Duke University & GCF Partner to Identify Pathways for Advancing Women’s Careers in Cybersecurity

The intelligence-gathering cyber campaign introduces the novel HazyBeacon backdoor and uses legitimate cloud communication channels for command-and-control (C2) and exfiltration to hide its malicious activities.

China officially rolled out a voluntary Internet identity system to protect citizens’ online identities and personal information, but critics worry about privacy and surveillance.

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. “Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,” Next.js said in…

Some members of Congress seem more intent on grabbing headlines than actually working to make America more cyber secure.

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and

Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications. “Laravel’s APP_KEY, essential for encrypting sensitive data, is often leaked publicly (e.g., on GitHub),” GitGuardian said. “If attackers get access to this key, they can exploit a deserialization flaw…