The Defense Department has released a highly anticipated plan to attract and retain cyber talent by better integrating US Cyber Command with other military departments for recruitment and...

The Genians Security Center (GSC) has identified new attack activity linked to the KONNI APT campaign, which is known to be associated with the Kimsuky or APT37 groups. During its ongoing...

Written by: Stallone D'Souza, Praveeth DSouza, Bill Glynn, Kevin O'Flynn, Yash Gupta Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the "Frontline Bulletin" series...

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile...

How secure are top private AI companies? Find out from our scans and disclosures.

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. [...]

Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I’ve written about this before: Almost all cloud services have to...

Attackers are increasingly phishing over LinkedIn to reach executives and bypass email security tools. Push Security explains how real-time browser protection detects and blocks phishing across...

Insurance giant’s UK arm says cybercriminals misattributed the real victim Allianz UK confirms it was one of the many companies that fell victim to the Clop gang's Oracle E-Business Suite (EBS)...

Breaking down trends in exposure management with insightsfrom 3,000+ organizations and Intruder's security experts Partner Content This year has shown just how quickly new exposures can emerge,...

From Black Friday to Boxing Day, shopping surges and so do cyber scams. Countdown timers and “last chance” offers create urgency that attackers exploit. Every click has consequences if you’re not prepared.

Doubles parameters to over 17 billion, to detect threats and recommend actions Exclusive Cisco is working on a new AI model that will more than double the number of parameters used to train its...

A new vulnerability scoring system has just been announced. The initiative, called the AI Vulnerability Scoring System (AIVSS), aims to fill the gaps left by traditional models such as the Common...

Security researchers have discovered an actively exploited remote code execution vulnerability in Monsta FTP, a web-based FTP client used by financial institutions, enterprises, and individual...

Licensing expert worries they’ll be out of control on day one Microsoft has teased what it’s calling “a new class” of AI agents “that operate as independent users within the enterprise workforce.”…

Understand the difference between threat hunting vs. threat intelligence, why both matter for security, and how Recorded Future empowers proactive cyber defense.

PLUS: India’s tech services exports growing fast; South Korea puts the bite on TXT spam; NTT gets into autonomous vehicles; and more! Asia In Brief Chinese infosec blog MXRN last week reported a...

PLUS: CISA layoffs continue; Lawmakers criticize camera security; China to execute scammers; And more Infosec in brief There's no indication that the brazen bandits who stole jewels from the...

The Windows Start menu is getting its first major redesign since 2021 and will be rolled out to everyone with the November 11 Patch Tuesday update. [...]

NAKIVO Backup & Replication v11.1 expands disaster recovery with real-time replication, enhanced Proxmox VE support, and granular physical backups. The update adds MSP Direct Connect for secure...

The Swiss National Cyber Security Centre (NCSC) is warning iPhone owners about a phishing scam that claims to have found your lost or stolen iPhone but is actually trying to steal your Apple ID...

Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system. [...]

WhiteMage is currently #1 on Immunefi for earnings in 2025. Somebody asked about how people pick bug bounty targets. This was his response to it. First, pick any topic; not target, topic. This can...

Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details...

OpenAI is preparing the GPT-5.1 family for public rollout. This includes GPT-5.1 (base), GPT-5.1 Reasoning, and GPT-5.1 Pro for those who pay a $200 monthly subscription. [...]

The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over...

Esra'a Al Shafei spoke with The Reg about the spy tech 'global trade' interview Digital rights activist Esra'a Al Shafei found FinFisher spyware on her device more than a decade ago. Now she's...

With the first Patch Tuesday following Windows 10's end of support approaching next week, users who continue to run the operating system should enroll in the Extended Security Updates (ESU)...

In late October 2025, data breached from the Hungarian political party TISZA was published online before being extensively redistributed. Stemming from a compromise of the TISZA Világ service...

The Superior Court of San Joaquin said that it experienced a cybersecurity incident last year during which personal information was leaked. Officials said an unauthorized person accessed court...