Threat intelligence practitioners from Global Payments, Adobe, and Superhuman reveal how mature CTI programs transform data overload into strategic business value. Learn proven approaches to...

Talha Tariq quickly found his company at the center of a fast-moving, high-stakes mitigation effort. The result: a bounty program, a cat-and-mouse patch fight, and a debate about open-source...

Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The...

Authentication is basically solved. Authorization is another thing entirely... CrowdStrike has signed a $740 million deal to buy identity security startup SGNL. The move underscores the growing...

The author of this post found an unintended way to solve a CTF challenge by exploiting a new cross-site leak (XSLeaks) technique. So, they made this into a standalone challenge for this CTF. The...

The author of this post had recently found an RCE in a VPN client called SuperShy. After finding this bug, they were curious about other services that exposed WebSockets locally on their system....

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active...

Flow suffered a major hack of about $3.9M USD. This was not an application but an issue with the blockchain itself. No existing user balances were accessed; the attacker was able to duplicate...

Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the...

No reports of active exploitation … yet Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with...

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into...

Among the 66 international organizations the administration withdrew from are a handful that work on cybersecurity topics. The post Trump pulls US out of international cyber orgs appeared first on...

Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a...

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit....

Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT. The names of the packages, all of which...

An issue allowing unauthorized access to medical records (CVE-2025-4596) was found in Asseco AMDX software.

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass...

Learn what you can do today to prepare for Q-Day

Cop wins hit crime infrastructure, not the people behind it If 2025 was meant to be the year ransomware started dying, nobody appears to have told the attackers.…

CERT Polska has received a report about 2 vulnerabilities (CVE-2025-8306 and CVE-2025-8307) found in Asseco InfoMedica Plus software.

Max-severity OneView hole joins a PowerPoint bug that should've been retired years ago CISA has added a pair of security holes to its actively exploited list, warning that attackers are now...

In late 2024 and throughout 2025, a sophisticated ransomware group known as SafePay emerged, rapidly escalating its operations to become a significant global threat. Unlike the dominant...

What you don’t know can (and absolutely will) hurt you

The cyber threat environment in Australia and New Zealand experienced a new escalation throughout 2025, driven by a surge in initial access sales, ransomware operations, and high-impact data...

Lawyers say Musk's platform may face punishment under Online Safety Act priority offenses Elon Musk's X platform is under fire as UK regulators close in on mounting reports that the platform's AI...

Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To...

Leaders of many organizations are urging their teams to adopt agentic AI to improve efficiency, but are finding it hard to achieve any benefit. Managers attempting to add AI agents to existing...

Unauthenticated RCE means anyone on the network can seize full control A maximum-severity bug in the popular automation platform n8n has left an estimated 100,000 servers wide open to complete...

Happy Groundhog Day! Security researchers at Radware say they've identified several vulnerabilities in OpenAI's ChatGPT service that allow the exfiltration of personal information.…

AI-generated code looks flawless until it isn't. Unit 42 breaks down how to expose these invisible flaws before they turn into your next breach. The post Securing Vibe Coding Tools: Scaling...