Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies to deliver credential-stealing malware.

A major cyberattack on US medical supplies giant Stryker has resulted in thousands of devices being remotely wiped, after a pro-Iranian hacking group may have compromised the company’s Microsoft ...

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies into hiring North Koreans.

Insurers are rewarding organizations that use AI to strengthen their defenses, while growing more cautious with those whose AI use introduces new risks.

The attack is described as not ‘smash-and-grab ransomware’, but ‘strategic, disciplined, and optimized for maximum leverage.’ ...

As identity environments grow more complex, access failures increasingly stem from decisions made without sufficient context ...

Unauthenticated password reset vulnerability in widely deployed enterprise switching hardware carries a near-maximum severity score.

Patched vulnerabilities in Ivanti Endpoint Manager and Cisco Catalyst SD-WAN are under attack, according to the US security agency, which added reporting requirements to its previous Cisco directive.

We’re running million-dollar production lines on ancient software because no one wants to risk a shutdown, but ignoring that "time bomb" is becoming way too risky.

A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, ...

Zero trust works well in enterprise IT. In IoT and OT environments, its assumptions quietly fail. And failure often occurs in ways defenders don’t see until after an incident.

In 2025, hackers stopped using muskets and started using AI machine guns. If your defense strategy still relies on manual human response, you're already a casualty.