The botnet took an unusual path by abusing residential proxy networks, allowing it to control an untapped collection of unofficial Android TV devices. The post Kimwolf botnet’s swift rise to 2M...

Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to...

Researchers have demonstrated remotely controlling a wheelchair over Bluetooth. CISA has issued an advisory. CISA said the WHILL wheelchairs did not enforce authentication for Bluetooth...

A major Verizon outage appeared to impact customers across the United States starting around noon ET on Wednesday. Calls to Verizon customers from other carriers may also be impacted.

Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI. The post Community-powered security with AI: an open source framework for...

Whether you’re new to Wiz or early in your cloud security journey, start the year strong by turning cloud security resolutions into real impact in your first 90 days with Wiz.

Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating...

This is a current list of where and when I am scheduled to speak: I’m speaking at the David R. Cheriton School of Computer Science in Waterloo, Ontario, Canada on January 27, 2026, at 1:30 PM ET....

Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious...

The healthcare sector experienced twice as many breaches in 2025 as it did in 2024, but the number of exposed patient records dropped precipitously, according to a new report from Fortified Health...

In a triple-barreled barrage on Monday evening, the Pentagon released three major policy memos from Secretary Pete Hegseth, aiming to overhaul and accelerate the department’s technology efforts....

The United Kingdom’s National Cyber Security Centre (NCSC) has published new guidance setting out new secure connectivity principles for operational technology (OT). These principles are intended...

Hundreds of records obtained by WIRED show thin intelligence on the Venezuelan gang in the United States, describing fragmented, low-level crime rather than a coordinated terrorist threat.

President Donald Trump has renominated Sean Plankey to be the next director of the Cybersecurity and Infrastructure Security Agency — a move that largely puts to rest any speculation that the...

Three major GDPR violations, including a lack of basic security controls, lead to hefty dent in profits The French data protection regulator, CNIL, today issued a collective €42 million ($48.9...

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices.Key takeaways:CVE-2025-64155 is a critical operating system (OS)...

Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114...

Every now and then, LevelBlue SpiderLabs diverts a bit from its normal course of discussing vulnerabilities, ransomware attacks, and malware, and generates a public service blog to help those in...

Every now and then, LevelBlue SpiderLabs diverts a bit from its normal course of discussing vulnerabilities, ransomware attacks, and malware, and generates a public service blog to help those in...

The service became a prolific tool for cybercriminals in the past year, as it facilitated thousands of attacks involving credential theft, account takeovers, mass phishing and payment diversion...

WASHINGTON – Former National Cyber Director Chris Inglis argues the United States can’t build credible cyber resilience while treating offensive action as a separate lane. In his view, deterrence...

Key findings Introduction In December 2025, a previously unknown Ransomware-as-a-Service (RaaS) operation calling itself Sicarii began advertising its services across multiple underground...

New crooks on the block get crafty with blockchain to evade defenses Researchers at Group-IB say the DeadLock ransomware operation is using blockchain-based anti-detection methods to evade...

Jim Walter unpacks the hacktivist landscape and reveals how to distinguish different levels of threat based on persona characteristics.

Building the future of cloud security, together.

FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execution.

CISA is giving civilian agencies until February 3 to fix a Windows vulnerability that can reveal where code resides in memory.

Exposure of Private Personal Information (CVE-2025-14317) has been identified in Crazy Bubble Tea mobile application.

Attack enters second day with major disruption to healthcare provision Two hospitals in Belgium have cancelled surgeries and transferred critical patients to other facilities after shutting down...

Travel biz tells customers to change passwords beyond its own services Eurail has confirmed customer information was stolen in a data breach, according to notification emails sent out this week.…