NIST's updated password guidelines eliminate forced expiration and complexity rules. Here's how to enforce strong Active Directory passwords without driving users to workarounds.
7-Eleven confirms data breach after ShinyHunters demanded $250K ransom. Over 600,000 Salesforce records allegedly stolen from franchise application systems.
Immigration law platform DocketWise confirms data breach affecting 143,480 people. SSNs, passport numbers, and medical information compromised via cloned repositories.
Attackers compromised DigiCert's support portal via malicious chat attachment, stealing EV code signing certificates. 11 certificates used to sign Zhong Stealer malware.
CVE-2024-12802 lets attackers bypass MFA on SonicWall Gen6 VPNs even after patching. Ransomware operators actively exploiting incomplete fixes. Gen6 reached EOL April 16.
Critical CVE-2026-48172 in LiteSpeed cPanel plugin enables root privilege escalation. CVSS 10.0, actively exploited, CISA KEV deadline May 29. Patch immediately.
Varonis joins 27 other security vendors integrating Anthropic's Claude Compliance API, enabling enterprises to monitor AI conversations, detect data leaks, and enforce governance policies in real time.
New ransomware group Payload uses Babuk-derived code to target Windows and VMware ESXi systems. 12 victims across 7 countries within hours of launching leak site.
North Korea's Lazarus Group uses RemotePE, a fileless RAT that executes entirely in RAM, to target DeFi platforms. The group has stolen $577M in crypto this year alone.
CVE-2026-48095 in 7-Zip allows attackers to execute arbitrary code through malicious NTFS images. CVSS 8.8 - update to v26.01 immediately.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.