Vulnerability
-
Getty Images
CISA, security researchers warn FortiCloud SSO flaw is under attack
The exploitation activity comes weeks after a similar authentication bypass vulnerability was found.
By David Jones • Jan. 29, 2026 -
Getty Images
Corporate workers lean on shadow AI to enhance speed
A report shows senior corporate executives are willing to allow unsanctioned AI use, which could place company data at risk.
By David Jones • Updated Jan. 28, 2026 -
Getty Images
AI tools break quickly, underscoring need for governance
In a new report, the security firm Zscaler said it identified severe vulnerabilities in every enterprise tool it tested — sometimes on its first prompt.
By Eric Geller • Jan. 28, 2026 -
Win McNamee via Getty Images
Interconnectedness, extortion risk make cybersecurity a healthcare C-suite priority
A new report from Trellix reviews the biggest breaches, describes the most effective defenses and profiles the most dangerous attackers.
By Eric Geller • Jan. 27, 2026 -
R. Eskalis/NIST. Retrieved from NIST.
NIST is rethinking its role in analyzing software vulnerabilities
As the agency’s vulnerability database buckles under a flood of submissions, it’s planning to shift some responsibilities to other parties.
By Eric Geller • Jan. 23, 2026 -
Getty Images
Critical flaw in Fortinet FortiSIEM targeted in exploitation threat
Researchers originally disclosed the vulnerability in August 2025, however, a proof of concept and an advisory were just released.
By David Jones • Jan. 16, 2026 -
Getty Images
Critical flaw in AWS Console risked compromise of build environment
The CodeBreach vulnerability could have enabled a massive supply chain attack, researchers warn.
By David Jones • Updated Jan. 15, 2026 -
peshkov via Getty Images
Critical vulnerability found in n8n workflow automation platform
The open-source platform is widely used across enterprise environments, leaving thousands of instances at risk.
By David Jones • Jan. 12, 2026 -
Sean Gallup via Getty Images
Telecom sector sees steady rise in ransomware attacks
A new threat intelligence report described a potent mix of unpatched flaws and lax perimeter controls.
By Eric Geller • Jan. 9, 2026 -
Getty Images
Risky shadow AI use remains widespread
A new report offers fresh evidence for why enterprises should prioritize AI governance policies.
By Eric Geller • Jan. 6, 2026 -
Getty Images
Thousands of firewalls at risk as legacy flaw in Fortinet faces renewed threat
The company in December warned of recent attacks targeting a 2020 vulnerability.
By David Jones • Updated Jan. 5, 2026 -
Getty Images
WatchGuard warns critical flaw in Firebox devices facing exploitation
The company said the threat activity is part of a larger campaign against edge devices and internet-exposed infrastructure.
By David Jones • Updated Dec. 23, 2025 -
Getty Images
China-linked hackers exploit insecure setting in Cisco security products
The company urged customers to immediately reconfigure affected products.
By Eric Geller • Dec. 18, 2025 -
R. Eskalis/NIST. Retrieved from NIST.
NIST adds to AI security guidance with Cybersecurity Framework profile
Organizations have a new resource to map AI considerations onto NIST’s most famous security blueprint.
By Eric Geller • Dec. 17, 2025 -
iStock Editorial / Getty Images Plus via Getty Images
FortiGate devices targeted with malicious SSO logins
Researchers discovered threat activity less than a week after Fortinet disclosed critical vulnerabilities in multiple products.
By David Jones • Dec. 17, 2025 -
Getty Images
React2Shell attacks expand widely across multiple sectors
Researchers warn that state-linked and opportunistic actors are working to exploit flaws in React’s application tools.
By David Jones • Dec. 16, 2025 -
Getty Images
React issues new patches after security researchers flag additional flaws
Researchers warn that critical infrastructure providers and government sites are being targeted by state-linked attackers.
By David Jones • Dec. 12, 2025 -
Getty Images
React Server Components crisis escalates as security teams respond to compromises
Suspected North Korean actors target users with fake IT recruitment scheme.
By David Jones • Dec. 10, 2025 -
Justin Sullivan via Getty Images
Pro-Russia hacktivists launching attacks that could damage OT
The U.S. and its allies warned that defenders should take the hackers seriously, despite the attackers’ pattern of exaggerating their actual impact.
By Eric Geller • Dec. 10, 2025 -
Getty Images
State-linked groups target critical vulnerability in React Server Components
China-nexus threat groups have already begun targeting the flaw, creating widespread risk as nearly 40% of cloud environments are potentially impacted.
By David Jones • Updated Dec. 7, 2025 -
Brandon Bell via Getty Images
US, allies urge critical infrastructure operators to carefully plan and oversee AI use
New guidance attempts to temper companies’ enthusiasm for the latest exciting technology.
By Eric Geller • Dec. 4, 2025 -
Getty Images
Critical vulnerabilities found in React and Next.js
Researchers warn the flaws can be easily leveraged to achieve full remote code execution.
By David Jones • Dec. 4, 2025 -
iStock Editorial / Getty Images Plus via Getty Images
Fortinet FortiWeb flaws found in unsupported versions of web application firewall
Security researchers raise new concerns after the company previously failed to issue prompt security guidance.
By David Jones • Dec. 2, 2025 -
Sean Gallup via Getty Images
Microsoft tightens cloud login process to prevent common attack
Hackers have spent decades exploiting a ubiquitous type of vulnerability. Microsoft is trying to change that.
By Eric Geller • Nov. 26, 2025 -
Getty Images
SEC drops civil fraud case against SolarWinds
Cybersecurity and legal experts considered the case a potential precedent-setter for risk disclosure.
By David Jones • Nov. 20, 2025
