Vulnerability
-
Getty Images
Windows Server Update Service exploitation ensnares at least 50 victims
Researchers say hackers could be gathering intelligence for future attacks, and authorities warn users to apply patches and check for compromise.
By David Jones • Oct. 31, 2025 -
Getty Images
CISA, NSA unveil best-practices guide to address ongoing Exchange Server risks
The guide follows CISA’s warnings in August about a high-severity vulnerability in Microsoft Exchange.
By David Jones • Oct. 30, 2025 -
Getty Images
CISA updates guidance and warns security teams on WSUS exploitation
The agency urges users to apply emergency patches from Microsoft to counter a serious threat.
By David Jones • Oct. 30, 2025 -
Getty Images
AI adoption outpaces corporate governance, security controls
Security and business leaders warn that companies are accelerating their use of agentic AI beyond the ability to maintain proper guardrails.
By David Jones • Oct. 29, 2025 -
Getty Images
Google probes exploitation of critical Windows service CVE
Researchers have traced the threat activity to a newly identified hacker, while separate evidence points to more than one variant.
By David Jones • Oct. 28, 2025 -
Getty Images
Hackers exploiting critical vulnerability in Windows Server Update Service
Microsoft has issued an out-of-band update and is urging users to immediately apply the patch.
By David Jones • Updated Oct. 27, 2025 -
Getty Images
Researchers warn of critical flaws in TP-Link routers
No active exploitation has been spotted, but the vendor and researchers advise users to apply updates immediately.
By David Jones • Oct. 24, 2025 -
Getty Images
AI security flaws afflict half of organizations
EY suggested ways for companies to reduce AI-related hacking risks.
By Eric Geller • Oct. 22, 2025 -
Getty Images
F5 supply chain hack endangers more than 600,000 internet-connected devices
The enterprise device vendor has patched several vulnerabilities that hackers discovered after breaching its networks.
By Eric Geller • Oct. 17, 2025 -
Courtesy of F5 Press Kit
Nation-state hackers breached sensitive F5 systems, stole customer data
The federal government is scrambling to determine if any agencies have been hacked.
By Eric Geller • Oct. 15, 2025 -
Getty Images
Oracle E-Business Suite exploitation traced back as early as July
Researchers say an extortion campaign linked to the Clop ransomware group used a series of chained vulnerabilities and sophisticated malware.
By David Jones • Oct. 10, 2025 -
Getty Images
Extortion campaign targeting Oracle E-Business Suite customers linked to zero-day
Mandiant researchers said Clop ransomware is indeed linked to a series of emails threatening to release stolen data.
By David Jones • Oct. 6, 2025 -
Getty Images
Cisco firewall flaws endanger nearly 50,000 devices worldwide
The U.S., the U.K. and Japan lead the list of the most vulnerable countries.
By Eric Geller • Sept. 30, 2025 -
Getty Images
CISA orders feds to patch Cisco flaws used in multiple agency hacks
One U.S. official called the ongoing cyberattack campaign “very sophisticated.”
By Eric Geller • Sept. 25, 2025 -
Drew Angerer via Getty Images
Critical infrastructure operators add more insecure industrial equipment online
The problem isn’t limited to legacy technology. New devices are exposed with critical vulnerabilities.
By Eric Geller • Sept. 25, 2025 -
Getty Images
Social engineering campaigns highlight the ability to exploit human behavior
A report by S&P says organizations should consider changes to strengthen cyber governance, training and awareness.
By David Jones • Sept. 22, 2025 -
Getty Images
AI-powered vulnerability detection will make things worse, not better, former US cyber official warns
Patching won’t be able to keep up with discovery, said Rob Joyce, who once led the National Security Agency's elite hacking team.
By Eric Geller • Sept. 22, 2025 -
Getty Images
Evolving AI attacks, rapid model adoption worry cyber defenders
IT defenders think many of their security tools aren’t ready for AI-powered cyberattacks, according to a new report.
By Eric Geller • Sept. 19, 2025 -
Courtesy of Billington
CISA pledges robust support for funding, further development of CVE program
A key official from the agency said the vulnerability management program will continue with additional participation and enhancements.
By David Jones • Sept. 12, 2025 -
Getty Images
Researchers warn of zero-day vulnerability in SiteCore products
Mandiant said it was able to disarm a ViewState deserialization attack leveraging exposed ASP.NET keys.
By David Jones • Updated Sept. 4, 2025 -
Getty Images
NetScaler warns hackers are exploiting zero-day vulnerability
The company is urging customers to patch their devices immediately, saying the flaw could lead to denial of service or remote code execution.
By David Jones • Aug. 27, 2025 -
Alamy
China-nexus hacker Silk Typhoon targeting cloud environments
The state-linked espionage group has exploited zero-day flaws in Commvault and Citrix Netscaler, researchers say.
By David Jones • Aug. 22, 2025 -
David Ramos via Getty Images
FBI, Cisco warn of Russia-linked hackers targeting critical infrastructure organizations
The intrusions have exploited a vulnerability in Cisco’s networking equipment software.
By Eric Geller • Aug. 20, 2025 -
Getty Images
The humble printer highlights overlooked security flaws
Failure to remediate known device vulnerabilities is a rampant problem, according to a study by HP.
By Matt Ashare • Aug. 18, 2025 -
Getty Images
Developers knowingly push vulnerable code, despite growing breach risk
Only three in 10 respondents said their application security programs were highly mature.
By Eric Geller • Aug. 15, 2025
