CISA confirms exploitation of 3 more Cisco networking device vulnerabilities

Cisco revealed six critical flaws in widely used products in February. The government has now seen evidence that hackers are abusing four of them.

By Eric Geller • April 21, 2026

Vulnerability exploitation surges often precede disclosure, offering possible early warnings

Organizations can get ahead of major flaws with the right threat intelligence, according to a new report.

By Eric Geller • April 20, 2026

TP-Link routers face exploitation attempt linked to high-severity flaw

Researchers warn a potential botnet is targeting a vulnerability in end-of-life devices. 

By David Jones • April 17, 2026

CIOs fret over rising security concerns amid AI adoption

AI is emerging as a critical tool and a growing threat as CIOs struggle to balance innovation with risk, according to a new report.

By Scarlett Evans • April 16, 2026

NIST limits vulnerability analysis as CVE backlog swells

The agency will stop adding detailed information to vulnerabilities that don’t meet certain criteria.

By Eric Geller • April 16, 2026

FCC exempts Netgear from foreign router ban

The commission did not explain its action beyond citing a Defense Department determination.

By Eric Geller • April 15, 2026

Medium-severity flaw in Microsoft SharePoint exploited

The flaw should be taken seriously, despite its relatively low score, according to researchers.

By David Jones • Updated April 16, 2026

CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog

The code injection flaw is similar to a prior vulnerability that was immediately flagged in January.

By David Jones • April 9, 2026

React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data

The stolen information could help intruders plan follow-up attacks and breach more organizations, Cisco researchers said.

By Eric Geller • April 7, 2026

Critical flaw in FortiClient EMS under exploitation

Fortinet released an emergency hotfix after security researchers discovered the vulnerability being exploited as a zero-day.

By David Jones • Updated April 6, 2026

Researchers warn of critical flaws in Progress ShareFile

Attackers could chain vulnerabilities together, leading to configuration changes or remote code execution.

By David Jones • April 3, 2026

Critical flaw in F5 BIG-IP faces wide exploitation risk

The company revised a security advisory as newly disclosed information heightens the potential impact.

By David Jones • April 2, 2026

Citrix NetScaler products confirmed to be under exploitation

Security researchers at watchTowr warn that multiple flaws are involved in the early stages of a hacking spree that could rival the 2023 CitrixBleed campaign.

By David Jones • Updated March 30, 2026

Critical flaw in Citrix NetScaler raises fears of new exploitation wave

Researchers warn that security teams need to take immediate mitigation steps before a public proof of concept is released.

By David Jones • Updated March 27, 2026

The CVE Program, a bedrock of global cyber defense, is teetering on the brink

A funding scare, AI and similar international initiatives are raising existential questions about the program’s future.

By Eric Geller • March 24, 2026

Network edge devices still widely used after reaching end-of-life status

A report by VulnCheck shows nation-state hackers often target flaws in aging routers, firewalls and VPNs.

By David Jones • March 23, 2026

CISA urges organizations to harden endpoint security following Stryker attack

The agency is coordinating with the FBI and other agencies amid concerns about additional threat activity involving Microsoft Intune. 

By David Jones • March 19, 2026

Security teams might be overlooking wider threat to Cisco SD-WAN

Researchers from VulnCheck warn that a misattributed proof of concept ignores a separate, high-severity flaw. 

By David Jones • March 17, 2026

Nearly half of exploited zero-day flaws target enterprise-grade technology

A report by Google Threat Intelligence Group warns that AI will be used to speed and scale attacks in 2026.

By David Jones • March 6, 2026

Iran-nexus hackers target flaws in surveillance cameras

The threat activity echoes prior exploitation during the Israeli war with Hamas, a precursor to attacks against critical sectors in the U.S.

By David Jones • Updated March 6, 2026

Ransomware is now less about malware and more about impersonation

Stolen passwords have replaced infectious code as the most common tactic in major breaches, Cloudflare said.

By Eric Geller • March 3, 2026

How Microsoft, partners are tackling ‘huge, huge task’ of making security software safer

The technology giant and third-party security vendors are plotting an ambitious overhaul of how their products interoperate.

By Eric Geller • March 2, 2026

Building a risk-based data sanitization strategy: When to use Cryptographic erasure vs. physical destruction

Build your strategy on risk assessment, not on assumptions that one size fits all.

By Paul Falcone • March 2, 2026

‘Resurge’ malware can remain undetected on devices

CISA previously issued an alert about attacks that exploited a vulnerability in Ivanti Connect Secure.

By David Jones • Updated Feb. 27, 2026

CISA orders agencies to patch Cisco devices now under attack

The vulnerabilities, scored as critical, affect the company’s software-defined wide-area networking (SD-WAN) systems.

By Eric Geller • Feb. 25, 2026