Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
StealC phishing credential theft
How Steganography and Bitbucket Are Delivering the StealC Information Stealer
September 29, 2025
A user opens their email to find what looks to be a legitimate—and urgent—message purporting to be from Meta Support. The email claims that the user’s account has been reported and is scheduled to be…
Read More >
Cursor IDE developer code autorun
New Vulnerability Exposes Developers to Silent Code Execution
September 26, 2025
Developers using the popular AI-powered code editor Cursor may be exposing themselves to silent attacks the moment they open a project. Oasis Security uncovered a critical vulnerability that, unlike the typical IDE flaws rooted in…
Read More >
Kering Gucci Balenciaga data breach
Luxury Fashion Faces a Cyber Reckoning: Kering Breach Exposes Millions
September 24, 2025
Luxury fashion group Kering, which includes such high-end brands as Gucci, Balenciaga, and Yves Saint Laurent, has recently been hit by a major data breach. Malicious actors hacked Kering’s systems to steal vast amounts of…
Read More >
SBOM software supply chain
Why a Shared SBOM Vision Could Be the Key to Securing the Software Supply Chain
September 23, 2025
In an era of increasingly interconnected digital landscapes, the software supply chain is a crucial area to secure, affecting organizations across all sectors. Software supply chain attacks are on the rise among modern threats, and…
Read More >
npm worm supply chain credential theft
How a Self-Propagating npm Attack Is Hunting Developer Secrets
September 23, 2025
A developer runs a routine update, the kind that happens dozens of times a week. Nothing unusual flashes on the screen. But buried inside the new package is a hidden file called bundle.js. The moment…
Read More >
RBI Burger King data breach
Burger King Parent RBI Exposed by Ethical Hackers
September 16, 2025
Recently, ethical hackers uncovered critical vulnerabilities in platforms hosted by Restaurant Brands International, the parent company that owns such major fast food chains as Burger King, Popeyes Louisiana Kitchen, and Tim Hortons. Two ethical hackers,…
Read More >
SEO poisoning malware Fortinet
SEO Poisoning Campaign Targets Chinese Users with Hiddengh0st and Winos Malware
September 15, 2025
Many security issues on the internet stem from avoidable mistakes based on an assumption of safety or legitimacy, often supported by implicitly understood “trust signals.” Users online are primed to have confidence in search engines,…
Read More >
CISA KEV TP-Link WhatsApp
CISA Flags Actively Exploited Flaws in TP-Link Devices and WhatsApp
September 15, 2025
The Cybersecurity and Infrastructure Security Agency has added two more entries to its Known Exploited Vulnerabilities catalog, the list of bugs it says pose significant risk to the federal enterprise. Inclusion on the KEV means…
Read More >
NPM open source breach
Crypto-Stealing Code Slips Into NPM
September 12, 2025
Josh Junon, a software developer and maintainer, revealed on social media this week that his account had been compromised and 18 of his popular JavaScript packages tampered with. The malicious updates injected code designed to…
Read More >
Docker Desktop container security
Docker Desktop Flaw Exposes Hosts to Privilege Escalation
September 08, 2025
Containers are a highly important security boundary used in countless contexts to isolate an environment from other applications on the operating system. The container environment, such as a sandbox, works toward a variety of purposes,…
Read More >
Black Duck embedded software supply chain AI
AI Risks and Supply Chain Demands Redefine the Future
September 06, 2025
The embedded software industry is in the middle of a major reset. According to Black Duck’s State of Embedded Software Quality and Safety 2025 report, AI tools are changing how code is written, tested, and…
Read More >
Workday social engineering breach
Workday Breach Highlights Expanding Wave of Social Engineering Attacks
September 02, 2025
Social engineering, while an age-old tactic of cybercriminals, is by no means outdated or ineffective in modern environments. Threat actors continue to rely on deceptive methods and take advantage of the human element to cause…
Read More >
OT security Dragos
The Hidden Cost of OT Cyber Disruption
September 01, 2025
Operational technology has become a prime target for cyberattacks, and the stakes are growing. These are the systems behind factories, power grids, and transit networks. When they fail, the disruption spreads well beyond the IT…
Read More >
ransomware credentials data exfiltration
Why Credential Theft and Data Exfiltration Are Outpacing Ransomware
August 29, 2025
Due to the constant evolution of the threat landscape, the common reputation of ransomware is no longer representative of reality. While many think of ransomware solely as hackers compromising and encrypting sensitive files in order…
Read More >
certificates post quantum cryptography
47-Day Certificates and Quantum Computing: Why Crypto Agility Can’t Wait
August 29, 2025
Digital trust is now entering one of the most disruptive periods in its history. Two forces are converging that will redefine how organizations secure their data and transactions: The radical shortening of SSL/TLS certificate lifespans…
Read More >
Erlang/OTP
Critical Erlang/OTP SSH Flaw Actively Exploited, OT Networks in Crosshairs
August 26, 2025
Attackers are now actively exploiting a critical flaw in Erlang/OTP’s SSH implementation (CVE-2025-32433), with most activity targeting operational technology (OT) environments. The flaw, which enables arbitrary code execution in the context of the SSH daemon,…
Read More >
Russia breach federal court system
Russia Suspected in Years-Long Breach of Federal Court System
August 25, 2025
Companies and government institutions alike have long been on the alert for cyber incidents motivated by foreign interests. In an environment like the geopolitical landscape of the past several years, especially, major cyberattacks from overseas…
Read More >
Exchange server vulnerabilities
Tens of Thousands of Exchange Servers Still Unpatched, Leaving Cloud Domains at Risk
August 22, 2025
In April, Microsoft disclosed CVE-2025-53786, a high-severity flaw in on-premises Exchange Server that can give attackers a direct route to compromising connected Microsoft cloud environments. Four months later, more than 29,000 Exchange servers exposed to…
Read More >
Subscribe for the Latest News
Webinars
Scaling Code Security for Builders Beyond Developer-First
Register Now
Cyber Resilience in Action: How IBM and Index Engines Deliver a Detection-to-Recovery Pipeline
Register Now
Passwordless Authentication: A Practical Approach to Modernizing Access
Register Now