Vulnerability
-
Permission granted by Lenovo
Sponsored by Lenovo and SentinelOneAI-driven dynamic endpoint security is redefining trust
Network perimeters are gone. Modern security solutions must be proactive, dynamic and intelligent.
By Nima Baiati, Executive Director and General Manager, Commercial Software & Security Solutions, Lenovo • Nov. 17, 2025 -
Chip Somodevilla via Getty Images
Akira actively engaged in ransomware attacks against critical sectors
The group has stepped up threat activity by abusing edge devices and other tools, reaping hundreds of millions of dollars in illicit gains.
By David Jones • Updated Nov. 14, 2025 -
Getty Images
Sophisticated threat actor targeting zero-day flaws in Cisco ISE and Citrix
Hackers use custom malware to access multiple vulnerabilities, researchers from Amazon warn.
By David Jones • Nov. 12, 2025 -
Getty Images
Shadow AI is widespread — and executives use it the most
Employees in fields like health care and finance trust AI more than they trust their colleagues, according to a new report.
By Eric Geller • Nov. 12, 2025 -
David Ramos via Getty Images
Cisco detects new attack variant targeting vulnerable firewalls
Hackers may be able to overload unpatched devices, the company said.
By Eric Geller • Nov. 10, 2025 -
Permission granted by 10KMedia
Sponsored by 10KMediaYour AI-driven threat hunting is only as good as your data platform and pipeline
The data-centric foundation for modern threat hunting.
By Taylor Smith, Director of Product Marketing at Exaforce • Nov. 6, 2025 -
Getty Images
Hackers targeting Cisco IOS XE devices with BadCandy implant
Security researchers and Australian authorities warn that exploitation activity is ongoing.
By David Jones • Updated Nov. 5, 2025 -
Getty Images
Researchers warn of flaws that allow manipulation of Microsoft Teams messages
A report by Check Point shows hackers could forge identities and alter messages.
By David Jones • Nov. 4, 2025 -
Getty Images
Windows Server Update Service exploitation ensnares at least 50 victims
Researchers say hackers could be gathering intelligence for future attacks, and authorities warn users to apply patches and check for compromise.
By David Jones • Oct. 31, 2025 -
Getty Images
CISA, NSA unveil best-practices guide to address ongoing Exchange Server risks
The guide follows CISA’s warnings in August about a high-severity vulnerability in Microsoft Exchange.
By David Jones • Oct. 30, 2025 -
Getty Images
CISA updates guidance and warns security teams on WSUS exploitation
The agency urges users to apply emergency patches from Microsoft to counter a serious threat.
By David Jones • Oct. 30, 2025 -
Getty Images
AI adoption outpaces corporate governance, security controls
Security and business leaders warn that companies are accelerating their use of agentic AI beyond the ability to maintain proper guardrails.
By David Jones • Oct. 29, 2025 -
Getty Images
Google probes exploitation of critical Windows service CVE
Researchers have traced the threat activity to a newly identified hacker, while separate evidence points to more than one variant.
By David Jones • Oct. 28, 2025 -
Getty Images
Hackers exploiting critical vulnerability in Windows Server Update Service
Microsoft has issued an out-of-band update and is urging users to immediately apply the patch.
By David Jones • Updated Oct. 27, 2025 -
Getty Images
Researchers warn of critical flaws in TP-Link routers
No active exploitation has been spotted, but the vendor and researchers advise users to apply updates immediately.
By David Jones • Oct. 24, 2025 -
Getty Images
AI security flaws afflict half of organizations
EY suggested ways for companies to reduce AI-related hacking risks.
By Eric Geller • Oct. 22, 2025 -
Getty Images
F5 supply chain hack endangers more than 600,000 internet-connected devices
The enterprise device vendor has patched several vulnerabilities that hackers discovered after breaching its networks.
By Eric Geller • Oct. 17, 2025 -
Courtesy of F5 Press Kit
Nation-state hackers breached sensitive F5 systems, stole customer data
The federal government is scrambling to determine if any agencies have been hacked.
By Eric Geller • Oct. 15, 2025 -
Getty Images
Oracle E-Business Suite exploitation traced back as early as July
Researchers say an extortion campaign linked to the Clop ransomware group used a series of chained vulnerabilities and sophisticated malware.
By David Jones • Oct. 10, 2025 -
Getty Images
Extortion campaign targeting Oracle E-Business Suite customers linked to zero-day
Mandiant researchers said Clop ransomware is indeed linked to a series of emails threatening to release stolen data.
By David Jones • Oct. 6, 2025 -
Getty Images
Cisco firewall flaws endanger nearly 50,000 devices worldwide
The U.S., the U.K. and Japan lead the list of the most vulnerable countries.
By Eric Geller • Sept. 30, 2025 -
Getty Images
CISA orders feds to patch Cisco flaws used in multiple agency hacks
One U.S. official called the ongoing cyberattack campaign “very sophisticated.”
By Eric Geller • Sept. 25, 2025 -
Drew Angerer via Getty Images
Critical infrastructure operators add more insecure industrial equipment online
The problem isn’t limited to legacy technology. New devices are exposed with critical vulnerabilities.
By Eric Geller • Sept. 25, 2025 -
Getty Images
Social engineering campaigns highlight the ability to exploit human behavior
A report by S&P says organizations should consider changes to strengthen cyber governance, training and awareness.
By David Jones • Sept. 22, 2025 -
Getty Images
AI-powered vulnerability detection will make things worse, not better, former US cyber official warns
Patching won’t be able to keep up with discovery, said Rob Joyce, who once led the National Security Agency's elite hacking team.
By Eric Geller • Sept. 22, 2025
