U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security... Read more »

Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug

Threat actors are exploiting a recently disclosed vulnerability, tracked as CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls. Researchers warn that threat actors are exploiting a recently disclosed vulnerability, tracked as... Read more »

U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SimpleHelp vulnerability, tracked as... Read more »

China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws

China-linked APT Salt Typhoon has breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. China-linked APT group Salt Typhoon is still targeting telecommunications providers worldwide, and... Read more »

vCISOs are in high demand

Regardless of job title, 92% of executives stated they had some degree of confidence in their organization’s ability to meet compliance requirements and tackle advanced threats with current staff... Read more »

New GRC and cyber risk strategies emphasize risk adaptability

MetricStream has unveiled its annual forecast of key trends shaping the future of GRC and Cyber GRC. These 2025 predictions offer a roadmap for building resilience strategies, addressing emerging... Read more »

Threat actors are using legitimate Microsoft feature to compromise M365 accounts

Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) accounts. “While Device Code... Read more »

Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks

Threat actors are exploiting a zero-day SQL injection vulnerability in PostgreSQL, according to researchers from cybersecurity firm Rapid7. Rapid7 researchers discovered a high-severity SQL injection flaw, tracked as CVE-2025-1094,... Read more »

Grip Security unveils SSPM solution to strengthen SaaS security posture

Grip Security has unveiled its SaaS Security Posture Management (SSPM) solution, which proactively identifies misconfigurations, enforces best practices and strengthens SaaS security posture against emerging risks. Unlike traditional SSPM... Read more »

Gartner: CISOs struggling to balance security, business objectives

Read more »
Subscribe to our Newsletter