CISA cybersecurity benchmarks received a major update for critical infrastructure. The Cybersecurity and Infrastructure Security Agency released Version 2.0 of its Cross-Sector Cybersecurity Performance Goals. The revision adds …
-
-
News & Resources
Phantom Stealer Malware Targets Russian Organizations Through ISO Phishing Campaigns
Phantom Stealer malware is proliferating through ISO phishing that targets Russian finance and accounting teams. Attackers send convincing payment confirmations to gain initial access. Seqrite Labs attributes the …
-
News & ResourcesCompliance & RegulationsSecurity Operations
CCPA Cybersecurity Audit Requirements: California’s New 2028 Compliance Deadlines
CCPA cybersecurity audit requirements are now final in California, establishing strict risk based obligations for covered businesses. The rules target organizations processing large volumes of personal or sensitive …
-
News & ResourcesCyber ThreatsPolicy FrameworkSecurity Operations
CISA Issues New UEFI Secure Boot Guidance Against Bootkit Threats
UEFI Secure Boot is the focus of new CISA and NSA guidance to strengthen bootkit malware protection across enterprise fleets. The December 2025 Cybersecurity Information Sheet directs organizations …
-
The ServiceNow Armis acquisition is reportedly in advanced talks at up to $7 billion, Bloomberg reported. An announcement could come soon. ServiceNow and Armis have not commented, and …
-
A Chromium 0-day vulnerability was added to CISA’s Known Exploited Vulnerabilities catalog after confirmed exploitation of CVE-2025-14174. The flaw in Chromium’s ANGLE layer enables out-of-bounds memory access via …
-
Pierce County Library data breach disclosures confirm an unauthorized actor accessed patron data affecting about 340000 Washington library users. The system is investigating with law enforcement and external …
-
React2Shell attacks are delivering varied malware across enterprise environments, moving quickly from initial access to full compromise. Early telemetry shows both opportunistic and targeted activity. Security teams should …
-
News & ResourcesApplication SecurityVulnerabilities & Exploits
Unpatched Gogs Zero-Day Vulnerability Exploited For Months In Wild Attacks
The Gogs Zero-Day Vulnerability is being exploited in real-world attacks against internet-exposed self-hosted Git servers, and it remains unpatched. Security teams should restrict exposure, apply compensating controls, and …
-
News & ResourcesVulnerabilities & Exploits
IBM Security Patches Address Over 100 Critical Vulnerabilities Across Products
IBM security patches address more than 100 vulnerabilities across multiple enterprise products in a coordinated release. The update spans core platforms, middleware, and cloud services. Security teams should …
Newer Posts