Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
GeminiJack AI vulnerability security
What GeminiJack Reveals About Enterprise Risk
December 23, 2025
Recent years have seen not only an explosion of AI popularity and capabilities, but a shift in usage, from AI as a productivity tool to AI as an interpreter that sits on top of Gmail,…
Read More >
OT critical infrastructure AI
AI Is Moving Into Operational Technology—But Critical Infrastructure Isn’t Ready
December 22, 2025
AI has already remade how organizations build software and run business operations. Now it’s moving into power grids, pipelines, water treatment plants, and transportation systems —places where a bad decision doesn’t just interrupt work but…
Read More >
EtherRAT React2Shell North Korea DPRK
EtherRAT Signals A Strategic Shift From DPRK Hackers
December 18, 2025
A critical vulnerability in React2Shell, tracked as CVE-2025-55182, was publicly disclosed on December 3rd, 2025, and a highly evolved implant appeared in the wild only two days later. This rapid exploitation window mirrors the accelerating…
Read More >
ShadyPanda supply chain cybersecurity
The Seven-Year Extension Supply-Chain Attack Hiding in Plain Sight
December 17, 2025
A threat actor known as ShadyPanda, which carried out two cyberthreat operations with a scope of seven years, has been identified by researchers at endpoint security company Koi. The campaigns notably take advantage of browser…
Read More >
North Korea Contagious Interview npm
North Korea’s “Contagious Interview” Malware Floods npm With 200 New Packages
December 16, 2025
North Korea’s Contagious Interview operators have ramped up their campaign against software developers, pushing nearly 200 new malicious packages into the npm registry in the past month alone. According to research from Socket, the packages…
Read More >
CY AI security assessment
CYE Launches Hybrid AI to Shrink Remediation Timelines
December 16, 2025
Among the organizations asserting that AI is accelerating the speed of cyberattacks is Palo Alto Networks Unit 42. In the executive summary of its Global Incident Response Report, it stated that “early observations of AI-assisted…
Read More >
OpenAI Codex vulnerability
The Codex Trap: Silent Config File Hijacks Dev Workflows
December 11, 2025
A new investigation from Check Point Research exposes a quietly dangerous flaw in OpenAI Codex, which helps developers write, debug, and refactor code. This isn’t an exotic attack. It's a realistic, low-skill avenue for supply-chain…
Read More >
ghost tapping NFC mobile security
How NFC Scammers Are Targeting Tap-to-Pay Shoppers
December 09, 2025
Many forms of cyberthreat surge every year around the holidays, with the massive shopping rush exacerbating risk in both online and in-person purchases. The prevalence of large crowds, heavy retail traffic, and mobile payment options…
Read More >
Microsoft Teams Ontinue cross-tenant
The Expanding Universe of Microsoft Cross-Tenant Collaboration
December 08, 2025
Microsoft’s drive to make external collaboration in Teams nearly effortless has created a gap most security teams aren’t watching. New research from Ontinue shows that when users move into another organization’s tenant—even for something as…
Read More >
holiday season shopping cyberattacks
Holiday Cyberattacks Surge as Attackers Exploit the 2025 Shopping Season
December 05, 2025
As technology continues to advance and be increasingly integrated into varying areas of life, cyber risk becomes a more and more pressing area of concern. The 2025 holiday season represents the most aggressive alignment yet…
Read More >
governance risk digital transformation GRC
When Cloud Migration Outpaces Governance, Risk Follows Organizations into the Future
December 04, 2025
The tension between widespread, rapid adoption of cloud technology and the slower, more deliberate work of establishing governance creates a concerning gap that must be addressed. Advancements like multi-cloud, hybrid application environments multiply identity and…
Read More >
Comet browser Perplexity hidden API
Hidden API Sparks Fears Over AI Browser Security
December 02, 2025
If you rely on a browser powered by AI, a new threat has emerged. SquareX—providers of browser attack detection and response solutions—recently uncovered an undocumented API inside the Comet AI browser developed by Perplexity. The…
Read More >
GitLab prompt injection
GitLab’s AI Vulnerability Highlights the Dark Side of Prompt Injection
December 01, 2025
GitLab recently released new versions (18.5.2, 18.4.4, 18.3.6) of GitLab Community Edition (CE) and Enterprise Edition (EE) as an emergency patch for several new vulnerabilities. One of these vulnerabilities can enable attacks taking advantage of…
Read More >
Vanta Agentic Trust Platform GRC
Agentic Trust Takes Center Stage as Compliance, Risk, and Security Converge
December 01, 2025
Vanta has introduced a new set of products built around an upgraded version of its AI Agent, a move aimed at pulling compliance, risk, and security work back under one roof. It comes at a…
Read More >
Anthropic AI-automated attack
Inside the First Fully Autonomous Cyber-Espionage Campaign
November 25, 2025
The growth of AI in recent years has led to its widespread use for not only legitimate applications, but cybercriminal operations as well. Threat actors have increasingly turned to AI-enhanced tools for a variety of…
Read More >
cloud security AWS Cloud Trust report
Defining Security, Compliance, and Resilience in the Cloud Era
November 24, 2025
A decade ago, trust in IT mostly meant keeping a tight grip on your own infrastructure. Servers in a datacenter you controlled. Firewalls at the edge. A clear perimeter. That world is gone. Cloud adoption…
Read More >
cybersecurity AI CISO budgets
The Future of Cybersecurity: Trust, Autonomy, and the AI Arms Race
November 24, 2025
Insights from leaders like CISOs are a vital part of threat intelligence, important for organizations to follow in order to maintain effective defenses against an ever-shifting landscape of threats. The RSAC Conference recently released a…
Read More >
Qualys botnet web security
How Botnets Are Weaponizing the Modern Web
November 18, 2025
The threat landscape is always shifting, with traditional tactics and tools often reemerging as attack trends and technological advances make them more profitable once more. The Threat Research Unit (TRU) at Qualys recently discovered a…
Read More >
Subscribe for the Latest News
Webinars
5 SIEM Migration Myths Debunked: Why You Should Move to a Cloud-Native, AI-Driven SOC
Register Now
Securing the AI Frontier: Defending the Enterprise Ecosystem with Prisma AIRS
Register Now
Takeaways from Major Open Source Library Attacks
Register Now