Oracle E-Business Suite exploitation traced back as early as July

Researchers say an extortion campaign linked to the Clop ransomware group used a series of chained vulnerabilities and sophisticated malware.

By David Jones • Oct. 10, 2025

Extortion campaign targeting Oracle E-Business Suite customers linked to zero-day

Mandiant researchers said Clop ransomware is indeed linked to a series of emails threatening to release stolen data. 

By David Jones • Oct. 6, 2025

Cisco firewall flaws endanger nearly 50,000 devices worldwide

The U.S., the U.K. and Japan lead the list of the most vulnerable countries.

By Eric Geller • Sept. 30, 2025

CISA orders feds to patch Cisco flaws used in multiple agency hacks

One U.S. official called the ongoing cyberattack campaign “very sophisticated.”

By Eric Geller • Sept. 25, 2025

Critical infrastructure operators add more insecure industrial equipment online

The problem isn’t limited to legacy technology. New devices are exposed with critical vulnerabilities.

By Eric Geller • Sept. 25, 2025

Social engineering campaigns highlight the ability to exploit human behavior

A report by S&P says organizations should consider changes to strengthen cyber governance, training and awareness. 

By David Jones • Sept. 22, 2025

AI-powered vulnerability detection will make things worse, not better, former US cyber official warns

Patching won’t be able to keep up with discovery, said Rob Joyce, who once led the National Security Agency's elite hacking team.

By Eric Geller • Sept. 22, 2025

Evolving AI attacks, rapid model adoption worry cyber defenders

IT defenders think many of their security tools aren’t ready for AI-powered cyberattacks, according to a new report.

By Eric Geller • Sept. 19, 2025

CISA pledges robust support for funding, further development of CVE program

A key official from the agency said the vulnerability management program will continue with additional participation and enhancements.

By David Jones • Sept. 12, 2025

Researchers warn of zero-day vulnerability in SiteCore products

Mandiant said it was able to disarm a ViewState deserialization attack leveraging exposed ASP.NET keys.

By David Jones • Updated Sept. 4, 2025

NetScaler warns hackers are exploiting zero-day vulnerability

The company is urging customers to patch their devices immediately, saying the flaw could lead to denial of service or remote code execution.

By David Jones • Aug. 27, 2025

China-nexus hacker Silk Typhoon targeting cloud environments

The state-linked espionage group has exploited zero-day flaws in Commvault and Citrix Netscaler, researchers say.

By David Jones • Aug. 22, 2025

FBI, Cisco warn of Russia-linked hackers targeting critical infrastructure organizations

The intrusions have exploited a vulnerability in Cisco’s networking equipment software.

By Eric Geller • Aug. 20, 2025

The humble printer highlights overlooked security flaws

Failure to remediate known device vulnerabilities is a rampant problem, according to a study by HP.

By Matt Ashare • Aug. 18, 2025

Developers knowingly push vulnerable code, despite growing breach risk

Only three in 10 respondents said their application security programs were highly mature.

By Eric Geller • Aug. 15, 2025

CISA, Microsoft update guidance on Exchange Server vulnerability

Officials reiterated their belief that hackers were not exploiting the flaw, but nonetheless urged users to immediately check their systems.

By David Jones • Aug. 13, 2025

Xerox patches critical vulnerability in FreeFlow Core application

Researchers at Horizon3.ai discovered the flaw after flagging unusual behavior in a customer environment.

By David Jones • Updated Aug. 13, 2025

Citrix NetScaler flaws lead to critical infrastructure breaches

Dutch authorities said hackers penetrated several critical infrastructure providers, in a warning sign for vulnerable organizations elsewhere.

By Eric Geller • Updated Aug. 12, 2025

Research shows AI agents are highly vulnerable to hijacking attacks

Experts from Zenity Labs demonstrated how attackers could exploit widely deployed AI technologies for data theft and manipulation.

By David Jones • Aug. 11, 2025

DARPA touts value of AI-powered vulnerability detection as it announces competition winners

The U.S. military research agency hopes to foster a new ecosystem of autonomous vulnerability remediation.

By Eric Geller • Aug. 8, 2025

Financially motivated cluster a key player in ToolShell exploitation

Researchers from Palo Alto Networks detail ransomware deployment and malicious backdoors in a campaign against Microsoft SharePoint users.

By David Jones • Aug. 8, 2025

SonicWall says recent attack wave involved previously disclosed flaw, not zero-day

The company said it had linked recent hacks to customers’ use of legacy credentials when migrating from Gen 6 to Gen 7 firewalls.

By David Jones • Aug. 7, 2025

CISA, Microsoft warn about new Microsoft Exchange server vulnerability

The flaw could enable a hacker to perform a “total domain compromise” on affected systems, CISA said.

By David Jones • Updated Aug. 7, 2025

Top US energy companies frequently exposed to critical security flaws

A report from security firm SixMap shows that a large number of energy companies use equipment with vulnerabilities that are located on potentially exposed ports.

By David Jones • Aug. 6, 2025

SonicWall investigating possible zero-day related to firewall attacks

Researchers recently warned about a surge in Akira ransomware attacks linked to a potential SonicWall vulnerability.

By David Jones • Aug. 5, 2025