The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below – CVE-2025-32433 (CVSS score: 10.0) – A missing authentication for a critical
The White House put limits on cyber sanctions, killed the digital ID program, and refocused the government’s cyber activities to enabling AI, rolling out post-quantum cryptography, and promoting secure software design.
The White House put limits on cyber sanctions, killed the digital ID program, and refocused the government’s cyber activities to enabling AI, rolling out post-quantum cryptography, and promoting secure software design.
The AI company’s investigative team found that many accounts were using the program to engage in malicious activity around the world, such as employment schemes, social engineering, and cyber espionage.
Since at least December, the advanced persistent threat (APT) group has been using legit tools to steal data, dodge detection, and drop cryptominers on systems belonging to organizations in Russia.
During the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture.
CardinalOps’ report shows that organizations are struggling to keep up with the evolution of the latest threats while a significant number of detection rules remain non-functional.
The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025. “The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors,” security researchers Aleksandar Milenkoski and Tom
A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks. Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability…
AI coding tools promise productivity but deliver security problems, too. As developers embrace “vibe coding,” enterprises face mounting risks from insecure code generation that security teams can’t keep pace with.