December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the... The post Top ...

Threat actors had another banner year in 2025. As we head into 2026, looking back on the five top security threats of 2025 ...

2025 included a number of monumental threats, from global nation-state attacks to a critical vulnerability under widespread ...

Infosecurity has selected five of the most significant vulnerability exploitation campaigns of 2025 that led to major ...

This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell. It uses Log4j 2.14.1 (through spring-boot-starter-log4j2 2.6.1) and the JDK 1.8.0_181. [+] ...

While a public proof-of-concept code was released last Thursday, attacks exploiting the Log4Shell vulnerability started two weeks ago. The first attacks were observed on December 1 and December 2, ...

Ongoing vulnerable Log4j downloads suggest the supply chain crisis wasn’t the wake-up call it should have been. Back in December 2021, the “internet on fire” headlines weren’t hyperbole. Security ...

Crystal Morin, Senior Cybersecurity Strategist at Sysdig, explains why it's time to consider managing an AI bill of materials to build trustworthy AI systems. Modern applications are often composed of ...

When you treat vulnerabilities as clues instead of chores, you uncover threats, fix blind spots and finally make your security program work smarter. For years, I watched organizations treat ...

Eight organizations that operate the world’s largest software package registries issued a coordinated warning that their current funding model was “dangerously fragile,” signaling potential changes to ...

December 2021 was a busy month for security teams around the world. A zero-day vulnerability in Log4j, a seemingly harmless Java logging framework, rocked the digital world in early December 2021. It ...