Vulnerability
-
Getty Images
State-linked groups target critical vulnerability in React Server Components
China-nexus threat groups have already begun targeting the flaw, creating widespread risk as nearly 40% of cloud environments are potentially impacted.
By David Jones • Updated 6Â hours ago -
Brandon Bell via Getty Images
US, allies urge critical infrastructure operators to carefully plan and oversee AI use
New guidance attempts to temper companies’ enthusiasm for the latest exciting technology.
By Eric Geller • Dec. 4, 2025 -
Getty Images
Critical vulnerabilities found in React and Next.js
Researchers warn the flaws can be easily leveraged to achieve full remote code execution.
By David Jones • Dec. 4, 2025 -
iStock Editorial / Getty Images Plus via Getty Images
Fortinet FortiWeb flaws found in unsupported versions of web application firewall
Security researchers raise new concerns after the company previously failed to issue prompt security guidance.
By David Jones • Dec. 2, 2025 -
Sean Gallup via Getty Images
Microsoft tightens cloud login process to prevent common attack
Hackers have spent decades exploiting a ubiquitous type of vulnerability. Microsoft is trying to change that.
By Eric Geller • Nov. 26, 2025 -
Getty Images
SEC drops civil fraud case against SolarWinds
Cybersecurity and legal experts considered the case a potential precedent-setter for risk disclosure.
By David Jones • Nov. 20, 2025 -
iStock Editorial / Getty Images Plus via Getty Images
Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation
The medium severity vulnerability can be chained together with a critical flaw in the same product, which could help attackers gain additional capabilities.
By David Jones • Nov. 20, 2025 -
Getty Images
Hackers increasingly target operational technology, with manufacturing sector bearing the brunt
Companies should segment and monitor their networks to prevent hackers from crossing over from IT to OT, a new report said.
By Eric Geller • Nov. 18, 2025 -
Getty Images
Critical vulnerability in Fortinet FortiWeb is under exploitation
The company faces criticism as multiple researchers claim a silent patch was issued weeks before official guidance was released.
By David Jones • Nov. 17, 2025 -
Permission granted by Lenovo
Sponsored by Lenovo and SentinelOneAI-driven dynamic endpoint security is redefining trust
Network perimeters are gone. Modern security solutions must be proactive, dynamic and intelligent.
By Nima Baiati, Executive Director and General Manager, Commercial Software & Security Solutions, Lenovo • Nov. 17, 2025 -
Chip Somodevilla via Getty Images
Akira engaged in ransomware attacks against critical sectors
The group has stepped up threat activity by abusing edge devices and other tools, reaping hundreds of millions of dollars in illicit gains.
By David Jones • Updated Nov. 14, 2025 -
Getty Images
Sophisticated threat actor targeting zero-day flaws in Cisco ISE and Citrix
Hackers use custom malware to access multiple vulnerabilities, researchers from Amazon warn.
By David Jones • Nov. 12, 2025 -
Getty Images
Shadow AI is widespread — and executives use it the most
Employees in fields like health care and finance trust AI more than they trust their colleagues, according to a new report.
By Eric Geller • Nov. 12, 2025 -
David Ramos via Getty Images
Cisco detects new attack variant targeting vulnerable firewalls
Hackers may be able to overload unpatched devices, the company said.
By Eric Geller • Nov. 10, 2025 -
Permission granted by 10KMedia
Sponsored by 10KMediaYour AI-driven threat hunting is only as good as your data platform and pipeline
The data-centric foundation for modern threat hunting.
By Taylor Smith, Director of Product Marketing at Exaforce • Nov. 6, 2025 -
Getty Images
Hackers targeting Cisco IOS XE devices with BadCandy implant
Security researchers and Australian authorities warn that exploitation activity is ongoing.
By David Jones • Updated Nov. 5, 2025 -
Getty Images
Researchers warn of flaws that allow manipulation of Microsoft Teams messages
A report by Check Point shows hackers could forge identities and alter messages.
By David Jones • Nov. 4, 2025 -
Getty Images
Windows Server Update Service exploitation ensnares at least 50 victims
Researchers say hackers could be gathering intelligence for future attacks, and authorities warn users to apply patches and check for compromise.
By David Jones • Oct. 31, 2025 -
Getty Images
CISA, NSA unveil best-practices guide to address ongoing Exchange Server risks
The guide follows CISA’s warnings in August about a high-severity vulnerability in Microsoft Exchange.
By David Jones • Oct. 30, 2025 -
Getty Images
CISA updates guidance and warns security teams on WSUS exploitation
The agency urges users to apply emergency patches from Microsoft to counter a serious threat.
By David Jones • Oct. 30, 2025 -
Getty Images
AI adoption outpaces corporate governance, security controls
Security and business leaders warn that companies are accelerating their use of agentic AI beyond the ability to maintain proper guardrails.
By David Jones • Oct. 29, 2025 -
Getty Images
Google probes exploitation of critical Windows service CVE
Researchers have traced the threat activity to a newly identified hacker, while separate evidence points to more than one variant.
By David Jones • Oct. 28, 2025 -
Getty Images
Hackers exploiting critical vulnerability in Windows Server Update Service
Microsoft has issued an out-of-band update and is urging users to immediately apply the patch.
By David Jones • Updated Oct. 27, 2025 -
Getty Images
Researchers warn of critical flaws in TP-Link routers
No active exploitation has been spotted, but the vendor and researchers advise users to apply updates immediately.
By David Jones • Oct. 24, 2025 -
Getty Images
AI security flaws afflict half of organizations
EY suggested ways for companies to reduce AI-related hacking risks.
By Eric Geller • Oct. 22, 2025
