Vulnerability
-
Citrix via Flickr
Initial access broker linked to weaponization of CitrixBleed2 flaw
A similar pattern of exploitation was seen in prior attacks involving an open-source machine emulator.
By David Jones • July 10, 2026 -
Deep Dive
Sophisticated threat campaign pushes Cisco to the very edge
A monthslong exploitation wave against Cisco SD-WAN systems raises larger questions about trust and the insecurity of network infrastructure.
By David Jones • July 7, 2026 -
FortiBleed campaign traced to INC and Lynx ransomware operations
Researchers are also investigating the role of a suspected zero-day vulnerability.
By David Jones • July 2, 2026 -
Critical flaw in Oracle E-Business Suite is under immediate threat
Researchers warn that successful exploitation of the vulnerability could allow an attacker to compromise Oracle Payments.
By David Jones • July 1, 2026 -
Critical flaw in SimpleHelp exploited in attacks targeting sensitive credentials
Researchers found two previously undisclosed malware samples used to steal AI assistant tokens and other valuable secrets.
By David Jones • June 30, 2026 -
Retrieved from iStock.
Insurance body confirms hackers posted Oracle PeopleSoft breach data
NAIC warned that some ratings agencies have suspended data feeds as a precaution.
By David Jones • Updated June 29, 2026 -
Software, AI companies form alliance to tackle open-source security flaws
The emergence of frontier AI models has increased the speed and capabilities of malicious hackers.
By David Jones • June 26, 2026 -
Sponsored by SHI
3 ways AI is transforming security operations - and where it delivers real impact
Security operations (SecOps) teams have long been exhorted to “work smarter, not harder,” but they need the right tools and processes to actually achieve that aim.
June 22, 2026 -
Critical vulnerabilities in Fortinet FortiSandbox are under exploitation
An OS command-injection flaw was disclosed earlier this month, according to researchers.
By David Jones • June 16, 2026 -
China-nexus group linked to multiyear campaign targeting US, Canadian medical research
A report from Google links a sophisticated espionage effort targeting information about viruses, AI and military information.
By David Jones • June 15, 2026 -
ShinyHunters linked to exploitation of critical flaw in Oracle PeopleSoft
More than 100 organizations, about two-thirds in higher education, have been notified of potential impact.
By David Jones • Updated June 12, 2026 -
CISA, researchers warn of escalating attacks using Cisco Catalyst SD-WAN flaws
Multiple vulnerabilities are being chained together to gain additional access to systems.
By David Jones • June 10, 2026 -
Check Point warns of zero-day flaw targeted by ransomware affiliate
A vulnerability in the company’s VPN deployments has faced exploitation since early May.
By David Jones • June 9, 2026 -
Cisco warns zero-day flaw in SD-WAN is being exploited
The company cautioned that no current patches are available and the flaw could allow an attacker to conduct command injection attacks.
By David Jones • June 5, 2026 -
Anthropic shares Mythos with 150 more organizations, including critical infrastructure operators
The AI firm also said it’s exploring how to help open-source developers deal with a flood of vulnerability reports.
By Eric Geller • June 2, 2026 -
CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation
The vulnerability in a vital defensive technology creates serious risks for federal networks, CISA said.
By Eric Geller • June 1, 2026 -
Sponsored by SHI
Top 4 data security best practices for the AI-enabled enterprise
To maximize AI’s value without increasing security risk, organizations must enforce best‑practice data protections across their environment.
June 1, 2026 -
CISA urges security teams to check for software development compromises
The agency warned about a wave of attacks targeting credentials and other secrets across critical supply chains.
By David Jones • May 29, 2026 -
Leading AI models are more vulnerable to malicious prompts than vendors claim
Hackers could subvert frontier models with attacks that their developers overlook, Cisco said.
By Eric Geller • May 27, 2026 -
Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN
Researchers said a wave of attacks began in February targeting firewalls that appeared to be protected.
By David Jones • May 19, 2026 -
Deep Dive
How a government contest launched a revolution in AI-based bug hunting
Security researchers have spent months honing AI systems that can find and fix serious vulnerabilities. Critical infrastructure everywhere could benefit.
By Eric Geller • May 18, 2026 -
Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller
Researchers discovered the authentication bypass vulnerability while investigating a prior issue in the same service.
By David Jones • May 15, 2026 -
Frontier AI models reap rapid discovery of security vulnerabilities
Security teams have just a few months before AI-driven exploitation becomes the norm, researchers warn.
By David Jones • May 14, 2026 -
OpenAI launches Daybreak to combat cyber threats
The cybersecurity initiative uses AI to detect software vulnerabilities, partnering with Cloudflare, Cisco and CrowdStrike to counter threats.
By Paige Gross • May 13, 2026 -
Identity takes center stage as a leading factor in enterprise cyberattacks
A new report shows two-thirds of ransomware attacks began with an identity-related breach.
By David Jones • May 12, 2026