Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
software supply chain risk ai code
As AI Rewrites Software Supply Chains, Security Fails to Keep Pace
December 30, 2025
AI-assisted coding has crossed the line from experimental to essential. According to new research from Black Duck, nearly every organization now relies on AI tools to generate software code. This creates a big problem! Security…
Read More >
email security email bombing
Email Is Still the Front Door—Attackers Are Just Using More Rooms Now
December 30, 2025
In recent years, a common belief has arisen that email is becoming less relevant as an attack vector. With attackers increasingly favoring tactics leveraging AI, cloud-native applications, and social engineering via voice and video, the…
Read More >
misconfigurations zero day Russian hackers GRU
Why Russian Hackers Are Abandoning Zero-Days for Misconfigurations
December 29, 2025
For years, elite state-backed hackers have been defined by their exploits. Zero-days were the calling card—rare bugs, complex chains, techniques that only a handful of teams could pull off. That image still dominates how many…
Read More >
agentic browsers security Gartner
Agentic Browsers Promise Productivity—But Gartner Says They’re Too Dangerous to Touch
December 29, 2025
One of the most prominent current trends in the AI explosion of recent years is the rapid rise of agentic browsers like Arc, Opera AI, and others, positioning themselves as “AI-powered productivity engines.” These tools…
Read More >
GeminiJack AI vulnerability security
What GeminiJack Reveals About Enterprise Risk
December 23, 2025
Recent years have seen not only an explosion of AI popularity and capabilities, but a shift in usage, from AI as a productivity tool to AI as an interpreter that sits on top of Gmail,…
Read More >
OT critical infrastructure AI
AI Is Moving Into Operational Technology—But Critical Infrastructure Isn’t Ready
December 22, 2025
AI has already remade how organizations build software and run business operations. Now it’s moving into power grids, pipelines, water treatment plants, and transportation systems —places where a bad decision doesn’t just interrupt work but…
Read More >
EtherRAT React2Shell North Korea DPRK
EtherRAT Signals A Strategic Shift From DPRK Hackers
December 18, 2025
A critical vulnerability in React2Shell, tracked as CVE-2025-55182, was publicly disclosed on December 3rd, 2025, and a highly evolved implant appeared in the wild only two days later. This rapid exploitation window mirrors the accelerating…
Read More >
ShadyPanda supply chain cybersecurity
The Seven-Year Extension Supply-Chain Attack Hiding in Plain Sight
December 17, 2025
A threat actor known as ShadyPanda, which carried out two cyberthreat operations with a scope of seven years, has been identified by researchers at endpoint security company Koi. The campaigns notably take advantage of browser…
Read More >
North Korea Contagious Interview npm
North Korea’s “Contagious Interview” Malware Floods npm With 200 New Packages
December 16, 2025
North Korea’s Contagious Interview operators have ramped up their campaign against software developers, pushing nearly 200 new malicious packages into the npm registry in the past month alone. According to research from Socket, the packages…
Read More >
CY AI security assessment
CYE Launches Hybrid AI to Shrink Remediation Timelines
December 16, 2025
Among the organizations asserting that AI is accelerating the speed of cyberattacks is Palo Alto Networks Unit 42. In the executive summary of its Global Incident Response Report, it stated that “early observations of AI-assisted…
Read More >
OpenAI Codex vulnerability
The Codex Trap: Silent Config File Hijacks Dev Workflows
December 11, 2025
A new investigation from Check Point Research exposes a quietly dangerous flaw in OpenAI Codex, which helps developers write, debug, and refactor code. This isn’t an exotic attack. It's a realistic, low-skill avenue for supply-chain…
Read More >
ghost tapping NFC mobile security
How NFC Scammers Are Targeting Tap-to-Pay Shoppers
December 09, 2025
Many forms of cyberthreat surge every year around the holidays, with the massive shopping rush exacerbating risk in both online and in-person purchases. The prevalence of large crowds, heavy retail traffic, and mobile payment options…
Read More >
Microsoft Teams Ontinue cross-tenant
The Expanding Universe of Microsoft Cross-Tenant Collaboration
December 08, 2025
Microsoft’s drive to make external collaboration in Teams nearly effortless has created a gap most security teams aren’t watching. New research from Ontinue shows that when users move into another organization’s tenant—even for something as…
Read More >
holiday season shopping cyberattacks
Holiday Cyberattacks Surge as Attackers Exploit the 2025 Shopping Season
December 05, 2025
As technology continues to advance and be increasingly integrated into varying areas of life, cyber risk becomes a more and more pressing area of concern. The 2025 holiday season represents the most aggressive alignment yet…
Read More >
governance risk digital transformation GRC
When Cloud Migration Outpaces Governance, Risk Follows Organizations into the Future
December 04, 2025
The tension between widespread, rapid adoption of cloud technology and the slower, more deliberate work of establishing governance creates a concerning gap that must be addressed. Advancements like multi-cloud, hybrid application environments multiply identity and…
Read More >
Comet browser Perplexity hidden API
Hidden API Sparks Fears Over AI Browser Security
December 02, 2025
If you rely on a browser powered by AI, a new threat has emerged. SquareX—providers of browser attack detection and response solutions—recently uncovered an undocumented API inside the Comet AI browser developed by Perplexity. The…
Read More >
GitLab prompt injection
GitLab’s AI Vulnerability Highlights the Dark Side of Prompt Injection
December 01, 2025
GitLab recently released new versions (18.5.2, 18.4.4, 18.3.6) of GitLab Community Edition (CE) and Enterprise Edition (EE) as an emergency patch for several new vulnerabilities. One of these vulnerabilities can enable attacks taking advantage of…
Read More >
Vanta Agentic Trust Platform GRC
Agentic Trust Takes Center Stage as Compliance, Risk, and Security Converge
December 01, 2025
Vanta has introduced a new set of products built around an upgraded version of its AI Agent, a move aimed at pulling compliance, risk, and security work back under one roof. It comes at a…
Read More >
Subscribe for the Latest News
Webinars
Is Your Security Built for Today’s World?
Register Now
Cloud Ransomware Tabletop: Unpacking an Attack from Detection to Recovery
Register Now
The 4 Levels of Cloud Cyber Resilience: Where Does Your Organization Stand?
Register Now