Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
OpenAI Codex vulnerability
The Codex Trap: Silent Config File Hijacks Dev Workflows
December 11, 2025
A new investigation from Check Point Research exposes a quietly dangerous flaw in OpenAI Codex, which helps developers write, debug, and refactor code. This isn’t an exotic attack. It's a realistic, low-skill avenue for supply-chain…
Read More >
ghost tapping NFC mobile security
How NFC Scammers Are Targeting Tap-to-Pay Shoppers
December 09, 2025
Many forms of cyberthreat surge every year around the holidays, with the massive shopping rush exacerbating risk in both online and in-person purchases. The prevalence of large crowds, heavy retail traffic, and mobile payment options…
Read More >
Microsoft Teams Ontinue cross-tenant
The Expanding Universe of Microsoft Cross-Tenant Collaboration
December 08, 2025
Microsoft’s drive to make external collaboration in Teams nearly effortless has created a gap most security teams aren’t watching. New research from Ontinue shows that when users move into another organization’s tenant—even for something as…
Read More >
holiday season shopping cyberattacks
Holiday Cyberattacks Surge as Attackers Exploit the 2025 Shopping Season
December 05, 2025
As technology continues to advance and be increasingly integrated into varying areas of life, cyber risk becomes a more and more pressing area of concern. The 2025 holiday season represents the most aggressive alignment yet…
Read More >
governance risk digital transformation GRC
When Cloud Migration Outpaces Governance, Risk Follows Organizations into the Future
December 04, 2025
The tension between widespread, rapid adoption of cloud technology and the slower, more deliberate work of establishing governance creates a concerning gap that must be addressed. Advancements like multi-cloud, hybrid application environments multiply identity and…
Read More >
Comet browser Perplexity hidden API
Hidden API Sparks Fears Over AI Browser Security
December 02, 2025
If you rely on a browser powered by AI, a new threat has emerged. SquareX—providers of browser attack detection and response solutions—recently uncovered an undocumented API inside the Comet AI browser developed by Perplexity. The…
Read More >
GitLab prompt injection
GitLab’s AI Vulnerability Highlights the Dark Side of Prompt Injection
December 01, 2025
GitLab recently released new versions (18.5.2, 18.4.4, 18.3.6) of GitLab Community Edition (CE) and Enterprise Edition (EE) as an emergency patch for several new vulnerabilities. One of these vulnerabilities can enable attacks taking advantage of…
Read More >
Vanta Agentic Trust Platform GRC
Agentic Trust Takes Center Stage as Compliance, Risk, and Security Converge
December 01, 2025
Vanta has introduced a new set of products built around an upgraded version of its AI Agent, a move aimed at pulling compliance, risk, and security work back under one roof. It comes at a…
Read More >
Anthropic AI-automated attack
Inside the First Fully Autonomous Cyber-Espionage Campaign
November 25, 2025
The growth of AI in recent years has led to its widespread use for not only legitimate applications, but cybercriminal operations as well. Threat actors have increasingly turned to AI-enhanced tools for a variety of…
Read More >
cloud security AWS Cloud Trust report
Defining Security, Compliance, and Resilience in the Cloud Era
November 24, 2025
A decade ago, trust in IT mostly meant keeping a tight grip on your own infrastructure. Servers in a datacenter you controlled. Firewalls at the edge. A clear perimeter. That world is gone. Cloud adoption…
Read More >
cybersecurity AI CISO budgets
The Future of Cybersecurity: Trust, Autonomy, and the AI Arms Race
November 24, 2025
Insights from leaders like CISOs are a vital part of threat intelligence, important for organizations to follow in order to maintain effective defenses against an ever-shifting landscape of threats. The RSAC Conference recently released a…
Read More >
Qualys botnet web security
How Botnets Are Weaponizing the Modern Web
November 18, 2025
The threat landscape is always shifting, with traditional tactics and tools often reemerging as attack trends and technological advances make them more profitable once more. The Threat Research Unit (TRU) at Qualys recently discovered a…
Read More >
Arkose Labs threat intelligence automation trust
How Automation Is Rewriting the Rules of Trust Online
November 17, 2025
A recent report from Arkose Labs, Enterprises Under Attack: Quarterly Threat Actor Patterns, reveals a number of trends differentiating Q2 2025 from Q1. The rise of AI and crime-as-a-service is reshaping the global threat landscape,…
Read More >
WordPress plugins GutenKit Hunk Companion
The Mass Exploitation of GutenKit and Hunk Companion
November 15, 2025
In early October, Wordfence, which specializes in WordPress security, discovered a large-scale exploitation campaign had resurfaced. The attack weaponized the long-standing capability-check flaws in two WordPress plugins: GutenKit (CVE-2024-9234) Hunk Companion (CVE-2024-9707 and CVE-2024-11972) “This…
Read More >
cargo theft supply chain Proofpoint
How Cybercriminals Are Turning Remote Access into Real-World Cargo Theft
November 11, 2025
Technological advances and evolving cybercriminal tactics are creating a new landscape of attacks, with updated goals and consequences. Whereas cybercrime traditionally has focused on more abstract aims—though still with significant real-life impacts—like data theft and…
Read More >
agentic AI risk management
Agentic AI: The Blind Spot in Corporate Risk Management
November 10, 2025
Risk management software provider Riskonnect recently released the 2025 New Generation of Risk Report, providing insight into the most pressing risks facing organizations today. The report shows general improvements in risk management, but a significant…
Read More >
agentic access management AAM framework
Oasis Launches Framework for Agentic Access Management
November 07, 2025
The market for agentic AI—the kind of artificial intelligence that can not only analyze data but act on it—is expanding fast. Analysts expect it to grow from $1.83 billion in 2025 to $7.84 billion by…
Read More >
Python
RCE Flaw in Python-SocketIO Exposes a Trusted Assumption
November 04, 2025
For years, Python has been the go-to language for developers who value speed and simplicity. Its clean syntax and massive ecosystem make it easy to get things done fast. The newly disclosed CVE-2025-61765 flaw in…
Read More >
Subscribe for the Latest News
Webinars
Scaling Code Security for Builders Beyond Developer-First
Register Now
Cyber Resilience in Action: How IBM and Index Engines Deliver a Detection-to-Recovery Pipeline
Register Now
Passwordless Authentication: A Practical Approach to Modernizing Access
Register Now