The polyfill.io domain was acquired by a Chinese company and began injecting malware into over 100,000 websites, exposing fundamental weaknesses in how we trust third-party CDN dependencies.
Microsoft pulls Windows Recall from the upcoming Copilot+ PC launch after security researchers demonstrate alarming vulnerabilities in the feature’s data storage.
RSA Conference 2024 kicks off in San Francisco with AI dominating every conversation. But beneath the marketing buzz, there are real security challenges emerging that practitioners need to face.
A critical Jenkins vulnerability allows arbitrary file reads through the CLI. Here’s why this matters more than your typical CVE and what it reveals about CI/CD security.
The LockBit ransomware attack on ICBC’s US operations disrupted Treasury market trading and exposed critical vulnerabilities in financial infrastructure.
The MGM Resorts cyberattack that started with a phone call is a stark reminder that the most sophisticated defenses can be undone by human vulnerability.
A new Intel CPU vulnerability called Downfall exposes sensitive data through speculative execution, and the performance impact of mitigations is significant.
The MOVEit Transfer vulnerability has now impacted hundreds of organizations worldwide — a stark reminder that managed file transfer tools remain critical and under-secured attack surfaces.