February 12, 2026.

Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate devices via SAML abuse.

TikTok launches a U.S.-owned joint venture, cuts ByteDance stake to 19.9%, and secures U.S. data and algorithms on Oracle cloud.

Researchers uncovered a two-stage phishing attack stealing email logins to install LogMeIn Resolve RMM for persistent, hidden ...

Microsoft reports a multi-stage AitM phishing and BEC campaign abusing SharePoint, inbox rules, and stolen session cookies to ...

Experts uncovered a new Osiris ransomware strain that used a custom POORTRY driver in a BYOVD attack to disable security tools & steal data in 2025.

A 9.8-severity flaw (CVE-2026-24061) in GNU InetUtils telnetd allows remote authentication bypass and root access in versions ...

Google Workspace provides a strong baseline, yet default settings expose gaps in email security, access control, and data ...