Guides, playbooks, and learning resources to level up your cybersecurity knowledge and keep your organization secure.
Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security decisions.
All the flaws could have also been found by an elite human researcher, according to Mozilla.
Lotus Wiper hit Venezuela’s energy sector in late 2025, exploiting pre-Windows 10 1803 systems, wiping drives and crippling operations.
The campaigns focus on financial organizations, including cryptocurrency, venture capital, and blockchain entities.
Toxic combinations form when AI agents, integrations, or OAuth grants bridge SaaS apps into trust relationships no single admin authorized.
Microsoft says that an ongoing Universal Print sharing issue that prevents users from creating some printer shares is due to a Microsoft Graph API code change.
A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery.
Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware.
CVE-2026-40372 scores 9.1 due to cryptographic flaw in ASP.NET Core 10.0.0–10.0.6, risking SYSTEM access.
The company released 481 new security patches across 28 product families, including over 300 fixes for remotely exploitable, unauthenticated flaws.
Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability.
Updated LOTUSLITE targets India banking sector via CHM and DLL side-loading, expanding espionage campaign to South Korea and U.S. policy circles.
