December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the... The post Top ...

Threat actors had another banner year in 2025. As we head into 2026, looking back on the five top security threats of 2025 ...

2025 included a number of monumental threats, from global nation-state attacks to a critical vulnerability under widespread ...

Research by The Shadowserver Foundation shows that 74,854 MongoDB servers are still vulnerable to the “MongoBleed” ...

While a public proof-of-concept code was released last Thursday, attacks exploiting the Log4Shell vulnerability started two weeks ago. The first attacks were observed on December 1 and December 2, ...

Tens of millions of downloads of the popular Java logging library Log4j this year were vulnerable to a CVSS 10.0-rated vulnerability that first surfaced four years ago, according to Sonatype. The ...

When you treat vulnerabilities as clues instead of chores, you uncover threats, fix blind spots and finally make your security program work smarter. For years, I watched organizations treat ...

The cybersecurity industry has made huge strides in detection and visibility. Modern tools surface a deluge of exposure data, and frameworks like exploit prediction scoring system (EPSS) have added ...

Windows doesn’t offer a single switch to disable Exploit Protection completely. You can only disable individual mitigations system-wide or per app. We strongly recommend turning it off only for ...

Update Nov. 3, 10:42 am UTC: This article has been updated to include a section on Berachain’s emergency hard fork. Update Nov. 3, 9:47 am UTC: This article has been updated to add the latest figures, ...

A hacker has pulled off one of the most alarming AI-powered cyberattacks ever documented. According to Anthropic, the company behind Claude, a hacker used its artificial intelligence chatbot to ...