Vulnerability
-
Getty Images
Ivanti EPMM exploitation widespread as governments, others targeted
Researchers warn the activity shows evidence of initial access brokers preparing for future attacks.
By David Jones • Feb. 10, 2026 -
Getty Images
Threat actors target SolarWinds Web Help Desk flaw
Researchers say hackers are using remote monitoring and other tools in compromised environments.
By David Jones • Feb. 9, 2026 -
Getty Images
Critical flaw in SolarWinds Web Help Desk under exploitation
The vulnerability could allow an attacker to achieve remote code execution.
By David Jones • Updated Feb. 5, 2026 -
Getty Images
Autonomous attacks ushered cybercrime into AI era in 2025
Malwarebytes urged companies to adopt continuous monitoring and lock down identity systems as AI models get better at orchestrating intrusions.
By Eric Geller • Feb. 4, 2026 -
Markus Spiske
React2Shell exploitation undergoes significant change in threat activity
Researchers see a sudden consolidation of source IPs since late January.
By David Jones • Updated Feb. 4, 2026 -
Getty Images
Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts
Security researchers warn that the initial threat activity was highly targeted, as a limited number of users were impacted prior to disclosure.
By David Jones • Feb. 3, 2026 -
Getty Images
Cybersecurity 2026: AI, CISA, manufacturing sector all in the hot seat
A look at the most important trends and issues in cyber this year.
By Cybersecurity Dive Staff • Jan. 30, 2026 -
Justin Sullivan / Staff via Getty Images
Cisco sees vulnerability exploitation top phishing in Q4
The company’s recommendations included monitoring for abuses of multifactor authentication, a growing threat to the enterprise.
By Eric Geller • Jan. 30, 2026 -
Getty Images
CISA, security researchers warn FortiCloud SSO flaw is under attack
The exploitation activity comes weeks after a similar authentication bypass vulnerability was found.
By David Jones • Jan. 29, 2026 -
Getty Images
Corporate workers lean on shadow AI to enhance speed
A report shows senior corporate executives are willing to allow unsanctioned AI use, which could place company data at risk.
By David Jones • Updated Jan. 28, 2026 -
Getty Images
AI tools break quickly, underscoring need for governance
In a new report, the security firm Zscaler said it identified severe vulnerabilities in every enterprise tool it tested — sometimes on its first prompt.
By Eric Geller • Jan. 28, 2026 -
Win McNamee via Getty Images
Interconnectedness, extortion risk make cybersecurity a healthcare C-suite priority
A new report from Trellix reviews the biggest breaches, describes the most effective defenses and profiles the most dangerous attackers.
By Eric Geller • Jan. 27, 2026 -
R. Eskalis/NIST. Retrieved from NIST.
NIST is rethinking its role in analyzing software vulnerabilities
As the agency’s vulnerability database buckles under a flood of submissions, it’s planning to shift some responsibilities to other parties.
By Eric Geller • Jan. 23, 2026 -
Getty Images
Critical flaw in Fortinet FortiSIEM targeted in exploitation threat
Researchers originally disclosed the vulnerability in August 2025, however, a proof of concept and an advisory were just released.
By David Jones • Jan. 16, 2026 -
Getty Images
Critical flaw in AWS Console risked compromise of build environment
The CodeBreach vulnerability could have enabled a massive supply chain attack, researchers warn.
By David Jones • Updated Jan. 15, 2026 -
peshkov via Getty Images
Critical vulnerability found in n8n workflow automation platform
The open-source platform is widely used across enterprise environments, leaving thousands of instances at risk.
By David Jones • Jan. 12, 2026 -
Sean Gallup via Getty Images
Telecom sector sees steady rise in ransomware attacks
A new threat intelligence report described a potent mix of unpatched flaws and lax perimeter controls.
By Eric Geller • Jan. 9, 2026 -
Getty Images
Risky shadow AI use remains widespread
A new report offers fresh evidence for why enterprises should prioritize AI governance policies.
By Eric Geller • Jan. 6, 2026 -
Getty Images
Thousands of firewalls at risk as legacy flaw in Fortinet faces renewed threat
The company in December warned of recent attacks targeting a 2020 vulnerability.
By David Jones • Updated Jan. 5, 2026 -
Getty Images
WatchGuard warns critical flaw in Firebox devices facing exploitation
The company said the threat activity is part of a larger campaign against edge devices and internet-exposed infrastructure.
By David Jones • Updated Dec. 23, 2025 -
Getty Images
China-linked hackers exploit insecure setting in Cisco security products
The company urged customers to immediately reconfigure affected products.
By Eric Geller • Dec. 18, 2025 -
R. Eskalis/NIST. Retrieved from NIST.
NIST adds to AI security guidance with Cybersecurity Framework profile
Organizations have a new resource to map AI considerations onto NIST’s most famous security blueprint.
By Eric Geller • Dec. 17, 2025 -
iStock Editorial / Getty Images Plus via Getty Images
FortiGate devices targeted with malicious SSO logins
Researchers discovered threat activity less than a week after Fortinet disclosed critical vulnerabilities in multiple products.
By David Jones • Dec. 17, 2025 -
Getty Images
React2Shell attacks expand widely across multiple sectors
Researchers warn that state-linked and opportunistic actors are working to exploit flaws in React’s application tools.
By David Jones • Dec. 16, 2025 -
Getty Images
React issues new patches after security researchers flag additional flaws
Researchers warn that critical infrastructure providers and government sites are being targeted by state-linked attackers.
By David Jones • Dec. 12, 2025
