Software vulnerabilities pile up at government agencies, research finds

A Veracode report reveals that government networks have accumulated years of unresolved security flaws, putting them at serious risk of exploitation.

By David Jones • June 12, 2025

Critical flaw in Microsoft Copilot could have allowed zero-click attack

Researchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user interaction.

By David Jones • Updated 22 hours ago

From malware to deepfakes, generative AI is transforming attacks

Generative AI is even helping hackers trick open-source developers into using malicious code, according to Gartner.

By Eric Geller • June 10, 2025

SentinelOne rebuffs China-linked attack — and discovers global intrusions

The security firm said the operatives who tried to breach it turned out to be responsible for cyberattacks on dozens of critical infrastructure organizations worldwide.

By Eric Geller • Updated June 9, 2025

Understanding the evolving malware and ransomware threat landscape

Cyber threats like ransomware and malware are rising fast, hitting firms like Frederick Health and Marks & Spencer. Defense needs layers, adaptability and vigilance.

By Farid Mustafayev, Senior Software Engineer, ThreatLocker • June 9, 2025

Water utilities mitigate equipment flaws after researchers find widespread exposures

Censys researchers said hundreds of water treatment facilities have taken steps to protect against malicious cyber intrusions.

By David Jones • June 5, 2025

Vast array of solar power equipment left exposed online

The most commonly exposed device has been discontinued and vulnerable for a decade, new research found.

By Eric Geller • June 4, 2025

Build more robust OT security with the NIST framework

Access your guide below and start your journey towards resilient, secure OT operations using the NIST framework.

June 2, 2025

Outage disrupts some SentinelOne services

Company executives said there was no indication the incident was the result of a security issue.

By David Jones • May 29, 2025

Google: China-backed hackers hiding malware in calendar events

The APT41 nation-state threat group is exploiting yet another cloud service to mask its operations, according to new research.

By Eric Geller • May 29, 2025

Thousands of ASUS routers compromised in sophisticated hacking campaign

Researchers have previously linked the suspected threat actor, dubbed ViciousTrap, to the exploitation of Cisco routers.

By David Jones • May 29, 2025

Microsoft, Dutch government discover new Russian hacking group

The findings highlight the vulnerability of all critical infrastructure firms to similar attack methods.

By Eric Geller • Updated May 28, 2025

US, allies recommend security protections for AI models

The joint guidance comes as officials fear how hackers could manipulate AI systems, especially in critical infrastructure.

By Eric Geller • May 22, 2025

Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities

The company said additional CVEs may be necessary for flaws in related open-source libraries, but researchers are raising questions.  

By David Jones • Updated May 20, 2025

GOP lawmakers urge ban of networking vendor TP-Link, citing ties to China

The Trump administration is facing mounting pressure to formulate a strategy for addressing supply-chain threats that endanger national security.

By Eric Geller • May 15, 2025

SAP NetWeaver exploitation enters second wave of threat activity

Researchers are tracking hundreds of cases around the world and warning that the risk is more serious than previously known.

By David Jones • May 9, 2025

Ransomware claims dipped slightly in 2024, cyber insurer says

A major cyber insurer’s annual report lays out how hackers are trying to steal money and how its policyholders responded.

By Eric Geller • May 7, 2025

Operational impacts top list of vendor risk worries, study finds

The report comes as years of supply chain cyberattacks shine a spotlight on third-party risks.

By Eric Geller • May 1, 2025

AI-fueled cybercrime may outpace traditional defenses, Check Point warns

The security firm said in a new report that defenders should begin using AI to counter cyber criminals’ adoption of the technology.

By Eric Geller • April 30, 2025

Critical vulnerability in SAP NetWeaver Visual Composer leads to confirmed compromises

Thousands are exposed and potentially vulnerable as researchers warn of widespread exploitation.   

By David Jones • Updated April 30, 2025

Zero-day exploitation drops slightly from last year, Google report finds

Google’s threat intelligence team said software vendor security practices are making it harder for hackers to find flaws in some platforms.

By Eric Geller • April 29, 2025

FBI seeks public tips about Salt Typhoon

The bureau’s public alert follows months of conversations with the telecom industry about the far-reaching cyber espionage campaign by a Chinese nation-state threat actor.

By Eric Geller • April 28, 2025

Critical vulnerability in SAP NetWeaver under threat of active exploitation

Attackers have been observed dropping webshell backdoors and researchers warn the application is popular among government agencies.

By David Jones • Updated April 25, 2025

Threat groups exploit resurgent vulnerabilities

VPNs, routers and firewalls are being targeted via older CVEs, new GreyNoise research shows.

By David Jones • April 24, 2025

BEC scams, investment fraud accounted for biggest cybercrime losses in 2024

Americans lost $16.6 billion to cyber fraud last year, according to an FBI report, with phishing, spoofing and extortion topping the list of complaints.

By Eric Geller • April 23, 2025