Exploitation of CVE-2025-40551, an RCE flaw affecting SolarWinds Web Help Desk, appears to be spreading, and defenders are on high alert.

CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was previously used in zero-day attacks.

Once deployed on corporate networks, AI agents can become every threat actor's fantasy. Lesson one for cybersecurity pros: limit privileges.

Hackers have already published a fake Visual Studio Code extension that impersonates the assistant under its former name, ...

Discover Microsoft’s holistic SDL for AI combining policy, research, and enablement to help leaders secure AI systems against ...

A new cybersecurity report has revealed that hackers exploited the Notepad++ updater to conduct a months-long targeted ...

Container security incidents remain a routine problem for software teams, and many of the day-to-day choices developers make to keep Java services easy to build and troubleshoot can increase security ...

How AI and agentic AI are reshaping malware and malicious attacks, driving faster, stealthier, and more targeted ...

IoT penetration testing is a security assessment of the complete IoT ecosystem, from backend systems and cloud services to mobile devices and hardware. It involves a multi-stage simulated attack on ...

This case study examines how vulnerabilities in AI frameworks and orchestration layers can introduce supply chain risk. Using ...

The Model Context Protocol (MCP) has quickly become the open protocol that enables AI agents to connect securely to external tools, databases, and business systems. But this convenience comes with ...

Adversaries are adopting a more precise approach to supply chain compromise. Organizations need to rethink what “secure ...