Isaac Yee reports: A hacker has allegedly stolen a massive trove of sensitive data – including highly classified defense documents and missile schematics – from a state-run Chinese supercomputer...

Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...]

Giving developers and security teams a shared view of application risk as it evolves.

CERT Polska has received a report about 3 vulnerabilities (CVE-2026-4901, CVE-2026-34184, CVE-2026-34185) found in Hydrosystem Control System software.

Attackers slipped into the process and redirected funds, leaving the company scrambling to recover the cash UK-listed oil and gas outfit Zephyr Energy plc has admitted a cyber incident siphoned...

ProPublica has a scoop: In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings. The tech giant’s “lack...

Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. [...]

The Year in Review distills Talos IR's observations into structured intelligence, but defenders should also be feeding this report back into their own preparation cycles. Here's how.

Political candidates are purchasing more home alarms, bulletproof vests, and other protections amid rising fears of political violence.

Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in...

Anthropic on Tuesday announced an advanced artificial intelligence model that will roll out to a select group of companies as part of a new cybersecurity initiative called Project Glasswing. The...

Anthropic on Tuesday announced an advanced artificial intelligence model that will roll out to a select group of companies as part of a new cybersecurity initiative called Project Glasswing. The...

Iranian hackers are exploiting cyber vulnerabilities in key software systems at U.S. water and energy providers, according to a new advisory released by the Cybersecurity and Infrastructure...

Iranian hackers are exploiting cyber vulnerabilities in key software systems at U.S. water and energy providers, according to a new advisory released by the Cybersecurity and Infrastructure...

Russian state-sponsored attackers compromised more than 18,000 routers spread across more than 120 countries to gain deeper access to sensitive networks for a large-scale espionage campaign before...

Russian state-sponsored attackers compromised more than 18,000 routers spread across more than 120 countries to gain deeper access to sensitive networks for a large-scale espionage campaign before...

Cybersecurity is rapidly shifting from a technical safeguard to a gatekeeping function for economic participation, with the Canadian... The post CCN reports cybersecurity maturity becoming...

Russian state-linked threat actor APT28 is exploiting vulnerable routers to manipulate Domain Name System (DNS) settings, enabling large-scale... The post UK NCSC says APT28 exploits routers for...

For decades, geosynchronous orbit (GEO) has operated under a simple assumption: Satellites stay put. That assumption no longer holds. A small but significant subset of Chinese satellites are...

For decades, geosynchronous orbit (GEO) has operated under a simple assumption: Satellites stay put. That assumption no longer holds. A small but significant subset of Chinese satellites are...

Threat actors often signal their intentions before launching attacks, from dark web chatter to access-broker listings and credential requests. Join our upcoming webinar with Flare Systems to learn...

The U.S. Department of Energy’s FY 2027 budget frames cybersecurity as a core pillar of national energy security,... The post DOE allocates $160 million to secure energy systems as cyber threats...

The Trump administration is hoping to eliminate roughly $700 million in programs across the Cybersecurity and Infrastructure Security Agency in fiscal year 2027, a sweeping set of cuts that...

The Trump administration is hoping to eliminate roughly $700 million in programs across the Cybersecurity and Infrastructure Security Agency in fiscal year 2027, a sweeping set of cuts that...

Even fitness equipment is vulnerable to mischief makers these days PWNED Welcome back to Pwned, the column where we share war stories from IT soldiers who shot themselves – or watched someone else...

The time is maybe Quantum computing exists in a sort of superposition with regard to cryptography – it's both a pending threat and a technology of no immediate consequence for decryption.…

Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025...

Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. [...]

Bitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems last month. [...]

Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them...