Cyber authorities issued their second emergency directive in three weeks. This one requires agencies to mitigate or disconnect potentially compromised F5 devices and services. The post CISA warns...

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one vulnerability in the OpenPLC logic controller and four vulnerabilities in the Planet WGR-500 router. For Snort coverage...

On October 15, 2025, F5 reported that a nation-state threat actor had gained long-term access to some F5 systems and exfiltrated data, including source code and information about undisclosed...

Microsoft throws a farewell party for Win10, Office 2016, and Office 2019… a very big party

TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the...

The Information Commissioner's Office (ICO) in the UK has fined Capita, a provider of data-driven business process services, £14 million ($18.7 million) for a data breach incident in 2023 that...

Why never trust, always verify is the oath your business needs

19-year-old college student Matthew D. Lane, from Worcester, Massachusetts, was sentenced to 4 years in prison for orchestrating a cyberattack on PowerSchool in December 2024 that resulted in a...

Vibe coding may have played a role in what took researchers months to fix Developers of VS Code extensions are leaking sensitive secrets left, right and center, according to researchers who worked...

An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of...

Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant...

Frequently asked questions about the August 2025 security incident at F5 and the release of multiple BIG-IP product patches.BackgroundTenable’s Research Special Operations (RSO) team has compiled...

Cybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. [...]

Categories: Threat ResearchTags: advisory, compromise, F5, featured

The Information Commissioner’s Office has fined Capita plc and Capita Pension Solutions Ltd a combined £14m following a cyber attack in April 2023 which saw hackers gain access to over 6m people’s...

A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It delivered a new Maverick banker, which features code overlaps with Coyote malware.

Stephen Withers reports: Regulations such as the General Data Protection Regulation (GDPR) and the Australian Prudential Regulation Authority’s (Apra’s) CPS 230 standard have led organisations to...

The dark web serves as a refuge for threat actors to gather intel, trade illicit goods and tools, and network with other cybercriminals. Aside from allowing threat actors to connect and learn from...

The dark web serves as a refuge for threat actors to gather intel, trade illicit goods and tools, and network with other cybercriminals. Aside from allowing threat actors to connect and learn from...

Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution...

Wiz Research has uncovered 550+ secrets hiding in plain sight. We worked with Microsoft to shut the door.

Microsoft has confirmed that the September 2025 security updates are causing Active Directory issues on Windows Server 2025 systems. [...]

Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The...

Spanish fashion retailer MANGO is sending notices of a data breach to its customers, warning that its marketing vendor suffered a compromise exposing personal data. [...]

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution....

Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s...

ICO makes example of outsourcing giant over sluggish cyber response The UK's Information Commissioner's Office (ICO) has issued a £14 million ($18.6 million) penalty to outsourcing giant Capita...

Dark web activity can hide in plain sight within everyday network traffic. Corelight's NDR platform brings deep visibility, AI-driven detection, and behavioral analytics to uncover hidden threats...

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

Russian IT company among group’s latest targets. Attackers may have been attempting to target company’s customers in Russia with software supply chain attack.