Why every CISO should demand a comprehensive Software Bill of Materials (SBOM)

A SBOM must be treated as a living document, updated with every code change, new release, or patch. Threat actors won't ...
The Hacker News

From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools

China-linked hackers exploited multiple CVEs in April 2025 to target global entities with advanced persistence.
Bleeping Computer

F5 releases BIG-IP patches for stolen security vulnerabilities

Cybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. The company disclosed today that state hackers breached its ...
CSO Online

Modern supply-chain attacks and their real-world impact

Supply-chain attacks have evolved considerably in the las two years going from dependency confusion or stolen SSL among ...

Cyberattack storm hits NMC: Over 2,000 hacking bids on servers in day

Nagpur: The Nagpur Municipal Corporation (NMC) found itself at the centre of a massive hacking attempt on October 28. Firewall data accessed by TOI re.
Futurism

Researchers Find Severe Vulnerabilities in AI Browser

A hype cycle as overwhelming and logic-defying as the AI boom comes with its own whirlwind succession of trends that are their own mini booms driven by billions of dollars of money. Once the world got ...
Bleeping Computer

F5 says hackers stole undisclosed BIG-IP flaws, source code

U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. The company states that it first became ...
Mint

Is it safe to use AI browsers like ChatGPT Atlas and Perplexity Comet? Researchers warn of major security vulnerability

The age of agentic AI-enabled browsers is here, with Perplexity's Comet and OpenAI's ChatGPT Atlas leading the charge, while others like Opera Neon and The Browser Company's Dia are also in the race.
Ars Technica

Cache poisoning vulnerabilities found in 2 DNS resolving apps

The makers of BIND, the Internet’s most widely used software for resolving domain names, are warning of two vulnerabilities that allow attackers to poison entire caches of results and send users to ...
CBS News

Cybersecurity order warns of "imminent risk" to federal agencies following possible breach

The Cybersecurity and Infrastructure Security Agency on Wednesday issued a sweeping emergency order directing all federal agencies to immediately patch critical vulnerabilities in certain devices and ...
heise online

Microsoft WSUS: Emergency Update Patches Critical Code Injection Vulnerability

On Friday morning, Microsoft released an emergency update for a critical security vulnerability in WSUS. An exploit has been spotted. Microsoft released an out-of-band update for Windows Server Update ...
CNN

Amazon’s global outage exposes major vulnerabilities to American life

It took a day without Amazon Web Services for Americans to realize how reliant the internet is on a single company. It’s not just that people couldn’t place mobile orders for coffee at Starbucks or ...