Cybersecurity Lessons For Leaders: Designing Resilience at Scale
“As an AI entrepreneur and cybersecurity leader, I’ve watched compliance frameworks struggle to keep pace with modern threats,” writes Nishant Sonkar, Global Cloud Compliance Lead…
Latest Cybersecurity News — Page 1299
View all →
Critical FortiWeb flaw under attack, allowing complete compromise
Critical FortiWeb flaw under attack, allowing complete compromise Pierluigi Paganini November 14, 2025 A Fortinet FortiWeb auth-bypass flaw is being actively exploited, allowing attackers to…
The researcher’s desk: CVE-2025-59287 – Blog Detectify
Welcome to The researcher’s desk – a content series where the Detectify security research team conducts a technical autopsy on vulnerabilities that are particularly interesting,…
Multiple Cisco Unified CCX Vulnerabilities Enable Arbitrary Command Execution by Attackers
Cisco has disclosed critical security vulnerabilities affecting Cisco Unified Contact Center Express (Unified CCX) that could enable unauthenticated, remote attackers to execute arbitrary commands, escalate…
Threat Actors Leverage JSON Storage Services to Host and Deliver Malware Via Trojanized Code Projects
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors abuse legitimate JSON storage services to deliver malware to software developers. The campaign, known as…
Cybercriminals Use Fake Invoices to Deploy XWorm and Steal Login Credentials
Cybercriminals are deploying sophisticated phishing campaigns that weaponize seemingly legitimate invoice emails to distribute Backdoor.XWorm is a dangerous remote-access trojan (RAT) capable of stealing sensitive credentials,…
A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn
A suspected (but currently unidentified) zero-day vulnerability in Fortinet FortiWeb is being exploited by unauthenticated attackers to create new admin accounts on vulnerable, internet-facing devices.…
Your passport, now on your iPhone. Helpful or risky?
Apple has launched Digital ID, a way for users in the US to create and present a government-issued ID in Apple Wallet using their passport information.…
Google backpedals on new Android developer registration rules
Google is backpedaling on its decision to introduce new identity verification rules for all developers, stating that it will also introduce accounts for limited app…
Hackers Flooded npm Registry Over 43,000 Spam Packages Survived for Almost Two Years
Security researcher Paul McCarty uncovered a significant coordinated spam campaign targeting the npm ecosystem. The IndonesianFoods worm, as it has been named, consists of more…
Formbook Malware Campaign Uses Malicious ZIP Files and Layered Scripting Techniques
A new campaign leveraging Formbook malware has emerged, showcasing sophisticated multi-stage infection tactics that underscore the importance of analyzing more than just executable files during…
Ransomware’s Fragmentation Reaches a Breaking Point While LockBit Returns
Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. 1,590 victims disclosed across 85…