The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting WatchGuard Firebox firewalls to its Known Exploited Vulnerabilities (KEV) catalog, warning...

Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms. The flaw, tracked as CVE-2025-12101, poses a moderate...

CISA has ordered federal agencies to patch an actively exploited vulnerability in WatchGuard Firebox firewalls, which allows attackers to gain remote code execution on compromised devices. [...]

Explore the latest third-party risk statistics and learn how data-driven, continuous monitoring for third-party risk assessments can protect your supply chain.

Researchers uncovered an advanced persistent threat (APT) exploiting zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix systems (CitrixBleed2). The vulnerabilities,...

A cleanup month brings 63 patches… wait, no, 68… how about 61?

The Department of Homeland Security collected data on Chicago residents accused of gang ties to test if police files could feed an FBI watchlist. Months passed before anyone noticed it wasn’t deleted.

600+ phishing websites and 116 of these use a Google logo Google has filed a lawsuit against 25 unnamed China-based scammers, which it claims have stolen more than 115 million credit card numbers...

Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform...

Amazon's threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) and Citrix...

Concerns about domestic SIM card use in Ukrainian drones have led the Kremlin to impose a mobile internet "cooling-off period" for anyone returning home to Russia from abroad.

A cleanup month brings 63 patches… wait, no, 68… how about 61?Categories: Threat ResearchTags: Adobe, featured, Microsoft, nuance, Patch Tuesday

The hackers notably used custom malware and were exploiting CVE-2025-5777 — now known colloquially as “Citrix Bleed Two” — before it was disclosed publicly in July.

Every day, security teams face the same problem—too many risks, too many alerts, and not enough time. You fix one issue, and three more show up. It feels like you’re always one step behind. But...

Vendors (still) keep mum An "advanced" attacker exploited CitrixBleed 2 and a max-severity Cisco Identity Services Engine (ISE) bug as zero-days to deploy custom malware, according to Amazon Chief...

NSO Group, the firm behind Pegasus spyware, has a new executive chairman who plans to use his ties to the Trump administration to improve the company’s reputation in the U.S. Speaking with the...

Third-party risk is becoming the dominant attack vector in today’s cybersecurity landscape. Aleksandr Yampolskiy, CEO of SecurityScorecard, warned on the McCrary Institute’s Cyber Focus podcast...

Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD's importance has grown as companies adopt hybrid and cloud infrastructure, but so has its...

The United States is facing a perilous turning point in its approach to cybersecurity. While foreign rivals intensify their digital operations, America’s own cyber defenses are shrinking, hampered...

Google has filed a lawsuit to dismantle the "Lighthouse" phishing-as-a-service platform used by cybercriminals worldwide to steal credit card information through SMS phishing attacks impersonating...

Google has filed a lawsuit to dismantle the "Lighthouse" phishing-as-a-service platform used by cybercriminals worldwide to steal credit card information through SMS phishing attacks impersonating...

Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are...

As lines blur between human error and machine intelligence, defense has never been more personal

The future of retail cybersecurity: Explore insights from 220 retail executives on managing AI-driven threats and closing the cyber resilience gap. 44% of retail organizations report a sharp...

Hospitals, energy and water supplies and transport networks will be better protected from the threat of cyberattacks under new laws being introduced in UK Parliament today (12th November). Under...

A cybersecurity breach discovered last week affecting the Congressional Budget Office is now considered “ongoing,” threatening both incoming and outgoing correspondence around Congress’...

US Northern Command has taken a major step in domestic drone defense, certifying its new counter-drone fly-away kit after a weeklong live deployment at Minot Air Force Base. Designed for layered...

Current and former military officers are warning that adversaries are likely to exploit a natural flaw in artificial intelligence chatbots to inject instructions for stealing files, distorting...

The Senate’s approval Monday of a funding package that would reopen the government would also extend authorization of the well-reviewed State and Local Cybersecurity Grant Program. The deal, which...

Google on Tuesday unveiled a new privacy-enhancing technology called Private AI Compute to process artificial intelligence (AI) queries in a secure platform in the cloud. The company said it has...