The Latest
-
Kevin Dietsch via Getty Images
Top lawmaker asks White House to address open-source software risks
The Senate Intelligence Committee’s chairman voiced concern about foreign adversaries tampering with code.
-
Getty Images
China-linked hackers exploit insecure setting in Cisco security products
The company urged customers to immediately reconfigure affected products.
-
Getty Images
State-linked and criminal hackers use device code phishing against M365 users
Russia-linked groups have attacked multiple sectors in recent months.
-
Getty Images
Rockrose Development suffers security breach affecting 47,000 people
The New York City-based firm recently found that unauthorized individuals hacked its systems and claimed to have acquired confidential information.
-
Getty Images
Surge of credential-based hacking targets Palo Alto Networks GlobalProtect
After weeks of unusual scanning activity, the same campaign took aim at Cisco SSL VPNs.
-
iStock Editorial / Getty Images Plus via Getty Images
FortiGate devices targeted with malicious SSO logins
Researchers discovered threat activity less than a week after Fortinet disclosed critical vulnerabilities in multiple products.
-
Retrieved from R. Eskalis/NIST.
NIST adds to AI security guidance with Cybersecurity Framework profile
Organizations have a new resource to map AI considerations onto NIST’s most famous security blueprint.
-
Samuel Corum via Getty Images
Russia-linked hackers breach critical infrastructure organizations via edge devices
New research offers the latest evidence that vulnerable network edge equipment is a pressing concern.
-
Getty Images
React2Shell attacks expand widely across multiple sectors
Researchers warn that state-linked and opportunistic actors are working to exploit flaws in React’s application tools.
-
Getty Images
CISOs view hybrid environments as best way to manage risk, compliance
Security leaders are also focused on the convergence of IT and operational technology as business continuity becomes a major concern.
Updated Dec. 15, 2025 -
Getty Images
Cybersecurity concerns are paramount among executives in almost all roles, regions and industries
A new survey finds widespread agreement that security is one of the biggest challenges facing companies today.
-
Getty Images
React issues new patches after security researchers flag additional flaws
Researchers warn that critical infrastructure providers and government sites are being targeted by state-linked attackers.
-
Getty Images
CISA updates cybersecurity benchmarks for critical infrastructure organizations
The agency streamlines and supplements goals it first issued in 2022.
-
Courtesy of Georgia Power
Grid-scale battery energy storage systems face heightened risk of cyberattack
Experts warn that state-linked threat groups are actively searching for ways to disrupt the industry amid growing power demand in the U.S.
-
Justin Sullivan via Getty Images
Pro-Russia hacktivists launching attacks that could damage OT
The U.S. and its allies warned that defenders should take the hackers seriously, despite the attackers’ pattern of exaggerating their actual impact.
-
Getty Images
React Server Components crisis escalates as security teams respond to compromises
Suspected North Korean actors target users with fake IT recruitment scheme.
-
Getty Images
Majority of global firms plan to boost cyber spending in 2026
A report by Marsh shows companies are also focused on third-party risk mitigation.
-
Getty Images
State-linked groups target critical vulnerability in React Server Components
China-nexus threat groups have already begun targeting the flaw, creating widespread risk as nearly 40% of cloud environments are potentially impacted.
Updated Dec. 7, 2025 -
Getty Images
Initial access brokers involved in more attacks, including on critical infrastructure
A research firm also finds nation-states aligning their cyberattacks more closely with geostrategic goals.
-
Chip Somodevilla via Getty Images
Ransomware peaked in 2023 prior to law enforcement actions
U.S. Treasury report shows drop in threat activity in the wake of aggressive takedown efforts.
-
Getty Images
Major drug research company confirms cyberattack compromised employee and partner data
Indiana-based Inotiv said it was still evaluating the hack’s impact on its business.
-
Getty Images
China-nexus actor targets multiple US entities with Brickstorm malware
Researchers outline a campaign targeting U.S. companies, and CISA warns of attacks on government services and IT firms.
Updated Dec. 5, 2025 -
Getty Images
CISA eliminates pay incentives as it changes how it retains top cyber talent
Auditors had described the program as poorly managed. CISA is scrapping it in favor of another recruitment tool.
-
Brandon Bell via Getty Images
US, allies urge critical infrastructure operators to carefully plan and oversee AI use
New guidance attempts to temper companies’ enthusiasm for the latest exciting technology.
-
Getty Images
Critical vulnerabilities found in React and Next.js
Researchers warn the flaws can be easily leveraged to achieve full remote code execution.
