Vulnerability
-
Sean Gallup via Getty Images
Microsoft tightens cloud login process to prevent common attack
Hackers have spent decades exploiting a ubiquitous type of vulnerability. Microsoft is trying to change that.
By Eric Geller • Nov. 26, 2025 -
Getty Images
SEC drops civil fraud case against SolarWinds
Cybersecurity and legal experts considered the case a potential precedent-setter for risk disclosure.
By David Jones • Nov. 20, 2025 -
iStock Editorial / Getty Images Plus via Getty Images
Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation
The medium severity vulnerability can be chained together with a critical flaw in the same product, which could help attackers gain additional capabilities.
By David Jones • Nov. 20, 2025 -
Getty Images
Hackers increasingly target operational technology, with manufacturing sector bearing the brunt
Companies should segment and monitor their networks to prevent hackers from crossing over from IT to OT, a new report said.
By Eric Geller • Nov. 18, 2025 -
Getty Images
Critical vulnerability in Fortinet FortiWeb is under exploitation
The company faces criticism as multiple researchers claim a silent patch was issued weeks before official guidance was released.
By David Jones • Nov. 17, 2025 -
Permission granted by Lenovo
Sponsored by Lenovo and SentinelOneAI-driven dynamic endpoint security is redefining trust
Network perimeters are gone. Modern security solutions must be proactive, dynamic and intelligent.
By Nima Baiati, Executive Director and General Manager, Commercial Software & Security Solutions, Lenovo • Nov. 17, 2025 -
Chip Somodevilla via Getty Images
Akira engaged in ransomware attacks against critical sectors
The group has stepped up threat activity by abusing edge devices and other tools, reaping hundreds of millions of dollars in illicit gains.
By David Jones • Updated Nov. 14, 2025 -
Getty Images
Sophisticated threat actor targeting zero-day flaws in Cisco ISE and Citrix
Hackers use custom malware to access multiple vulnerabilities, researchers from Amazon warn.
By David Jones • Nov. 12, 2025 -
Getty Images
Shadow AI is widespread — and executives use it the most
Employees in fields like health care and finance trust AI more than they trust their colleagues, according to a new report.
By Eric Geller • Nov. 12, 2025 -
David Ramos via Getty Images
Cisco detects new attack variant targeting vulnerable firewalls
Hackers may be able to overload unpatched devices, the company said.
By Eric Geller • Nov. 10, 2025 -
Permission granted by 10KMedia
Sponsored by 10KMediaYour AI-driven threat hunting is only as good as your data platform and pipeline
The data-centric foundation for modern threat hunting.
By Taylor Smith, Director of Product Marketing at Exaforce • Nov. 6, 2025 -
Getty Images
Hackers targeting Cisco IOS XE devices with BadCandy implant
Security researchers and Australian authorities warn that exploitation activity is ongoing.
By David Jones • Updated Nov. 5, 2025 -
Getty Images
Researchers warn of flaws that allow manipulation of Microsoft Teams messages
A report by Check Point shows hackers could forge identities and alter messages.
By David Jones • Nov. 4, 2025 -
Getty Images
Windows Server Update Service exploitation ensnares at least 50 victims
Researchers say hackers could be gathering intelligence for future attacks, and authorities warn users to apply patches and check for compromise.
By David Jones • Oct. 31, 2025 -
Getty Images
CISA, NSA unveil best-practices guide to address ongoing Exchange Server risks
The guide follows CISA’s warnings in August about a high-severity vulnerability in Microsoft Exchange.
By David Jones • Oct. 30, 2025 -
Getty Images
CISA updates guidance and warns security teams on WSUS exploitation
The agency urges users to apply emergency patches from Microsoft to counter a serious threat.
By David Jones • Oct. 30, 2025 -
Getty Images
AI adoption outpaces corporate governance, security controls
Security and business leaders warn that companies are accelerating their use of agentic AI beyond the ability to maintain proper guardrails.
By David Jones • Oct. 29, 2025 -
Getty Images
Google probes exploitation of critical Windows service CVE
Researchers have traced the threat activity to a newly identified hacker, while separate evidence points to more than one variant.
By David Jones • Oct. 28, 2025 -
Getty Images
Hackers exploiting critical vulnerability in Windows Server Update Service
Microsoft has issued an out-of-band update and is urging users to immediately apply the patch.
By David Jones • Updated Oct. 27, 2025 -
Getty Images
Researchers warn of critical flaws in TP-Link routers
No active exploitation has been spotted, but the vendor and researchers advise users to apply updates immediately.
By David Jones • Oct. 24, 2025 -
Getty Images
AI security flaws afflict half of organizations
EY suggested ways for companies to reduce AI-related hacking risks.
By Eric Geller • Oct. 22, 2025 -
Getty Images
F5 supply chain hack endangers more than 600,000 internet-connected devices
The enterprise device vendor has patched several vulnerabilities that hackers discovered after breaching its networks.
By Eric Geller • Oct. 17, 2025 -
Courtesy of F5 Press Kit
Nation-state hackers breached sensitive F5 systems, stole customer data
The federal government is scrambling to determine if any agencies have been hacked.
By Eric Geller • Oct. 15, 2025 -
Getty Images
Oracle E-Business Suite exploitation traced back as early as July
Researchers say an extortion campaign linked to the Clop ransomware group used a series of chained vulnerabilities and sophisticated malware.
By David Jones • Oct. 10, 2025 -
Getty Images
Extortion campaign targeting Oracle E-Business Suite customers linked to zero-day
Mandiant researchers said Clop ransomware is indeed linked to a series of emails threatening to release stolen data.
By David Jones • Oct. 6, 2025
