%20(1).jpg?w=1140&resize=1140,855&ssl=1 "25 Security Vulnerabilities That Have Defined the 2020s (Thus Far)")
Welcome to vulnerability management’s big bang. If it feels like your security team is running a marathon on a treadmill set to a permanent incline of 12.0 with 50lb sandbags tied around each ankle, you’re in good company. We have… Read More "25 Security Vulnerabilities That Have Defined the 2020s (Thus Far)"
Attackers use AI to increase velocity, scale and sophistication. Just as AI is improving, so will attackers’ use of it. GreyVibe is one to watch. GreyVibe, a previously undocumented threat actor, is described by WithSecure as a Russia-nexus group. The… Read More "Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks"
Ravie LakshmananMay 28, 2026Vulnerability / Open Source A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is… Read More "Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code"
Cybercriminals go after people’s personal information across every kind of online platform, including WhatsApp, Instagram, LinkedIn, Roblox, YouTube and Spotify, not to mention finance apps. No online account is off the table. If one of your own accounts falls victim,… Read More "A quick guide to recovering a hacked account"
Most cybersecurity professionals have higher confidence in CISOs if they have experienced a major cyber-attack or cybersecurity incident, an industry poll has revealed. Published by cybersecurity certification body ISC2, the research asked 796 people working in cybersecurity for their views… Read More "Cybersecurity Staff Prefer CISOs With Real Attack Response Experience"
In August 2023, while thousands of students at William Jewell College were hauling mini-fridges and textbooks into dorms, the invisible, digital heart of the campus was flatlining. There was no internet. No email. Even the HVAC system, tied to a… Read More "Surviving a LockBit Ransomware Attack: The ROI of Visibility"
For nearly a decade, the Pentagon was warned—by its own contractors, analysts, and intelligence agencies—that anyone with a credit card could buy a map of where American troops sleep, work, and store nuclear weapons. Now the bill has come due… Read More "The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are"
AI security and governance startup Geordie today announced raising $30 million in a Series A funding round that brings the total raised by the company to $36.5 million. Founded in early 2025, London-based Geordie has built a platform that helps… Read More "Geordie Raises $30 Million for AI Security and Governance Platform"
Ravie LakshmananMay 28, 2026Vulnerability / Endpoint Security Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. “The campaign abused trusted endpoint management infrastructure to deliver malware across… Read More "Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer"
The CrowdStrike-led takedown, conducted alongside Google and the Shadowserver Foundation, disrupted infrastructure linked to the campaign that had poisoned hundreds of repositories with malicious packages targeting developers. A day after the takedown, in an independent development, the OSV database withdrew… Read More "GlassWorm falls, but the repo problem is far from solved"
