Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
NPM open source breach
Crypto-Stealing Code Slips Into NPM
September 12, 2025
Josh Junon, a software developer and maintainer, revealed on social media this week that his account had been compromised and 18 of his popular JavaScript packages tampered with. The malicious updates injected code designed to…
Read More >
Docker Desktop container security
Docker Desktop Flaw Exposes Hosts to Privilege Escalation
September 08, 2025
Containers are a highly important security boundary used in countless contexts to isolate an environment from other applications on the operating system. The container environment, such as a sandbox, works toward a variety of purposes,…
Read More >
Black Duck embedded software supply chain AI
AI Risks and Supply Chain Demands Redefine the Future
September 06, 2025
The embedded software industry is in the middle of a major reset. According to Black Duck’s State of Embedded Software Quality and Safety 2025 report, AI tools are changing how code is written, tested, and…
Read More >
Workday social engineering breach
Workday Breach Highlights Expanding Wave of Social Engineering Attacks
September 02, 2025
Social engineering, while an age-old tactic of cybercriminals, is by no means outdated or ineffective in modern environments. Threat actors continue to rely on deceptive methods and take advantage of the human element to cause…
Read More >
OT security Dragos
The Hidden Cost of OT Cyber Disruption
September 01, 2025
Operational technology has become a prime target for cyberattacks, and the stakes are growing. These are the systems behind factories, power grids, and transit networks. When they fail, the disruption spreads well beyond the IT…
Read More >
ransomware credentials data exfiltration
Why Credential Theft and Data Exfiltration Are Outpacing Ransomware
August 29, 2025
Due to the constant evolution of the threat landscape, the common reputation of ransomware is no longer representative of reality. While many think of ransomware solely as hackers compromising and encrypting sensitive files in order…
Read More >
certificates post quantum cryptography
47-Day Certificates and Quantum Computing: Why Crypto Agility Can’t Wait
August 29, 2025
Digital trust is now entering one of the most disruptive periods in its history. Two forces are converging that will redefine how organizations secure their data and transactions: The radical shortening of SSL/TLS certificate lifespans…
Read More >
Erlang/OTP
Critical Erlang/OTP SSH Flaw Actively Exploited, OT Networks in Crosshairs
August 26, 2025
Attackers are now actively exploiting a critical flaw in Erlang/OTP’s SSH implementation (CVE-2025-32433), with most activity targeting operational technology (OT) environments. The flaw, which enables arbitrary code execution in the context of the SSH daemon,…
Read More >
Russia breach federal court system
Russia Suspected in Years-Long Breach of Federal Court System
August 25, 2025
Companies and government institutions alike have long been on the alert for cyber incidents motivated by foreign interests. In an environment like the geopolitical landscape of the past several years, especially, major cyberattacks from overseas…
Read More >
Exchange server vulnerabilities
Tens of Thousands of Exchange Servers Still Unpatched, Leaving Cloud Domains at Risk
August 22, 2025
In April, Microsoft disclosed CVE-2025-53786, a high-severity flaw in on-premises Exchange Server that can give attackers a direct route to compromising connected Microsoft cloud environments. Four months later, more than 29,000 Exchange servers exposed to…
Read More >
GPT-5 ChatGPT jailbreak
Researchers Expose GPT-5 Jailbreak Flaws, Outperformed by Hardened GPT-4o
August 19, 2025
In the massive AI explosion of the past several years, AI companies and developers are constantly attempting to improve the performance and capabilities of their products. OpenAI recently announced the release of its newest LLM,…
Read More >
BeyondTrust non-human identities identity security
BeyondTrust Shines a Light on Secrets and Non-Human Identity Risks
August 18, 2025
With constant technological advances, changing privacy standards and regulatory enforcement, and efforts to meet consumer demand for streamlined experiences, the identity landscape is quite different from what it once was, and still evolving. The growth…
Read More >
Menlo Security GenAI phishing deepfake risk
Menlo Security Reveals How GenAI Tools Are Reshaping Work—and Risk
August 16, 2025
Generative AI is reshaping how people work. In January 2025 alone, Menlo Security recorded 10.53 billion visits to AI-related websites. That’s a 50% jump from just 11 months earlier. And most of that activity—an estimated…
Read More >
CISO budgets
Cybersecurity Under Constraint: CISOs’ Budget Growth Hits Five-Year Low
August 13, 2025
IANS Research and Artico Search recently published the 2025 Security Budget Benchmark Report, based on data collected between April and August of this year. The report aims to help security leaders by providing expert insights…
Read More >
cloaking-as-a-service CaaS
How AI Is Helping Cybercriminals Evade Detection—and What Defenders Can Do About It
August 11, 2025
In recent years, the industry of cybercrime-as-a-service has been growing in popularity as threat actors continue to find ways to lower the level of investment—of time, labor, and skill—required to get their attacks up and…
Read More >
Sudo vulnerabilities
Sudo Vulnerabilities Expose Millions of Linux Systems to Privilege Escalation
August 07, 2025
Sudo is a foundational utility in Unix and Linux systems that allows users to execute commands with elevated privileges. It serves as a core mechanism for enforcing administrative boundaries, supporting system operations, package management, and…
Read More >
Allianz data breach
Allianz Life Breach Exposes PII of 1.4 Million Customers in Social Engineering Attack
August 05, 2025
Allianz Life Insurance has experienced a catastrophic data breach affecting the personally identifiable information (PII) of 1.4 million customers, professionals, and employees of the company. The breach occurred via a social engineering attack that compromised…
Read More >
Flashpoint global threat intelligence index
Why Identity, Infrastructure, and Intelligence Now Define Security
August 01, 2025
Security platform and services provider Flashpoint recently published the Flashpoint Global Threat Intelligence Index: 2025 Midyear Edition, a companion and update to the earlier 2025 Global Threat Intelligence Report. The threat landscape has always experienced…
Read More >
Subscribe for the Latest News
Webinars
Is Your Security Built for Today’s World?
Register Now
Cloud Ransomware Tabletop: Unpacking an Attack from Detection to Recovery
Register Now
The 4 Levels of Cloud Cyber Resilience: Where Does Your Organization Stand?
Register Now