US, allies recommend security protections for AI models

The joint guidance comes as officials fear how hackers could manipulate AI systems, especially in critical infrastructure.

By Eric Geller • May 22, 2025

Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities

The company said additional CVEs may be necessary for flaws in related open-source libraries, but researchers are raising questions.  

By David Jones • Updated May 20, 2025

GOP lawmakers urge ban of networking vendor TP-Link, citing ties to China

The Trump administration is facing mounting pressure to formulate a strategy for addressing supply-chain threats that endanger national security.

By Eric Geller • May 15, 2025

SAP NetWeaver exploitation enters second wave of threat activity

Researchers are tracking hundreds of cases around the world and warning that the risk is more serious than previously known.

By David Jones • May 9, 2025

Ransomware claims dipped slightly in 2024, cyber insurer says

A major cyber insurer’s annual report lays out how hackers are trying to steal money and how its policyholders responded.

By Eric Geller • May 7, 2025

Operational impacts top list of vendor risk worries, study finds

The report comes as years of supply chain cyberattacks shine a spotlight on third-party risks.

By Eric Geller • May 1, 2025

AI-fueled cybercrime may outpace traditional defenses, Check Point warns

The security firm said in a new report that defenders should begin using AI to counter cyber criminals’ adoption of the technology.

By Eric Geller • April 30, 2025

Critical vulnerability in SAP NetWeaver Visual Composer leads to confirmed compromises

Thousands are exposed and potentially vulnerable as researchers warn of widespread exploitation.   

By David Jones • Updated April 30, 2025

Zero-day exploitation drops slightly from last year, Google report finds

Google’s threat intelligence team said software vendor security practices are making it harder for hackers to find flaws in some platforms.

By Eric Geller • April 29, 2025

FBI seeks public tips about Salt Typhoon

The bureau’s public alert follows months of conversations with the telecom industry about the far-reaching cyber espionage campaign by a Chinese nation-state threat actor.

By Eric Geller • April 28, 2025

Critical vulnerability in SAP NetWeaver under threat of active exploitation

Attackers have been observed dropping webshell backdoors and researchers warn the application is popular among government agencies.

By David Jones • Updated April 25, 2025

Threat groups exploit resurgent vulnerabilities

VPNs, routers and firewalls are being targeted via older CVEs, new GreyNoise research shows.

By David Jones • April 24, 2025

BEC scams, investment fraud accounted for biggest cybercrime losses in 2024

Americans lost $16.6 billion to cyber fraud last year, according to an FBI report, with phishing, spoofing and extortion topping the list of complaints.

By Eric Geller • April 23, 2025

Researchers warn of critical flaw found in Erlang OTP SSH

The CVE could allow unauthenticated attackers to gain full access to a device. Many of these devices are widely used in IoT and telecom platforms.

By David Jones • April 21, 2025

Microsoft strengthens in-house cyber governance, training

The technology giant, as part of its Secure Future Initiative program, has overhauled security practices following a series of crippling nation-state-linked cyberattacks.

By David Jones • April 21, 2025

How next-generation firewalls are evolving in a world of AI-enabled cyberattacks

Discover how Next-Generation Firewalls are adapting to combat AI-enabled cyberattacks and evolving to protect organizations in today's dynamic threat landscape.

By Rich Campagna, SVP of Product Management at Palo Alto Networks • April 21, 2025

Older SonicWall SMA100 vulnerability exploited in the wild

CISA added the high-severity flaw, initially disclosed in 2021, to its known exploited vulnerabilities catalog this week.

By Rob Wright • April 17, 2025

CISA warns companies to secure credentials amid Oracle Cloud breach claims

The agency is asking organizations to come forward if they detect suspicious activity or other evidence of a compromise.

By David Jones • April 17, 2025

Mitre CVE program regains funding as renewal deal reached

The information security industry feared a lapse would lead to industrywide exposures of software vulnerabilities.

By David Jones • April 16, 2025

Hertz says personal data breached in connection with Cleo file-transfer flaws

The company is the latest organization to investigate or disclose an incident linked to a monthslong attack spree.

By David Jones • April 15, 2025

Remote access tools most frequently targeted as ransomware entry points

Supply chain risk via third-party vendors increased sharply last year, according to a report by At-Bay.

By David Jones • April 11, 2025

Windows CLFS zero-day exploited in ransomware attacks

A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.

By David Jones • April 9, 2025

How AI Agents can help AppSec teams keep up with AI-generated code vulnerabilities

While AppSec teams are stuck with legacy scanners and backlogs, developers and hackers have adopted AI tools to accelerate their respective objectives.

By Charlie Klein, Director of Product Marketing, Jit • April 8, 2025

CISA adds Ivanti Connect Secure vulnerability to KEV catalog

CVE-2025-22457 is a critical stack buffer-overflow vulnerability. Ivanti had initially assessed as a low-level product bug that could not be exploited remotely.

By Rob Wright • April 7, 2025

House members press Commerce Secretary Lutnick on DOGE-related job cuts at NIST

The agency has already slashed dozens of probationary workers, and further cuts could have major consequences for cybersecurity standards and AI development. 

By David Jones • April 3, 2025