CISA adds an actively exploited SolarWinds Web Help Desk RCE flaw to KEV, ordering federal agencies to patch by February 2026 ...

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.

Docker patched a critical Ask Gordon AI flaw enabling code execution and data theft via malicious image metadata in version 4 ...

Live webinar explains how modern SOCs decide what to build, buy, or automate to reduce tool sprawl and improve outcomes.

Python infostealers are spreading from Windows to macOS via Google Ads, ClickFix lures, and fake installers to steal credentials and financial data.

Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware.

Cloud outages expose identity systems as critical failure points, turning infrastructure disruptions into major business continuity risks.

Mozilla will release Firefox 148 with a new settings toggle that lets users completely turn off all current and future generative AI features.

Rapid7 links China-linked Lotus Blossom to a 2025 Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked updates, fixed in v8.8.9 ...

AI browsers can be hijacked through prompt injection, turning assistants into insider threats. Learn how these exploits work ...

Ten identity security predictions for 2026 covering AI governance, passwordless access, decentralized identity, IoT, and post ...

Open VSX supply chain attack hijacked VS Code extensions delivered GlassWorm malware stealing macOS, crypto, and developer ...