8Critical154Important1Moderate0LowMicrosoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild.Microsoft...

A look at 2025 state-sponsored threats, exploring how actors linked to China, Russia, North Korea, and Iran use vulnerabilities, identity, and trusted access paths to achieve their goals.

A proposed federal class action lawsuit alleges two California healthcare organizations violated patient privacy laws in their use of an artificial intelligence-enabled tool that records,...

Microsoft has released Windows 11 KB5083769 and KB5082052 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]

Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for arbitrary code execution.FortiAnalyzer is a unified security operations platform that...

Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. [...]

Spring Lake Park Schools has cancelled all classes for a second straight day as it works to restore critical systems following a suspected ransomware attack. According to an initial release from...

New data from Black & Veatch-Takepoint Research finds a persistent execution gap in the manner cybersecurity is integrated... The post Black & Veatch-Takepoint Research finds fragmented ownership...

Videos circulating on dark web forums have pulled crypto exchange Kraken into an extortion attempt, but the exchange says no systems were compromised and client funds remain secure. The firm...

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe Acrobat Reader is a free, widely used software application...

Vaccines are at risk from Chinese hackers who can break into internet-connected refrigerators, a cross-party group of MPs and experts has warned. The Coalition on Secure Technology, the...

A GAO review has found that selected agencies were not systematically collecting lessons learned from AI acquisitions — a necessary first step to share knowledge about AI acquisitions in...

The United States Army is undergoing the Transformation in Contact initiative to prepare for large-scale combat operations against peer and near-peer threats. The Secretary of the Army has...

The U.S.-Israeli war with Iran, now in an unstable ceasefire, has exposed a structural failure in the global semiconductor memory supply chain, and it is not the one analysts seem to be tracking....

Cloudflare is introducing scannable API tokens, enhanced OAuth visibility, and GA for resource-scoped permissions. These tools help developers implement a true least-privilege architecture while...

We share Cloudflare's internal strategy for governing MCP using Access, AI Gateway, and MCP server portals. We also launch Code Mode to slash token costs and recommend new rules for detecting...

Managed OAuth for Cloudflare Access helps AI agents securely navigate internal applications. By adopting RFC 9728, agents can authenticate on behalf of users without using insecure service accounts.

Gain a unified view of AI application endpoints and DNS exposure across your environment, including which are protected by Cloudflare and which need to be secured

Honey, the skids are fighting again Two rival ransomware gangs have locked horns after 0APT threatened to expose people affiliated with Krybit.…

The performance gap between United States and Chinese artificial intelligence (AI) models has “effectively closed,” even as the United States maintains a strong lead in data center infrastructure...

​​The U.S. Environmental Protection Agency is seeking FY 2027 budget authority to expand its Drinking Water Infrastructure Resilience... The post EPA proposes $19 million information security...

A malicious Ledger Live app for macOS available from Apple's App Store has drained approximately $9.5 million in cryptocurrency from 50 victims in just a few days this month. [...]

Identify stale, duplicated, and inefficient data — and take action to shrink both your storage spend and exposure surface.

Authorization bypass vulnerability (CVE-2025-13822) has been found in MCPHub project.

Microsoft has rolled out a fast-track process to help developers regain access to accounts recently suspended from its Windows Hardware Program, following widespread complaints that they were...

The U.S. National Institute of Standards and Technology (NIST), through its NIST Information Technology Laboratory (ITL), is supporting... The post NIST develops Trustworthy AI in Critical...

Understanding and defending your GitHub Actions - from threat model to security controls.

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active...

Interesting paper: “What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation.” Abstract: The rapid expansion of artificial intelligence (AI) is raising...