Subscribe below for free to get these delivered straight to your inbox
CISA, the NSA, and international partners released urgent guidance to harden on-premise Microsoft Exchange servers against ongoing cyber attacks and exploitation.
A new security feature was discovered in Windows 11 Insider builds that protects LAPS-managed local administrator accounts by blocking manual password changes.
Amazon Web Services (AWS) is building a multibillion-dollar, multistate data center complex, codenamed Project Atlas, to power AI models for its partner Anthropic.
A guide for lean security teams on hardening Google Workspace. Learn why environments built for collaboration are vulnerable and how to close security blind spots.
Microsoft’s Windows 11 KB5067036 preview update introduces the Administrator Protection feature, enhancing security with Just-in-Time (JIT) privilege elevation.
The Python Software Foundation (PSF) has officially rejected a $1.5 million grant from the U.S. government’s NTIA, citing non-negotiable terms that could compromise its mission and global community obligations.
Researchers discovered 10 malicious npm packages that deliver info-stealing malware to Windows, macOS, and Linux systems, harvesting credentials from browsers.
Global advertising firm Dentsu confirms a data breach at its subsidiary Merkle. A threat actor accessed an Atlassian server, stealing project files and client data.
Cybersecurity researchers at SPLX have uncovered an “AI-targeted cloaking” attack that tricks AI crawlers from services like ChatGPT into citing fake information.
A free expert webinar on Oct 29, 2025, will cover practical AI tactics for GRC. Learn how AI is speeding up audits and the new compliance risks it introduces.
Nudge Security released a free guide for organizations to discover Shadow AI, the unsanctioned use of AI tools. This guide helps security teams mitigate new risks.
BeyondTrust’s annual cybersecurity report highlights critical identity-based threats for 2026, focusing on unmanaged identity debt and the rise of agentic AI.
Cybersecurity firm Phylum uncovered malicious NPM packages deploying a Rust-based infostealer. The malware targeted Windows, Linux, and macOS developer systems.
Microsoft’s Azure cloud computing platform experienced a major service outage, disrupting access to Office 365, Minecraft, Microsoft Teams, and other services.
Google DeepMind introduces Genie, a new 11B-parameter AI model that can generate fully playable 2D platformer video games from a single image or text prompt.
Billions of usernames and passwords from numerous past breaches were compiled and published online, exposing Gmail and other accounts due to password reuse.
An analysis based on verifiable information regarding allegations of ‘sex warfare’ espionage by China and Russia targeting technology executives for corporate secrets.
Experian has acquired KYC360, a SaaS provider for KYC, KYB, and AML. The move will integrate KYC360’s risk intelligence platform into Experian’s CrossCore system.
The U.S. CISA has added critical vulnerabilities in Dassault Systèmes and XWiki products to its KEV catalog, confirming they are under active exploitation.
Cyber espionage group SideWinder targeted South Asian diplomats with a new PDF and ClickOnce attack chain from March to September 2025, deploying info-stealing malware.
Google has officially disputed widespread rumors of a massive Gmail data breach, confirming its systems were not compromised and the data originated from other breaches.
The BlueNoroff APT group is targeting crypto startups with sophisticated social engineering campaigns named GhostHire and GhostCall, using fake job offers to steal funds.
Researchers have discovered ‘Herodotus,’ a new Android banking trojan in campaigns targeting Italy and Brazil. The malware mimics human behavior to bypass biometrics.
Researchers developed TEE.Fail, a side-channel attack using a low-cost device to physically inspect DDR5 memory and extract keys from Intel and AMD TEEs.
Learn how early threat detection directly impacts long-term business growth. Proactive threat intelligence lowers incident costs, protects revenue, and ensures uptime.
A data breach at a Nelnet Servicing and OSLA vendor exposed the personal information of 2.5 million student loan borrowers, including names, addresses, and SSNs.
Healthcare organizations confront major cybersecurity risks from legacy medical devices that no longer receive manufacturer patches. Asset management and network segmentation are key strategies for managing these vulnerabilities and ensuring…
Privacy group NOYB has filed a criminal complaint in Austria against Clearview AI, alleging unlawful mass surveillance and multiple GDPR violations by the company.
Cybersecurity experts at vpnMentor discovered a data leak of 183 million passwords from various websites, issuing an alert to Gmail users who reuse credentials.
Data protection authority rulings and technical analyses have confirmed that IP address truncation is not a valid method for true anonymization. Learn the facts.
Discover how ESET MDR transforms cybersecurity from a reactive to a resilient posture with proactive defense, AI-driven threat detection, and robust encryption.
Microsoft disabled File Explorer’s preview pane for downloads to block NTLM credential theft. This critical update prevents attackers from stealing user credentials via malicious files.
Discover the factual differences between traditional passwords and modern passkeys. Learn how passkey technology uses public-key cryptography to prevent phishing.
Discover the factual methods foreign adversaries, including China and Russia, use to weaponize the intelligence revolution through AI, data collection, and disinformation.
Researchers from Kaspersky expose GhostCall and GhostHire, new malware campaigns by North Korea’s BlueNoroff group targeting Web3 and blockchain firms via macOS.
Learn five essential Google Workspace security settings that administrators can implement today. Fortify your organization by enforcing 2-Step Verification and DLP.
PayPal users are targets of a scam using fraudulent invoices sent via PayPal’s system. Experts warn users not to pay or call the numbers listed in these attacks.
A Neato Botvac Connected owner discovered his smart vacuum was sending a detailed, unencrypted map of his home’s floor plan to an Amazon Web Services server.
The Qilin ransomware group, one of 2025’s most active RaaS operations, targets global industries using a hybrid attack with a Linux payload and BYOVD exploit.
Security firm NeuralTrust reports a prompt injection vulnerability in OpenAI’s new Atlas web browser. Attackers can use fake URLs to execute hidden commands.
X is requiring users with 2FA security keys and passkeys to re-enroll them by November 10, 2025, to avoid account lockouts due to its domain migration.
A 2022 Chainalysis report reveals ransomware profits fell 40% to $456.8 million as victims increasingly refuse to pay. Payment rates dropped from 85% to 41%.
X, formerly Twitter, required users with security key two-factor authentication (2FA) to re-enroll their keys by November 10, 2023, to avoid account lockout.
Microsoft is testing a new feature in Windows 11 Insider builds that prompts users to run a memory diagnostic scan after a BSOD crash to troubleshoot RAM issues.
You must be logged in to post a comment.