Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched. A critical vulnerability, tracked as CVE-2025-24000 (CVSS of 8.8) in the Post SMTP WordPress plugin, used by 400k sites, allows full site takeover. The plugin Post SMTP is an email delivery plugin that allows site owners […]

Hackers compromised the GitHub account of freelance talent marketplace Toptal, gaining access to their entire repository of software, then injected malware into popular NPM packages.

Accessing the entire repository of a company to push malware via updates is a goal many hackers aspire to. If that company also happens to have a lot of popular software, the target is that much more enticing.

According to a Bleeping Computer report, hackers took over Toptal’s GitHub account and immediately set 73

The man, who died roughly 3,800 years ago, may have been a prominent military leader and was buried in an elaborate fashion.

Scattered Spider targets VMware ESXi in North America using social engineering, mainly fake IT help desk calls instead of software exploits. The cybercrime group Scattered Spider (aka 0ktapus, Muddled Libra, Octo Tempest, and UNC3944) is targeting VMware ESXi hypervisors in retail, airline, and transportation sectors across North America. According to Google’s Mandiant team, the group […]

Picture this: you’ve hardened every laptop in your fleet with real‑time telemetry, rapid isolation, and automated rollback. But the corporate mailbox—the front door for most attackers—is still guarded by what is effectively a 1990s-era filter.
This isn’t a balanced approach. Email remains a primary vector for breaches, yet we often treat it as a static stream of messages instead of a dynamic,

We are pleased to openly share our pledges and the progress we are making in each of the seven core pillars of product security in the Secure by Design framework