Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
CISA GeoServer
CISA Sounds the Alarm on Actively Exploited GeoServer Flaw
January 19, 2026
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a new Known Exploited Vulnerability (KEV) and put out a binding operational directive for all Federal Civilian Executive Branch (FCEB) agencies to patch the…
Read More >
cybersecurity burnout AI
AI Didn’t Eliminate Burnout—It Changed Its Shape
January 13, 2026
While the growing use of AI in business environments can be largely successful at eliminating repetitive work and alleviating traditional sources of burnout, it also introduces new complexities and fails to reduce overall stress. A…
Read More >
Cisco zero-day vulnerability
Cisco Zero-Day Exposes a Dangerous Blind Spot
January 12, 2026
Leading technology company Cisco has disclosed a zero-day vulnerability being exploited in a new campaign. The flaw, tracked as CVE-2025-20393, affects multiple widely-used products running Cisco AsyncOS Software: Cisco Secure Email Gateway, Secure Email, and…
Read More >
Marquis Software Solutions zero-day ransomware
How a Firewall Zero-Day Turned a Vendor Breach Into a Banking-Sector Event
January 09, 2026
A routine breach notification filed with the Maine Attorney General reveals an event with far-reaching consequences: a ransomware attack on Marquis Software Solutions, a third-party provider for U.S. banks and credit unions, compromised sensitive customer…
Read More >
Nezha open-source backdoor
When Legitimate Tools Become Perfect Backdoors
January 09, 2026
The modern threat landscape shows developments in attack tactics that change the scope of what attackers can do with various tools. Recent advances have demonstrated that threat actors no longer need custom malware to establish…
Read More >
KPMG cybersecurity budget
Cybersecurity’s Budget Boom Signals a Strategic Reset for the Enterprise
January 06, 2026
Leading accounting firm KPMG recently released the 2025 KPMG Cybersecurity Survey, demonstrating the current trends in cybersecurity spending based on a poll of over 300 C-suite and senior security leaders. The survey shows nearly universal…
Read More >
BeaverTail recruiting lure Lazarus
Lazarus Turns Recruitment Lures Into a Multi-Stage Intrusion Factory
January 02, 2026
Darktrace researchers say a newly identified BeaverTail variant represents a clear step forward in how Lazarus-linked operators are building malware and running campaigns. What started out as a simple JavaScript-based stealer has grown into a…
Read More >
FBI 630 million credentials identity security passwords
A Wake-Up Call on Credential Theft
December 31, 2025
A recent body of 630 million compromised credentials has been recovered by the FBI from multiple devices belonging to one suspect. This is a rare occurrence even by modern standards. While the scale of cybercrime…
Read More >
software supply chain risk ai code
As AI Rewrites Software Supply Chains, Security Fails to Keep Pace
December 30, 2025
AI-assisted coding has crossed the line from experimental to essential. According to new research from Black Duck, nearly every organization now relies on AI tools to generate software code. This creates a big problem! Security…
Read More >
email security email bombing
Email Is Still the Front Door—Attackers Are Just Using More Rooms Now
December 30, 2025
In recent years, a common belief has arisen that email is becoming less relevant as an attack vector. With attackers increasingly favoring tactics leveraging AI, cloud-native applications, and social engineering via voice and video, the…
Read More >
misconfigurations zero day Russian hackers GRU
Why Russian Hackers Are Abandoning Zero-Days for Misconfigurations
December 29, 2025
For years, elite state-backed hackers have been defined by their exploits. Zero-days were the calling card—rare bugs, complex chains, techniques that only a handful of teams could pull off. That image still dominates how many…
Read More >
agentic browsers security Gartner
Agentic Browsers Promise Productivity—But Gartner Says They’re Too Dangerous to Touch
December 29, 2025
One of the most prominent current trends in the AI explosion of recent years is the rapid rise of agentic browsers like Arc, Opera AI, and others, positioning themselves as “AI-powered productivity engines.” These tools…
Read More >
GeminiJack AI vulnerability security
What GeminiJack Reveals About Enterprise Risk
December 23, 2025
Recent years have seen not only an explosion of AI popularity and capabilities, but a shift in usage, from AI as a productivity tool to AI as an interpreter that sits on top of Gmail,…
Read More >
OT critical infrastructure AI
AI Is Moving Into Operational Technology—But Critical Infrastructure Isn’t Ready
December 22, 2025
AI has already remade how organizations build software and run business operations. Now it’s moving into power grids, pipelines, water treatment plants, and transportation systems —places where a bad decision doesn’t just interrupt work but…
Read More >
EtherRAT React2Shell North Korea DPRK
EtherRAT Signals A Strategic Shift From DPRK Hackers
December 18, 2025
A critical vulnerability in React2Shell, tracked as CVE-2025-55182, was publicly disclosed on December 3rd, 2025, and a highly evolved implant appeared in the wild only two days later. This rapid exploitation window mirrors the accelerating…
Read More >
ShadyPanda supply chain cybersecurity
The Seven-Year Extension Supply-Chain Attack Hiding in Plain Sight
December 17, 2025
A threat actor known as ShadyPanda, which carried out two cyberthreat operations with a scope of seven years, has been identified by researchers at endpoint security company Koi. The campaigns notably take advantage of browser…
Read More >
North Korea Contagious Interview npm
North Korea’s “Contagious Interview” Malware Floods npm With 200 New Packages
December 16, 2025
North Korea’s Contagious Interview operators have ramped up their campaign against software developers, pushing nearly 200 new malicious packages into the npm registry in the past month alone. According to research from Socket, the packages…
Read More >
CY AI security assessment
CYE Launches Hybrid AI to Shrink Remediation Timelines
December 16, 2025
Among the organizations asserting that AI is accelerating the speed of cyberattacks is Palo Alto Networks Unit 42. In the executive summary of its Global Incident Response Report, it stated that “early observations of AI-assisted…
Read More >
Subscribe for the Latest News
Webinars
Scaling Code Security for Builders Beyond Developer-First
Register Now
Cyber Resilience in Action: How IBM and Index Engines Deliver a Detection-to-Recovery Pipeline
Register Now
Passwordless Authentication: A Practical Approach to Modernizing Access
Register Now