Cisco has disclosed a critical vulnerability in its IOS XE software that is being actively exploited in the wild to deploy persistent implants on enterprise routers and switches.
Apple has pushed emergency security updates for iOS, iPadOS, macOS, and Safari to address three WebKit zero-day vulnerabilities that have been exploited in highly targeted attacks against journalists and activists.
NIST has published its final guidance for federal agencies to complete migration to post-quantum cryptographic standards by 2030, with critical systems required to begin transition by end of 2026.
Toyota Motor Corporation has confirmed that a cyber attack on its supplier management system disrupted production at 12 manufacturing plants across Japan, North America, and Europe for approximately 48 hours.
Google's March 2026 Android security bulletin addresses 47 vulnerabilities, including three critical remote code execution flaws in the System component that could be exploited without user interaction.
Microsoft has launched an AI-powered autonomous threat hunting capability in Defender for Endpoint that continuously analyzes telemetry data to proactively identify and respond to sophisticated attacks without human intervention.
The UK government has announced new legislation requiring all IoT devices sold in the country to meet minimum cybersecurity standards, including a ban on default passwords and mandatory vulnerability disclosure programs.
Ukraine's CERT has reported a coordinated cyber attack against the country's energy infrastructure attributed to Russian APT group Sandstorm, involving new wiper malware designed to damage industrial control systems.
The Lazarus Group has been attributed to a $340 million theft from decentralized finance platform NexusVault after exploiting a smart contract vulnerability in the platform's cross-chain bridge.
A team of researchers from Tsinghua University claims to have factored a 2048-bit RSA key using a novel quantum algorithm on IBM's latest 1,121-qubit quantum processor, potentially threatening current encryption standards.
The U.S. Securities and Exchange Commission has charged four publicly traded companies with securities fraud for making materially misleading statements about cybersecurity incidents in their SEC filings.
Researchers have identified a series of malicious ChatGPT plugins that exploit the platform's OAuth implementation to steal users' third-party API keys, session tokens, and personal data.
A sophisticated supply chain attack attributed to Chinese state-sponsored group Jade Typhoon has compromised at least 8 major defense contractors through a trojanized update to a widely-used network management tool.
Google Project Zero has published a detailed analysis of a sophisticated exploit chain consisting of five vulnerabilities that was used to remotely compromise Android devices through a zero-click attack vector.
Researchers have demonstrated that GitHub Copilot can be manipulated to leak fragments of private repository code through carefully crafted prompt injection techniques embedded in public repositories.