The Latest
-
Getty Images
State-linked groups target critical vulnerability in React Server Components
China-nexus threat groups have already begun targeting the flaw, creating widespread risk as nearly 40% of cloud environments are potentially impacted.
Updated Dec. 7, 2025 -
Getty Images
Initial access brokers involved in more attacks, including on critical infrastructure
A research firm also finds nation-states aligning their cyberattacks more closely with geostrategic goals.
-
Chip Somodevilla via Getty Images
Ransomware peaked in 2023 prior to law enforcement actions
U.S. Treasury report shows drop in threat activity in the wake of aggressive takedown efforts.
-
Getty Images
Major drug research company confirms cyberattack compromised employee and partner data
Indiana-based Inotiv said it was still evaluating the hack’s impact on its business.
-
Getty Images
China-nexus actor targets multiple US entities with Brickstorm malware
Researchers outline a campaign targeting U.S. companies, and CISA warns of attacks on government services and IT firms.
Updated Dec. 5, 2025 -
Getty Images
CISA eliminates pay incentives as it changes how it retains top cyber talent
Auditors had described the program as poorly managed. CISA is scrapping it in favor of another recruitment tool.
-
Brandon Bell via Getty Images
US, allies urge critical infrastructure operators to carefully plan and oversee AI use
New guidance attempts to temper companies’ enthusiasm for the latest exciting technology.
-
Getty Images
Critical vulnerabilities found in React and Next.js
Researchers warn the flaws can be easily leveraged to achieve full remote code execution.
-
Getty Images
Lawmakers question White House on strategy for countering AI-fueled hacks
The Trump administration has said little about how it will prevent hackers from abusing AI.
-
Getty Images
DDoS attack volume rises in Q3, fueled by Aisuru botnet
A report by Cloudflare also shows a surge in attacks targeting AI companies.
-
Getty Images
Leading surveillance camera vendor signs CISA’s product-security pledge
Axis Communications is the first major surveillance camera maker to vow to adhere to CISA’s security guidelines.
-
Alex Wroblewski via Getty Images
Senators push to renew cyber grant program for state, local governments
Security experts and local officials say the program is vital to protecting the country.
-
Courtesy of Zendesk
Hackers ready threat campaign aimed at Zendesk environments
Researchers warn that hackers linked to recent social engineering attacks are targeting customer-service platforms.
Updated Dec. 1, 2025 -
iStock Editorial / Getty Images Plus via Getty Images
Fortinet FortiWeb flaws found in unsupported versions of web application firewall
Security researchers raise new concerns after the company previously failed to issue prompt security guidance.
-
Getty Images
European police dismantle cryptocurrency mixer popular with ransomware gangs
Authorities have spent years trying to cripple the ecosystem that helps hackers hide their profits.
-
Kena Betancur via Getty Images
Deep DiveThanksgiving holiday weekend kicks off heightened threat environment for security teams
As workers take family time and consumers race for Black Friday discounts, hackers gain an advantage to penetrate vulnerable corporate perimeters.
-
Sean Gallup via Getty Images
Microsoft tightens cloud login process to prevent common attack
Hackers have spent decades exploiting a ubiquitous type of vulnerability. Microsoft is trying to change that.
-
Getty Images
Gainsight CEO promises transparency as it responds to compromise of Salesforce integration
The company has been in regular contact with customers, and says only a handful have seen data directly impacted.
Updated Nov. 26, 2025 -
Chris McGrath via Getty Images
CISA urges mobile security as it warns of sophisticated spyware attacks
The agency’s rare warning about spyware activity comes as it updated mobile security guidance to reflect evolving threats.
-
Getty Images
Russia-aligned hackers target US company in attack linked to Ukraine war effort
A threat group called RomCom has a history of cyberattacks against entities connected to the conflict.
Updated Nov. 25, 2025 -
Michael M. Santiago via Getty Images
Hackers steal sensitive data from major banking industry vendor
The incident highlights how supply-chain compromises threaten even well-defended industries.
Updated Nov. 24, 2025 -
Courtesy of HubSpot
Gainsight says additional applications put on hold after Salesforce customers breached
The company said that Zendesk and Hubspot integrations have been deactivated as the probe continues.
-
Getty Images
Startup firm called Factory disrupts campaign designed to hijack development platform
The AI-based firm intercepted a state-linked operation that was abusing resources as part of a criminal cyber-fraud network.
-
Getty Images
Salesforce investigating campaign targeting customer environments connected to Gainsight app
Researchers warn that ShinyHunters has been compromising OAuth tokens to gain potential access to customer data.
Updated Nov. 21, 2025 -
Getty Images
SEC drops civil fraud case against SolarWinds
Cybersecurity and legal experts considered the case a potential precedent-setter for risk disclosure.
