In summer 2023, Microsoft President Brad Smith admitted that security failings enabled Chinese state hackers to access US government officials' emails.

The US Cybersecurity and Infrastructure Security Agency (CISA) warns federal agencies of the ongoing exploitation of a patched authentication bypass vulnerability in Progress Software's Telerik Report Server.

Cisco Talos and Volexity warn that Pakistan-based threat actors have targeted Indian government entities in two espionage campaigns.

Edge devices, services, and network infrastructure devices often start mass exploitation attacks. There has been a rise of mass exploitation compromises and criminal targeting of edge and infrastructure devices.

Matthew Feeney, head of tech and innovation at the UK-based Centre for Policy Studies, warned of the deepfake threat to election integrity. The tech policy expert emphasized how technology has made deepfakes easier and cheaper to make.

GitHub has recently announced that through its bug bounty program, which the company launched ten years ago, it has paid out more than $4 million.  In 2023, the bug bounty paid out exceeded $850,000.

Rockwell Automation recently announced that it has patched three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software.

Microsoft recently revealed updates for 51 vulnerabilities, only one of which was rated "critical." Microsoft noted that the bug, CVE-2024-30080, is a remote code execution (RCE) flaw in Microsoft Message Queuing (MSMQ) and has been assigned a CVSS sco

In a new phishing campaign, HTML attachments abusing the Windows Search protocol are used to push batch files hosted on remote servers that deliver malware.

A new Protect AI report delves into a dozen critical vulnerabilities in open source Artificial Intelligence (AI) and Machine Learning (ML) tools discovered in recent months.

A Federal Information Security Modernization Act (FISMA) report recently issued to Congress found that federal agencies saw a nearly 10 percent increase in cyberattacks in 2023, but they also improved their detection and categorization.

Researchers warn of a cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency.