Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Qualys researchers expose ‘CrackArmor’ flaws that allow unprivileged users to escalate privileges to root, break container isolation, and crash systems, with no CVE identifiers yet assigned.

Security leaders seeking to earn a promotion to top security exec need deep expertise in one or two cyber domains, broad fluency across the security ecosystem, and a mindset shift that marries risk ...

Recent social engineering schemes involving WordPress and Microsoft’s Windows Terminal show that this relatively basic tactic is a growing threat.

In a red-team test, CodeWall’s autonomous agent chained together four small bugs in the Jack & Jill hiring platform to gain ...

As identity environments grow more complex, access failures increasingly stem from decisions made without sufficient context ...

One allows a remote attacker to execute arbitrary code inside a sandbox, the other could result in loss of sensitive ...

Anthropic’s run-in with the Pentagon over Claude guardrails and a China-based distillation campaign against its IP highlight ...

Critical vulnerabilities in Veeam Backup & Replication could allow authenticated users to execute code on backup servers, prompting calls for urgent patching.

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies ...

Threat groups are weaponizing industrial control access they’ve gained over the years, but critical infrastructure operators ...