Vulnerability


  • close up of a worker holding  up a tablet
    Image attribution tooltip
    Dragos Condrea via Getty Images
    Image attribution tooltip

    Outage disrupts some SentinelOne services

    Company executives said there was no indication the incident was the result of a security issue.

    By May 29, 2025
  • An illustration of a calendar, with a mouse cursor clicking on a day
    Image attribution tooltip
    iStock / Getty Images Plus via Getty Images
    Image attribution tooltip

    Google: China-backed hackers hiding malware in calendar events

    The APT41 nation-state threat group is exploiting yet another cloud service to mask its operations, according to new research.

    By May 29, 2025
  • Broadband connections
    Image attribution tooltip
    NicoElNino via Getty Images
    Image attribution tooltip

    Thousands of ASUS routers compromised in sophisticated hacking campaign

    Researchers have previously linked the suspected threat actor, dubbed ViciousTrap, to the exploitation of Cisco routers.

    By May 29, 2025
  • A cargo pallet filled with rockets and covered in safety straps sits on a tarmac at night.
    Image attribution tooltip
    Sean Gallup via Getty Images
    Image attribution tooltip

    Microsoft, Dutch government discover new Russian hacking group

    The findings highlight the vulnerability of all critical infrastructure firms to similar attack methods.

    By Updated May 28, 2025
  • More than two dozen world leaders, tech executives, and experts stand in several rows on blue carpeted steps in front of a backdrop that says "AI Safety Summit"
    Image attribution tooltip
    Leon Neal via Getty Images
    Image attribution tooltip

    US, allies recommend security protections for AI models

    The joint guidance comes as officials fear how hackers could manipulate AI systems, especially in critical infrastructure.

    By May 22, 2025
  • Cyberhackers-Ransomware
    Image attribution tooltip
    (Gorodenkoff) via Getty Images
    Image attribution tooltip

    Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities

    The company said additional CVEs may be necessary for flaws in related open-source libraries, but researchers are raising questions.  

    By Updated May 20, 2025
  • A woman wearing a surgical mask stands in front of a booth for the Chinese networking company TP-Link at a German consumer electronics trade show.
    Image attribution tooltip
    Sean Gallup via Getty Images
    Image attribution tooltip

    GOP lawmakers urge ban of networking vendor TP-Link, citing ties to China

    The Trump administration is facing mounting pressure to formulate a strategy for addressing supply-chain threats that endanger national security.

    By May 15, 2025
  • An SAP logo is seen on a building in Frankfurt, Germany, on September 1, 2024.
    Image attribution tooltip
    Victor Golmer via Getty Images
    Image attribution tooltip

    SAP NetWeaver exploitation enters second wave of threat activity

    Researchers are tracking hundreds of cases around the world and warning that the risk is more serious than previously known.

    By May 9, 2025
  • exclamation point depicted hovering above network infrastructure
    Image attribution tooltip
    Just_Super/Getty Images via Getty Images
    Image attribution tooltip

    Ransomware claims dipped slightly in 2024, cyber insurer says

    A major cyber insurer’s annual report lays out how hackers are trying to steal money and how its policyholders responded.

    By May 7, 2025
  • chief legal officer serving as corporate secretary
    Image attribution tooltip
    rorodenkoff via Getty Images
    Image attribution tooltip

    Operational impacts top list of vendor risk worries, study finds

    The report comes as years of supply chain cyberattacks shine a spotlight on third-party risks.

    By May 1, 2025
  • A text bubble labeled "AI" alludes to an image of ChatGPT.
    Image attribution tooltip
    Stock Photo via Getty Images
    Image attribution tooltip

    AI-fueled cybercrime may outpace traditional defenses, Check Point warns

    The security firm said in a new report that defenders should begin using AI to counter cyber criminals’ adoption of the technology.

    By April 30, 2025
  • SAP logo displayed on a building in Walldorf, Germany on July 29, 2024.
    Image attribution tooltip
    Victor Golmer via Getty Images
    Image attribution tooltip

    Critical vulnerability in SAP NetWeaver Visual Composer leads to confirmed compromises

    Thousands are exposed and potentially vulnerable as researchers warn of widespread exploitation.   

    By Updated April 30, 2025
  • Cyber security  firewall interface protection concept. Businesswoman protecting herself from cyber attacks. Personal data security and banking
    Image attribution tooltip
    Getty Images via Getty Images
    Image attribution tooltip

    Zero-day exploitation drops slightly from last year, Google report finds

    Google’s threat intelligence team said software vendor security practices are making it harder for hackers to find flaws in some platforms.

    By April 29, 2025
  • The FBI seal
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    FBI seeks public tips about Salt Typhoon

    The bureau’s public alert follows months of conversations with the telecom industry about the far-reaching cyber espionage campaign by a Chinese nation-state threat actor.

    By April 28, 2025
  • An SAP logo is seen on a building in Frankfurt, Germany, on September 1, 2024.
    Image attribution tooltip
    Victor Golmer via Getty Images
    Image attribution tooltip

    Critical vulnerability in SAP NetWeaver under threat of active exploitation

    Attackers have been observed dropping webshell backdoors and researchers warn the application is popular among government agencies.

    By Updated April 25, 2025
  • Green lights show behind plugged-in cables.
    Image attribution tooltip
    gorodenkoff/iStock via Getty Images
    Image attribution tooltip

    Threat groups exploit resurgent vulnerabilities

    VPNs, routers and firewalls are being targeted via older CVEs, new GreyNoise research shows.

    By April 24, 2025
  • The FBI seal
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    BEC scams, investment fraud accounted for biggest cybercrime losses in 2024

    Americans lost $16.6 billion to cyber fraud last year, according to an FBI report, with phishing, spoofing and extortion topping the list of complaints.

    By April 23, 2025
  • Telecom network above a city
    Image attribution tooltip
    NicoElNino via Getty Images
    Image attribution tooltip

    Researchers warn of critical flaw found in Erlang OTP SSH

    The CVE could allow unauthenticated attackers to gain full access to a device. Many of these devices are widely used in IoT and telecom platforms.

    By April 21, 2025
  • A sign is seen at the Microsoft headquarters on July 3, 2024 in Redmond, Washington.
    Image attribution tooltip
    David Ryder via Getty Images
    Image attribution tooltip

    Microsoft strengthens in-house cyber governance, training

    The technology giant, as part of its Secure Future Initiative program, has overhauled security practices following a series of crippling nation-state-linked cyberattacks.

    By April 21, 2025
  • AI icon and vulnerability alert on screen, symbolizing real-time cybersecurity against non-human identity threats.
    Image attribution tooltip

    Image generated by ChatGPT / OpenAI

    Image attribution tooltip
    Sponsored by Palo Alto Networks

    How next-generation firewalls are evolving in a world of AI-enabled cyberattacks

    Discover how Next-Generation Firewalls are adapting to combat AI-enabled cyberattacks and evolving to protect organizations in today's dynamic threat landscape.

    By Rich Campagna, SVP of Product Management at Palo Alto Networks • April 21, 2025
  • Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol. 3d rendering.
    Image attribution tooltip
    Getty Images via Getty Images
    Image attribution tooltip

    Older SonicWall SMA100 vulnerability exploited in the wild

    CISA added the high-severity flaw, initially disclosed in 2021, to its known exploited vulnerabilities catalog this week.

    By April 17, 2025
  • Oracle office in Lehi City, Utah, USA, June 25, 2023.
    Image attribution tooltip
    JHVEPhoto via Getty Images
    Image attribution tooltip

    CISA warns companies to secure credentials amid Oracle Cloud breach claims

    The agency is asking organizations to come forward if they detect suspicious activity or other evidence of a compromise.

    By April 17, 2025
  • Smiling businesswoman in headphones taking notes, working with laptop and talking smartphone, blue glowing information protection icons. Padlock, cloud and digital interface. Cyber security concept - stock photo
    Image attribution tooltip
    iStock via Getty Images
    Image attribution tooltip

    Mitre CVE program regains funding as renewal deal reached

    The information security industry feared a lapse would lead to industrywide exposures of software vulnerabilities.

    By April 16, 2025
  • A gray four-door crossover vehicle with a woman seated with her hand on the steering wheel is parked in front of a Hertz building.
    Image attribution tooltip
    Courtesy of Hertz/GM
    Image attribution tooltip

    Hertz says personal data breached in connection with Cleo file-transfer flaws

    The company is the latest organization to investigate or disclose an incident linked to a monthslong attack spree.

    By April 15, 2025
  • Person using multiple devices.
    Image attribution tooltip
    AntonioGuillem/Getty Images Plus via Getty Images
    Image attribution tooltip

    Remote access tools most frequently targeted as ransomware entry points

    Supply chain risk via third-party vendors increased sharply last year, according to a report by At-Bay.

    By April 11, 2025