Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
LinkedIn phishing comments policy violation
Fake LinkedIn “Policy Violation” Comments Turn Public Posts into Phishing Traps
February 05, 2026
A recent phishing campaign has arisen targeting users on LinkedIn in public post comments. This demonstrates attackers shifting away from DMs and email as initial attack vectors and toward highly visible spaces where users feel…
Read More >
Kimwolf DDoS botnet
Infected Android Devices Are Powering a Global DDoS Army
February 03, 2026
A massive, sprawling DDoS and proxy botnet, known as Kimwolf, has recently shown increased activity, growing to more than two million infected devices since August 2025. These millions of Android devices are globally distributed and…
Read More >
Fortinet cloud complexity AI
The Cloud Complexity Gap Is Becoming an AI Security Liability
February 02, 2026
A new report from Fortinet and Cybersecurity Insiders outlines growing tension between the pace of AI-driven cloud adoption and the capacity of current security models to keep up. The 2026 Cloud Security Report highlights how…
Read More >
Black Duck Broadcom Wi-Fi vulnerability
How a Broadcom Wi-Fi Flaw Exposes a Fragile Wireless Reality
February 02, 2026
Wireless networks are often treated as invisible utilities by organizations and individuals alike—expected to work continuously, silently, and flawlessly. Unfortunately, this assumption is not always true, as demonstrated in a recent publication based on a…
Read More >
Veeam RCE remote code execution vulnerability
Critical Veeam Remote Code Execution Attack Highlights Risk of Trusted Backup Access
January 29, 2026
Shortly after the New Year, Veeam disclosed a critical Remote Code Execution (RCE) vulnerability in its backup and replication software. This underscores a familiar but uncomfortable reality in enterprise security: The most dangerous attacks often don’t…
Read More >
quishing qr code phishing
North Korea’s Kimsuky Turns to “Quishing” Against U.S. Organizations
January 27, 2026
The United States Federal Bureau of Investigation (FBI) has released a FLASH alert warning about evolving techniques in campaigns by the North Korean state-sponsored threat group known as Kimsuky. The alert reveals an evolution in…
Read More >
UK Government Cyber Action Plan
Why Government Is Rethinking Cybersecurity as a System, Not a Silo
January 26, 2026
The UK government has published a new Government Cyber Action Plan backed by £210 million in funding, setting out a coordinated strategy to address cybersecurity risks across the public sector. Framed as a response to…
Read More >
ClickFix phishing hotel hospitality PHALT#BLYX
Inside the ClickFix Campaign Targeting Hospitality
January 23, 2026
Phishing is one of the oldest social engineering tricks in a threat actor’s playbook, a tried-and-true technique that continues to pay out as attacks and defenses advance over time. Rather than stagnating in the face…
Read More >
Google Cloud email security phishing
How Attackers Are Abusing Google Cloud to Evade Email Security
January 20, 2026
Phishing is one of the tried-and-true methods that attackers have been heavily relying on since the early days of the internet, but it is far from a stagnant technique. Over the years, phishing has grown…
Read More >
CyberArk privileged access security controls
Why Security Controls Are Collapsing Under Their Own Weight
January 20, 2026
A new report from CyberArk paints a stark picture: while organizations say they’re modernizing, their security models haven’t kept up. According to The Privilege Reality Gap, the divide between perception and reality in privileged access…
Read More >
Ping biometric security AI
Zero-Knowledge Biometrics and the New Rules of Digital Trust in the Age of AI
January 19, 2026
In recent years, the growth of AI tools has fundamentally altered the economics of identity fraud. Deepfakes, synthetic identities, and automated phishing are now able to scale faster than traditional defenses, amplifying threats and shifting…
Read More >
CISA GeoServer
CISA Sounds the Alarm on Actively Exploited GeoServer Flaw
January 19, 2026
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a new Known Exploited Vulnerability (KEV) and put out a binding operational directive for all Federal Civilian Executive Branch (FCEB) agencies to patch the…
Read More >
cybersecurity burnout AI
AI Didn’t Eliminate Burnout—It Changed Its Shape
January 13, 2026
While the growing use of AI in business environments can be largely successful at eliminating repetitive work and alleviating traditional sources of burnout, it also introduces new complexities and fails to reduce overall stress. A…
Read More >
Cisco zero-day vulnerability
Cisco Zero-Day Exposes a Dangerous Blind Spot
January 12, 2026
Leading technology company Cisco has disclosed a zero-day vulnerability being exploited in a new campaign. The flaw, tracked as CVE-2025-20393, affects multiple widely-used products running Cisco AsyncOS Software: Cisco Secure Email Gateway, Secure Email, and…
Read More >
Marquis Software Solutions zero-day ransomware
How a Firewall Zero-Day Turned a Vendor Breach Into a Banking-Sector Event
January 09, 2026
A routine breach notification filed with the Maine Attorney General reveals an event with far-reaching consequences: a ransomware attack on Marquis Software Solutions, a third-party provider for U.S. banks and credit unions, compromised sensitive customer…
Read More >
Nezha open-source backdoor
When Legitimate Tools Become Perfect Backdoors
January 09, 2026
The modern threat landscape shows developments in attack tactics that change the scope of what attackers can do with various tools. Recent advances have demonstrated that threat actors no longer need custom malware to establish…
Read More >
KPMG cybersecurity budget
Cybersecurity’s Budget Boom Signals a Strategic Reset for the Enterprise
January 06, 2026
Leading accounting firm KPMG recently released the 2025 KPMG Cybersecurity Survey, demonstrating the current trends in cybersecurity spending based on a poll of over 300 C-suite and senior security leaders. The survey shows nearly universal…
Read More >
BeaverTail recruiting lure Lazarus
Lazarus Turns Recruitment Lures Into a Multi-Stage Intrusion Factory
January 02, 2026
Darktrace researchers say a newly identified BeaverTail variant represents a clear step forward in how Lazarus-linked operators are building malware and running campaigns. What started out as a simple JavaScript-based stealer has grown into a…
Read More >
Subscribe for the Latest News
Webinars
Cloud Ransomware Tabletop: Unpacking an Attack from Detection to Recovery
Register Now
The 4 Levels of Cloud Cyber Resilience: Where Does Your Organization Stand?
Register Now
From Detection to Recovery: How CrowdStrike & Rubrik Unite to Stop Identity-Driven Attacks
Register Now