December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the... The post Top ...

2025 included a number of monumental threats, from global nation-state attacks to a critical vulnerability under widespread ...

Research by The Shadowserver Foundation shows that 74,854 MongoDB servers are still vulnerable to the “MongoBleed” ...

The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate, plan attacks, and ...

The Conti gang has become the first professional ransomware operation to adopt and incorporate the Log4Shell vulnerability in their daily operations. Scans and attacks began as early as Monday, ...

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how visibility and shift-left security reduce exposure.

Tens of millions of downloads of the popular Java logging library Log4j this year were vulnerable to a CVSS 10.0-rated vulnerability that first surfaced four years ago, according to Sonatype. The ...

Crypto platforms lost $127 million to hacks and scams in November, with total attempted exploits exceeding $172 million, according to CertiK. An $113 million Balancer exploit dominated monthly losses, ...

The cybersecurity industry has made huge strides in detection and visibility. Modern tools surface a deluge of exposure data, and frameworks like exploit prediction scoring system (EPSS) have added ...

Windows doesn’t offer a single switch to disable Exploit Protection completely. You can only disable individual mitigations system-wide or per app. We strongly recommend turning it off only for ...

Update Nov. 3, 10:42 am UTC: This article has been updated to include a section on Berachain’s emergency hard fork. Update Nov. 3, 9:47 am UTC: This article has been updated to add the latest figures, ...

Pixnapping could be used to steal private data, including 2FA codes. Side-channel attack abuses Google Android APIs to steal data on display. Flaw is partially patched, although a more complete fix is ...