Latest Cybersecurity News
View all →
GRC is broken. FedRAMP 20x might fix it
No established playbook.No previous iteration.No deeply embedded understanding of how this model actually behaved in practice. At the same time, we weren’t trying to approach…
Uncovering Hidden Attack Paths in Cloud Environments Using Runtime Signals
Getting comprehensive visibility into your cloud environment starts with agentless inventory and risk analysis. Wiz builds a complete picture of your attack surface and the…
We Need to Talk About Device Code Phishing
In February 2025, Russian threat actor Storm-2372 used Microsoft Teams meeting invite lures to deliver device code phishing messages, stealing victims’ authenticated sessions. In March 2026,…
Bluekit phishing kit adopts browser-in-the-middle for login theft
The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week, and by adding browser-in-the-middle (BitM) capabilities for improved…
25-Year-Old Vulnerability in curl Used by 30 Billion Devices Finally Patched
A critical security flaw lurking in curl for over 25 years has been patched, as part of a record-breaking security release that fixed 18 CVEs,…
The Moment Of Reliance: The Question Safety Governance Cannot Currently Answer
After a serious incident, the first question asked is rarely technical. It is not whether the equipment met a standard, nor whether a certificate existed,…
KnowBe4 awarded in the email security industry
KnowBe4, the human risk management platform, today announced it has been awarded ‘2026 Global Customer Value Leadership’ in the email security industry as part of…
ManageEngine AD360 Integrated Products Hit by Account Takeover Vulnerability
ManageEngine has disclosed a critical account takeover vulnerability, tracked as CVE-2026-11374, affecting various integrated products within its AD360 identity and access management suite. The flaw…
Suspected Cyberattack Sends Fake Emergency Alert to Phones Across Brazil
Last week, Brazil’s emergency alert system was taken offline after a suspected cyberattack sent fake warnings to phones across several regions. People in several parts…