Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
Veeam RCE remote code execution vulnerability
Critical Veeam Remote Code Execution Attack Highlights Risk of Trusted Backup Access
January 29, 2026
Shortly after the New Year, Veeam disclosed a critical Remote Code Execution (RCE) vulnerability in its backup and replication software. This underscores a familiar but uncomfortable reality in enterprise security: The most dangerous attacks often don’t…
Read More >
quishing qr code phishing
North Korea’s Kimsuky Turns to “Quishing” Against U.S. Organizations
January 27, 2026
The United States Federal Bureau of Investigation (FBI) has released a FLASH alert warning about evolving techniques in campaigns by the North Korean state-sponsored threat group known as Kimsuky. The alert reveals an evolution in…
Read More >
UK Government Cyber Action Plan
Why Government Is Rethinking Cybersecurity as a System, Not a Silo
January 26, 2026
The UK government has published a new Government Cyber Action Plan backed by £210 million in funding, setting out a coordinated strategy to address cybersecurity risks across the public sector. Framed as a response to…
Read More >
ClickFix phishing hotel hospitality PHALT#BLYX
Inside the ClickFix Campaign Targeting Hospitality
January 23, 2026
Phishing is one of the oldest social engineering tricks in a threat actor’s playbook, a tried-and-true technique that continues to pay out as attacks and defenses advance over time. Rather than stagnating in the face…
Read More >
Google Cloud email security phishing
How Attackers Are Abusing Google Cloud to Evade Email Security
January 20, 2026
Phishing is one of the tried-and-true methods that attackers have been heavily relying on since the early days of the internet, but it is far from a stagnant technique. Over the years, phishing has grown…
Read More >
CyberArk privileged access security controls
Why Security Controls Are Collapsing Under Their Own Weight
January 20, 2026
A new report from CyberArk paints a stark picture: while organizations say they’re modernizing, their security models haven’t kept up. According to The Privilege Reality Gap, the divide between perception and reality in privileged access…
Read More >
Ping biometric security AI
Zero-Knowledge Biometrics and the New Rules of Digital Trust in the Age of AI
January 19, 2026
In recent years, the growth of AI tools has fundamentally altered the economics of identity fraud. Deepfakes, synthetic identities, and automated phishing are now able to scale faster than traditional defenses, amplifying threats and shifting…
Read More >
CISA GeoServer
CISA Sounds the Alarm on Actively Exploited GeoServer Flaw
January 19, 2026
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a new Known Exploited Vulnerability (KEV) and put out a binding operational directive for all Federal Civilian Executive Branch (FCEB) agencies to patch the…
Read More >
cybersecurity burnout AI
AI Didn’t Eliminate Burnout—It Changed Its Shape
January 13, 2026
While the growing use of AI in business environments can be largely successful at eliminating repetitive work and alleviating traditional sources of burnout, it also introduces new complexities and fails to reduce overall stress. A…
Read More >
Cisco zero-day vulnerability
Cisco Zero-Day Exposes a Dangerous Blind Spot
January 12, 2026
Leading technology company Cisco has disclosed a zero-day vulnerability being exploited in a new campaign. The flaw, tracked as CVE-2025-20393, affects multiple widely-used products running Cisco AsyncOS Software: Cisco Secure Email Gateway, Secure Email, and…
Read More >
Marquis Software Solutions zero-day ransomware
How a Firewall Zero-Day Turned a Vendor Breach Into a Banking-Sector Event
January 09, 2026
A routine breach notification filed with the Maine Attorney General reveals an event with far-reaching consequences: a ransomware attack on Marquis Software Solutions, a third-party provider for U.S. banks and credit unions, compromised sensitive customer…
Read More >
Nezha open-source backdoor
When Legitimate Tools Become Perfect Backdoors
January 09, 2026
The modern threat landscape shows developments in attack tactics that change the scope of what attackers can do with various tools. Recent advances have demonstrated that threat actors no longer need custom malware to establish…
Read More >
KPMG cybersecurity budget
Cybersecurity’s Budget Boom Signals a Strategic Reset for the Enterprise
January 06, 2026
Leading accounting firm KPMG recently released the 2025 KPMG Cybersecurity Survey, demonstrating the current trends in cybersecurity spending based on a poll of over 300 C-suite and senior security leaders. The survey shows nearly universal…
Read More >
BeaverTail recruiting lure Lazarus
Lazarus Turns Recruitment Lures Into a Multi-Stage Intrusion Factory
January 02, 2026
Darktrace researchers say a newly identified BeaverTail variant represents a clear step forward in how Lazarus-linked operators are building malware and running campaigns. What started out as a simple JavaScript-based stealer has grown into a…
Read More >
FBI 630 million credentials identity security passwords
A Wake-Up Call on Credential Theft
December 31, 2025
A recent body of 630 million compromised credentials has been recovered by the FBI from multiple devices belonging to one suspect. This is a rare occurrence even by modern standards. While the scale of cybercrime…
Read More >
software supply chain risk ai code
As AI Rewrites Software Supply Chains, Security Fails to Keep Pace
December 30, 2025
AI-assisted coding has crossed the line from experimental to essential. According to new research from Black Duck, nearly every organization now relies on AI tools to generate software code. This creates a big problem! Security…
Read More >
email security email bombing
Email Is Still the Front Door—Attackers Are Just Using More Rooms Now
December 30, 2025
In recent years, a common belief has arisen that email is becoming less relevant as an attack vector. With attackers increasingly favoring tactics leveraging AI, cloud-native applications, and social engineering via voice and video, the…
Read More >
misconfigurations zero day Russian hackers GRU
Why Russian Hackers Are Abandoning Zero-Days for Misconfigurations
December 29, 2025
For years, elite state-backed hackers have been defined by their exploits. Zero-days were the calling card—rare bugs, complex chains, techniques that only a handful of teams could pull off. That image still dominates how many…
Read More >
Subscribe for the Latest News
Webinars
Securing the AI Frontier: Defending the Enterprise Ecosystem with Prisma AIRS
Register Now
Takeaways from Major Open Source Library Attacks
Register Now
Scaling Secure Development: Modern Code Security Without Slowing Innovation
Register Now