You can now nominate vulnerabilities for CISA’s KEV with this form
CISA seeks to engage the wider community to more quickly identify active exploitation.
20 articles
CISA seeks to engage the wider community to more quickly identify active exploitation.
Chris Walker, a spokesperson for Trump Mobile, stated that the company is investigating the exposure and has not found evidence of financial information bein...
The vulnerabilities added are CVE-2025-34291, an origin validation error in Langflow with a CVSS score of 9.4, and CVE-2026-34926, a directory traversal flaw...
Cisco patches critical 10.0 API flaw in Secure Workload platform.
Malwarebytes has identified a phishing scheme circulating on Facebook that preys on individuals aged 40 and above.
State officials emphasized that the State and Local Cybersecurity Grant Program (SLCGP) provided essential aid to local governments, many of which lack dedic...
Here’s how to harden the teams identity security to defend against the rising tide of AI agents.
The Trapdoor campaign initially distributed seemingly legitimate utility apps, such as PDF readers, through the Google Play Store.
ADAMnetworks estimates about 42% of domains could be abused using the technique.
Security researchers discovered an open Elasticsearch instance belonging to Wahlap, a prominent arcade game manufacturer that collaborates with industry gian...
While the Google Cloud Platform console indicates immediate deletion, researchers found that keys take an average of 16 minutes to become fully inactive, wit...
Showboat is believed to be utilized by Chinese-affiliated threat actors, with command-and-control infrastructure linked to Chengdu, China.
First VPN marketed itself on Russian-speaking cybercrime forums as a reliable tool for anonymity, offering features like anonymous payments and concealed inf...
The vulnerabilities affect GeForce, RTX, Quadro, Tesla, and NVS product lines, as well as vGPU and Cloud Gaming software.
A GitHub leak exposed CISA credentials, sparking concerns over secrets management and leadership.
The investment, led by Thrive Capital with participation from Andreessen Horowitz and Capital One Ventures, brings Socket's total funding to $125 million.
As reported by CyberScoop, Microsoft has released two new open-source tools, Rampart and Clarity, designed to enhance the security of agentic AI development ...
The suspect allegedly used information-stealing malware between 2024 and 2025 to infect user devices, aiming to steal browser sessions and account credentials.
The vulnerability, CVE-2024-12802, allows threat actors to bypass MFA on SonicWall Gen6 SSL-VPN appliances by using a specific user principal name (UPN) logi...