December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the... The post Top ...

2025 included a number of monumental threats, from global nation-state attacks to a critical vulnerability under widespread ...

The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate, plan attacks, and ...

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how visibility and shift-left security reduce exposure.

Tens of millions of downloads of the popular Java logging library Log4j this year were vulnerable to a CVSS 10.0-rated vulnerability that first surfaced four years ago, according to Sonatype. The ...

Windows doesn’t offer a single switch to disable Exploit Protection completely. You can only disable individual mitigations system-wide or per app. We strongly recommend turning it off only for ...

Update Nov. 3, 10:42 am UTC: This article has been updated to include a section on Berachain’s emergency hard fork. Update Nov. 3, 9:47 am UTC: This article has been updated to add the latest figures, ...

Pixnapping could be used to steal private data, including 2FA codes. Side-channel attack abuses Google Android APIs to steal data on display. Flaw is partially patched, although a more complete fix is ...

Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been ...

Pwn2Own hackers use $150,000 exploit on VMware ESXi. The elite hackers attending Pwn2Own in Berlin have made hacking history by successfully deploying a zero-day exploit against VMware ESXi. Having ...