CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog

The code injection flaw is similar to a prior vulnerability that was immediately flagged in January.

By David Jones • April 9, 2026

React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data

The stolen information could help intruders plan follow-up attacks and breach more organizations, Cisco researchers said.

By Eric Geller • April 7, 2026

Critical flaw in FortiClient EMS under exploitation

Fortinet released an emergency hotfix after security researchers discovered the vulnerability being exploited as a zero-day.

By David Jones • Updated April 6, 2026

Researchers warn of critical flaws in Progress ShareFile

Attackers could chain vulnerabilities together, leading to configuration changes or remote code execution.

By David Jones • April 3, 2026

Critical flaw in F5 BIG-IP faces wide exploitation risk

The company revised a security advisory as newly disclosed information heightens the potential impact.

By David Jones • April 2, 2026

Citrix NetScaler products confirmed to be under exploitation

Security researchers at watchTowr warn that multiple flaws are involved in the early stages of a hacking spree that could rival the 2023 CitrixBleed campaign.

By David Jones • Updated March 30, 2026

Critical flaw in Citrix NetScaler raises fears of new exploitation wave

Researchers warn that security teams need to take immediate mitigation steps before a public proof of concept is released.

By David Jones • Updated March 27, 2026

The CVE Program, a bedrock of global cyber defense, is teetering on the brink

A funding scare, AI and similar international initiatives are raising existential questions about the program’s future.

By Eric Geller • March 24, 2026

Network edge devices still widely used after reaching end-of-life status

A report by VulnCheck shows nation-state hackers often target flaws in aging routers, firewalls and VPNs.

By David Jones • March 23, 2026

CISA urges organizations to harden endpoint security following Stryker attack

The agency is coordinating with the FBI and other agencies amid concerns about additional threat activity involving Microsoft Intune. 

By David Jones • March 19, 2026

Security teams might be overlooking wider threat to Cisco SD-WAN

Researchers from VulnCheck warn that a misattributed proof of concept ignores a separate, high-severity flaw. 

By David Jones • March 17, 2026

Nearly half of exploited zero-day flaws target enterprise-grade technology

A report by Google Threat Intelligence Group warns that AI will be used to speed and scale attacks in 2026.

By David Jones • March 6, 2026

Iran-nexus hackers target flaws in surveillance cameras

The threat activity echoes prior exploitation during the Israeli war with Hamas, a precursor to attacks against critical sectors in the U.S.

By David Jones • Updated March 6, 2026

Ransomware is now less about malware and more about impersonation

Stolen passwords have replaced infectious code as the most common tactic in major breaches, Cloudflare said.

By Eric Geller • March 3, 2026

How Microsoft, partners are tackling ‘huge, huge task’ of making security software safer

The technology giant and third-party security vendors are plotting an ambitious overhaul of how their products interoperate.

By Eric Geller • March 2, 2026

Building a risk-based data sanitization strategy: When to use Cryptographic erasure vs. physical destruction

Build your strategy on risk assessment, not on assumptions that one size fits all.

By Paul Falcone • March 2, 2026

‘Resurge’ malware can remain undetected on devices

CISA previously issued an alert about attacks that exploited a vulnerability in Ivanti Connect Secure.

By David Jones • Updated Feb. 27, 2026

CISA orders agencies to patch Cisco devices now under attack

The vulnerabilities, scored as critical, affect the company’s software-defined wide-area networking (SD-WAN) systems.

By Eric Geller • Feb. 25, 2026

Software vulnerabilities are being weaponized faster than ever

A report by VulnCheck shows threat groups are exploiting a small percentage of critical flaws well before security teams can mitigate.

By David Jones • Feb. 25, 2026

Hackers target vulnerabilities in Roundcube Webmail

CISA has added the flaws, one of which is considered critical, to its Known Exploited Vulnerabilities catalog.

By David Jones • Feb. 23, 2026

BeyondTrust Remote Support exploitation ramps up with backdoors, remote tools

Researchers warn that thousands of instances may still be vulnerable to exploitation activity.

By David Jones • Updated Feb. 20, 2026

Threat groups use AI to speed up and scale cyberattacks

A report from Palo Alto Networks finds hackers are increasingly using stolen identities and exploiting critical vulnerabilities within minutes of disclosure.

By David Jones • Feb. 18, 2026

Hackers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines

Threat actors linked to China have deployed a novel backdoor, according to researchers.

By David Jones • Updated Feb. 18, 2026

Critical flaw in BeyondTrust Remote Support sees early signs of exploitation

The vulnerability is a variant of a CVE linked to the 2024 hack of the U.S. Treasury Department, according to researchers.

By David Jones • Updated Feb. 16, 2026

SmarterMail facing widespread attacks targeting critical flaws

The business email and collaboration software is being exploited for potential ransomware.

By David Jones • Feb. 12, 2026