Life Without CVEs? It’s Time to Act
Despite all MITRE has done for cybersecurity, it is clear we should not wait 11 months to discuss the future…
May 2025
SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be…
Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures
Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented…
MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware
The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage…
Welcoming the Isle of Man Government to Have I Been Pwned
Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device. Today we welcome the…
Welcoming the Isle of Man Government to Have I Been Pwned
Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device. Today we welcome the…
Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware
The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an…
API Threat Trends: How Attackers Are Exploiting Business Logic
As businesses rely more on APIs, attackers are quick to turn that trust into opportunity. Among the most dangerous and…
‘Lemon Sandstorm’ Underscores Risks to Middle East Infrastructure
The Iranian state-backed group targeted the operational technology of a critical national infrastructure (CNI) network and persisted in its network…
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable…