Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix. More than 700 instances have been compromised in the ongoing attacks, according to Wiz researchers, who described...

Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience. 10 Dec 2025  •  , 7 min. read Skip to the next paragraph if your eyes glaze over at the long, long...

U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. On Tuesday,...

Happy December Patch Tuesday to all who celebrate. This month's patch party includes one Microsoft flaw under exploitation, plus two others listed as publicly known – but just 57 CVEs in total from Redmond. There's also a fix for a critical Notepad++ bug that,...

SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. The most severe (CVSS score: 9.9) of all the issues is CVE-2025-42880, a code injection problem impacting SAP...

The fear of AI agents running amok has thus far halted the wide deployment of these digital workhorses, Okta's president of Auth0, Shiv Ramji, told The Register. "It is security, privacy concerns like, OK are these systems ready? Do we have the right measures...

American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. Ivanti delivers system and IT asset management solutions to over...

Portugal has become the latest country to carve out protections for researchers under its cybersecurity law. The move increases pressure on the UK after a government minister admitted last week that the 35-year-old Computer Misuse Act needed updating to protect...

Is your organization’s senior leadership vulnerable to a cyber-harpooning? Learn how to keep them safe. 09 Dec 2025  •  , 5 min. read When a hedge fund manager opened up an innocuous Zoom meeting invite, he had little idea of the corporate carnage that was to...

Multiple ransomware gangs are using a packer-as-a-service platform named Shanya to help them deploy payloads that disable endpoint detection and response solutions on victim systems. Packer services provide cybercriminals with specialized tools to package their...