The Latest
-
Retrieved from R. Eskalis/NIST.
NIST adds to AI security guidance with Cybersecurity Framework profile
Organizations have a new resource to map AI considerations onto NIST’s most famous security blueprint.
-
istockphoto.com/Jacob Wackerhausen
Sponsored by Palo Alto NetworksFighting AI with AI: How midmarket teams can turn the tables on smarter threats
AI has significantly lowered the barrier to entry for cybercrime.
-
Samuel Corum via Getty Images
Russia-linked hackers breach critical infrastructure organizations via edge devices
New research offers the latest evidence that vulnerable network edge equipment is a pressing concern.
-
Getty Images
React2Shell attacks expand widely across multiple sectors
Researchers warn that state-linked and opportunistic actors are working to exploit flaws in React’s application tools.
-
Getty Images
CISOs view hybrid environments as best way to manage risk, compliance
Security leaders are also focused on the convergence of IT and operational technology as business continuity becomes a major concern.
Updated Dec. 15, 2025 -
Getty Images
Cybersecurity concerns are paramount among executives in almost all roles, regions and industries
A new survey finds widespread agreement that security is one of the biggest challenges facing companies today.
-
Getty Images
React issues new patches after security researchers flag additional flaws
Researchers warn that critical infrastructure providers and government sites are being targeted by state-linked attackers.
-
Getty Images
CISA updates cybersecurity benchmarks for critical infrastructure organizations
The agency streamlines and supplements goals it first issued in 2022.
-
Courtesy of Georgia Power
Grid-scale battery energy storage systems face heightened risk of cyberattack
Experts warn that state-linked threat groups are actively searching for ways to disrupt the industry amid growing power demand in the U.S.
-
Justin Sullivan via Getty Images
Pro-Russia hacktivists launching attacks that could damage OT
The U.S. and its allies warned that defenders should take the hackers seriously, despite the attackers’ pattern of exaggerating their actual impact.
-
Getty Images
React Server Components crisis escalates as security teams respond to compromises
Suspected North Korean actors target users with fake IT recruitment scheme.
-
Getty Images
Majority of global firms plan to boost cyber spending in 2026
A report by Marsh shows companies are also focused on third-party risk mitigation.
-
Getty Images
State-linked groups target critical vulnerability in React Server Components
China-nexus threat groups have already begun targeting the flaw, creating widespread risk as nearly 40% of cloud environments are potentially impacted.
Updated Dec. 7, 2025 -
Getty Images
Initial access brokers involved in more attacks, including on critical infrastructure
A research firm also finds nation-states aligning their cyberattacks more closely with geostrategic goals.
-
Chip Somodevilla via Getty Images
Ransomware peaked in 2023 prior to law enforcement actions
U.S. Treasury report shows drop in threat activity in the wake of aggressive takedown efforts.
-
Getty Images
Major drug research company confirms cyberattack compromised employee and partner data
Indiana-based Inotiv said it was still evaluating the hack’s impact on its business.
-
Getty Images
China-nexus actor targets multiple US entities with Brickstorm malware
Researchers outline a campaign targeting U.S. companies, and CISA warns of attacks on government services and IT firms.
Updated Dec. 5, 2025 -
Getty Images
CISA eliminates pay incentives as it changes how it retains top cyber talent
Auditors had described the program as poorly managed. CISA is scrapping it in favor of another recruitment tool.
-
Brandon Bell via Getty Images
US, allies urge critical infrastructure operators to carefully plan and oversee AI use
New guidance attempts to temper companies’ enthusiasm for the latest exciting technology.
-
Getty Images
Critical vulnerabilities found in React and Next.js
Researchers warn the flaws can be easily leveraged to achieve full remote code execution.
-
Getty Images
Lawmakers question White House on strategy for countering AI-fueled hacks
The Trump administration has said little about how it will prevent hackers from abusing AI.
-
Getty Images
DDoS attack volume rises in Q3, fueled by Aisuru botnet
A report by Cloudflare also shows a surge in attacks targeting AI companies.
-
Getty Images
Leading surveillance camera vendor signs CISA’s product-security pledge
Axis Communications is the first major surveillance camera maker to vow to adhere to CISA’s security guidelines.
-
Alex Wroblewski via Getty Images
Senators push to renew cyber grant program for state, local governments
Security experts and local officials say the program is vital to protecting the country.
-
Courtesy of Zendesk
Hackers ready threat campaign aimed at Zendesk environments
Researchers warn that hackers linked to recent social engineering attacks are targeting customer-service platforms.
Updated Dec. 1, 2025 -
iStock Editorial / Getty Images Plus via Getty Images
Fortinet FortiWeb flaws found in unsupported versions of web application firewall
Security researchers raise new concerns after the company previously failed to issue prompt security guidance.
