Programs like student-run SOCs can expand our cybersecurity workforce and better secure our public and private entities for when, not if, cyberattacks occur.

Cyberattackers target local and state agencies, a problem as the Trump administration cuts cybersecurity funds and culls workers at federal security agencies.

A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. “SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability…

Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn’t kept pace. Most organizations still rely on traditional reporting methods—static PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdated workflows introduce delays,

Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading…

Reports of disruptions at North American plants emerged earlier this week, though the nature of the attack on the tire manufacturer remains unclear.

New threat actor “GhostRedirector” is using a malicious IIS module to inject links that try to artificially boost search engine ranking for target sites.

The Nonprofit organization launched the Threat Handling Foundations Certificate amid mounting incident and breach disclosures.