OpenAI has confirmed that its powerful AI agent "Deep Research" will begin rolling out to free users "very soon." At the moment, Deep Research is available only for Plus and Enterprise customers. [...]

Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites....

The ECCC Governing Board adopted its first Cybersecurity Work Programme under Digital Europe Programme (DEP) for 2025-2027. Priorities... The post ECCC announces cybersecurity work programme to...

The non-profit professional association International Society of Automation (ISA) has announced a new way for its members to... The post ISA launches Connect Forum, a new hub for automation...

Nokia announced that Nozomi Networks is among six new Industry 4.0 applications that customers can deploy on the... The post Nozomi, Nokia unify OT, IoT security for industries powered by private...

The API testing firm took down a database exposed to the internet without a password.

Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what...

If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains...

Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. [...]

CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282

The yearslong scheme goes much deeper than contract work, extending to roles beyond traditional IT and sometimes granting the insider threat “keys to the kingdom,” DTEX President Mohan Koo said....

The yearslong scheme goes much deeper than contract work, extending to roles beyond traditional IT and sometimes granting the insider threat “keys to the kingdom,” DTEX President Mohan Koo said....

A new report from the Cyberspace Solarium Commission reveals that U.S. adversaries are aware that targeting critical infrastructure... The post Cyber threats to rail, ports, airports could cripple...

Cloud environments at risk: Attackers target weak PostgreSQL instances with fileless cryptominer payloads.

Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of...

New “ClickFake Interview” campaign attributed to the Lazarus Group targets crypto professionals with fake job offers

A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). [...]

Cyble researchers have discovered a new Android banking trojan that uses overlay attacks and other techniques to target more than 750 applications, including banking, finance, cryptocurrency,...

The problem of scammers exploiting social media platforms continues to persist. Meta has yet to fulfill all the recommendations made last year by experts from the CERT Polska team at NASK, which...

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. [...]

Atlantis AIO is a cybercrime-as-a-service platform that accelerates credential stuffing and account takeover attacks. This blog explores the platform and the dangers of its advanced capabilities.

The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance...

In this podcast, Joe, Hazel, Bill and Dave break down Talos' Year in Review 2024 and discuss how and why cybercriminals have been leaning so heavily on attacks that are routed in stealth in simplicity.

From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news

The funding will go to several projects within the Digital Europe Programme (DIGITAL) work program for 2025 to 2027

An unsecured database used by a generative AI app revealed prompts and tens of thousands of explicit images—some of which are likely illegal. The company deleted its websites after WIRED reached out.

Download Talos' 2024 Year in Review now, and access key insights on the top targeted vulnerabilities of the year, network-based attacks, email threats, adversary toolsets, identity attacks,...

U.S. President Donald Trump announced in a Presidential document that he has extended the national emergency concerning ongoing... The post President Trump extends national emergency over cyber...

The UK’s National Cyber Security Agency has called on Next.js users to patch CVE-2025-29927

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this blog, we share...