High tech was the most frequently targeted industry in Mandiant investigations in 2025, overtaking financial services which led in 2023 and 2024
CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns
Sysdig details how threat actors exploited a critical CVE in Langflow in less than a day
(first publication: 30 October 2024)
Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says
35% of security leaders working in the UK’s critical infrastructure said regulatory requirements are the primary influence on their security programs
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit
Rapid7 says median time from publication to CISA KEV inclusion dropped to five days
The Vidar 2.0 infostealers is deployed through fake free game cheats on GitHub and Reddit
Gartner has urged security teams to get involved in AI projects from the start to avoid costly incident response
The US Cyber Monitoring Center should be operational in 2027, said the UK CMC leadership
CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks
DNS-based attack in AWS Bedrock AgentCore lets AI sandboxes exfiltrate cloud data
A new law enforcement operation against phishing and ransomware operators led to the takedown of 45,000 malicious IP addresses
Operation Lightning sees international law enforcement partners shut down ‘SocksEscort,’ a major malicious proxy service used by cybercriminals worldwide
The critical vulnerability affecting both cloud and self-hosted n8n instances requires no authentication or even n8n account to be exploited
CISA issued urgent directive as attackers exploit Cisco SD-WAN flaw granting admin access to networks
French small and medium businesses remained the organizations most targeted by ransomware in 2025