Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

​During the second day of Pwn2Own Berlin 2026, competitors collected…

Funnel Builder WordPress plugin bug exploited to steal credit cards

A critical vulnerability in the Funnel Builder plugin for WordPress…

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has…

Expired domain leads to supply chain attack on node-ipc npm package

A popular npm package called node-ipc has been compromised, with…

The Boring Stuff is Dangerous Now

AI agents capable of discovering and exploiting obscure vulnerabilities are…

BadSuccessor After Patch: Using dMSAs for Credential Theft and Lateral Movement in AD

Akamai researchers evaluated Microsoft’s patch for the BadSuccessor vulnerability (CVE-2025-53779)…

Amazon has stopped 1,800 job applications from North Korean agents

Amazon’s chief security officer Stephen Schmidt writes that since April…

How CISOs Can Strengthen Supply Chain Security in 2025

The responsibilities of Chief Information Security Officers (CISOs) are rapidly…

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday…

Microsoft Defender for Office 365 Gets Enhanced Threat Dashboard

Microsoft has announced significant transparency improvements for its email security…

The Boring Stuff is Dangerous Now

AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt […]