Critical vulnerability in Fortinet FortiWeb is under exploitation

The company faces criticism as multiple researchers claim a silent patch was issued weeks before official guidance was released.

US chips away at North Korean IT worker fraud

Authorities have described Pyongyang’s revenue-generating schemes as threats to U.S. national and economic security.

CISO pay is on the rise, even as security budgets tighten

Companies are increasingly lavishing benefits on their top security executives, a recent report found.

Anthropic warns state-linked actor abused its AI tool in sophisticated espionage campaign

Researchers said a China-backed adversary conducted powerful attacks with almost no human intervention. 

Updated Nov. 14, 2025

Western governments disrupt trifecta of cybercrime tools

Authorities seized more than 1,000 servers and 20 domains in the operation.

Akira engaged in ransomware attacks against critical sectors

The group has stepped up threat activity by abusing edge devices and other tools, reaping hundreds of millions of dollars in illicit gains.

Updated Nov. 14, 2025

Government funding bill temporarily revives cybersecurity information-sharing law

The spending legislation passed by Congress will reauthorize the CISA 2015 program through the end of January.

UK authorities propose law to set minimum cyber standards for critical sectors

The legislation follows a wave of social engineering attacks that rocked the nation’s retail and automotive supply chains.

Sophisticated threat actor targeting zero-day flaws in Cisco ISE and Citrix

Hackers use custom malware to access multiple vulnerabilities, researchers from Amazon warn.

Companies want more from their threat intelligence platforms

Customers expect faster, more accurate and more relevant data, Recorded Future found in a new report.

Shadow AI is widespread — and executives use it the most

Employees in fields like health care and finance trust AI more than they trust their colleagues, according to a new report.

Cisco detects new attack variant targeting vulnerable firewalls

Hackers may be able to overload unpatched devices, the company said.

Conduent warns of further financial fallout from cyberattack

The company has incurred millions in expenses related to data breach notifications stemming from an attack earlier this year. 

AI agents worsen IT’s capacity crunch: S&P Global

An infrastructure overhaul to support agentic systems is underway, bringing with it a new set of capacity demands and security considerations. 

Nevada ransomware attack traced back to malware download by employee

The state refused to pay a ransom and recovered 90% of the impacted data.

Cyberattacks surge against IoT, mobile devices in critical infrastructure

Manufacturing and energy firms saw some of the biggest increases in malware activity targeting connected devices.

SonicWall says state-linked actor behind attacks against cloud backup service

CEO announces security and governance reforms inside the company, including the adoption of secure-by-design practices.

In financial sector, vendors lag behind customers on cybersecurity

Financial firms should be performing regular oversight of their vendors to avoid supply chain compromises, according to a new report.

Hackers targeting Cisco IOS XE devices with BadCandy implant

Security researchers and Australian authorities warn that exploitation activity is ongoing.

Updated Nov. 5, 2025

AI-based malware makes attacks stealthier and more adaptive

Google says it has discovered at least five malware families that use AI to reinvent themselves and hide from defenders.

Researchers warn of flaws that allow manipulation of Microsoft Teams messages

A report by Check Point shows hackers could forge identities and alter messages.

AI risks pack a punch, but governance provides a buffer

Enterprises strengthen governance and focus on responsible practices as more than 3 in 5 suffer AI risk-related losses of more than $1 million, EY data shows. 

Identity-based attacks need more attention in cloud security strategies

Companies should lock down user accounts and scan for compromised credentials, according to a new report.

Cybercrime groups team with organized crime in massive cargo theft campaigns

Financially motivated hackers are abusing remote monitoring and access tools against trucking and freight companies, Proofpoint warns.

Updated Nov. 3, 2025

Security leaders say AI can help with governance, threat detection, SOC automation

Executives and technical leaders differ on AI priorities, according to a report from Amazon.