Vulnerability
-
Getty Images
WatchGuard warns critical flaw in Firebox devices facing exploitation
The company said the threat activity is part of a larger campaign against edge devices and internet-exposed infrastructure.
By David Jones • Updated Dec. 23, 2025 -
Getty Images
China-linked hackers exploit insecure setting in Cisco security products
The company urged customers to immediately reconfigure affected products.
By Eric Geller • Dec. 18, 2025 -
Retrieved from R. Eskalis/NIST.
NIST adds to AI security guidance with Cybersecurity Framework profile
Organizations have a new resource to map AI considerations onto NIST’s most famous security blueprint.
By Eric Geller • Dec. 17, 2025 -
iStock Editorial / Getty Images Plus via Getty Images
FortiGate devices targeted with malicious SSO logins
Researchers discovered threat activity less than a week after Fortinet disclosed critical vulnerabilities in multiple products.
By David Jones • Dec. 17, 2025 -
Getty Images
React2Shell attacks expand widely across multiple sectors
Researchers warn that state-linked and opportunistic actors are working to exploit flaws in React’s application tools.
By David Jones • Dec. 16, 2025 -
Getty Images
React issues new patches after security researchers flag additional flaws
Researchers warn that critical infrastructure providers and government sites are being targeted by state-linked attackers.
By David Jones • Dec. 12, 2025 -
Getty Images
React Server Components crisis escalates as security teams respond to compromises
Suspected North Korean actors target users with fake IT recruitment scheme.
By David Jones • Dec. 10, 2025 -
Justin Sullivan via Getty Images
Pro-Russia hacktivists launching attacks that could damage OT
The U.S. and its allies warned that defenders should take the hackers seriously, despite the attackers’ pattern of exaggerating their actual impact.
By Eric Geller • Dec. 10, 2025 -
Getty Images
State-linked groups target critical vulnerability in React Server Components
China-nexus threat groups have already begun targeting the flaw, creating widespread risk as nearly 40% of cloud environments are potentially impacted.
By David Jones • Updated Dec. 7, 2025 -
Brandon Bell via Getty Images
US, allies urge critical infrastructure operators to carefully plan and oversee AI use
New guidance attempts to temper companies’ enthusiasm for the latest exciting technology.
By Eric Geller • Dec. 4, 2025 -
Getty Images
Critical vulnerabilities found in React and Next.js
Researchers warn the flaws can be easily leveraged to achieve full remote code execution.
By David Jones • Dec. 4, 2025 -
iStock Editorial / Getty Images Plus via Getty Images
Fortinet FortiWeb flaws found in unsupported versions of web application firewall
Security researchers raise new concerns after the company previously failed to issue prompt security guidance.
By David Jones • Dec. 2, 2025 -
Sean Gallup via Getty Images
Microsoft tightens cloud login process to prevent common attack
Hackers have spent decades exploiting a ubiquitous type of vulnerability. Microsoft is trying to change that.
By Eric Geller • Nov. 26, 2025 -
Getty Images
SEC drops civil fraud case against SolarWinds
Cybersecurity and legal experts considered the case a potential precedent-setter for risk disclosure.
By David Jones • Nov. 20, 2025 -
iStock Editorial / Getty Images Plus via Getty Images
Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation
The medium severity vulnerability can be chained together with a critical flaw in the same product, which could help attackers gain additional capabilities.
By David Jones • Nov. 20, 2025 -
Getty Images
Hackers increasingly target operational technology, with manufacturing sector bearing the brunt
Companies should segment and monitor their networks to prevent hackers from crossing over from IT to OT, a new report said.
By Eric Geller • Nov. 18, 2025 -
Getty Images
Critical vulnerability in Fortinet FortiWeb is under exploitation
The company faces criticism as multiple researchers claim a silent patch was issued weeks before official guidance was released.
By David Jones • Nov. 17, 2025 -
Permission granted by Lenovo
Sponsored by Lenovo and SentinelOneAI-driven dynamic endpoint security is redefining trust
Network perimeters are gone. Modern security solutions must be proactive, dynamic and intelligent.
By Nima Baiati, Executive Director and General Manager, Commercial Software & Security Solutions, Lenovo • Nov. 17, 2025 -
Chip Somodevilla via Getty Images
Akira engaged in ransomware attacks against critical sectors
The group has stepped up threat activity by abusing edge devices and other tools, reaping hundreds of millions of dollars in illicit gains.
By David Jones • Updated Nov. 14, 2025 -
Getty Images
Sophisticated threat actor targeting zero-day flaws in Cisco ISE and Citrix
Hackers use custom malware to access multiple vulnerabilities, researchers from Amazon warn.
By David Jones • Nov. 12, 2025 -
Getty Images
Shadow AI is widespread — and executives use it the most
Employees in fields like health care and finance trust AI more than they trust their colleagues, according to a new report.
By Eric Geller • Nov. 12, 2025 -
David Ramos via Getty Images
Cisco detects new attack variant targeting vulnerable firewalls
Hackers may be able to overload unpatched devices, the company said.
By Eric Geller • Nov. 10, 2025 -
Permission granted by 10KMedia
Sponsored by 10KMediaYour AI-driven threat hunting is only as good as your data platform and pipeline
The data-centric foundation for modern threat hunting.
By Taylor Smith, Director of Product Marketing at Exaforce • Nov. 6, 2025 -
Getty Images
Hackers targeting Cisco IOS XE devices with BadCandy implant
Security researchers and Australian authorities warn that exploitation activity is ongoing.
By David Jones • Updated Nov. 5, 2025 -
Getty Images
Researchers warn of flaws that allow manipulation of Microsoft Teams messages
A report by Check Point shows hackers could forge identities and alter messages.
By David Jones • Nov. 4, 2025
