Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have only days to prepare defenses.

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure ...

Microsoft just fixed two critical Office vulnerabilities that can be triggered simply by previewing a file in Outlook. No double-clicking or macros required.

Unauthenticated password reset vulnerability in widely deployed enterprise switching hardware carries a near-maximum severity score.

According to X user Dark Web Informer, a cybercriminal known as Kamirmassabi recently posted an ad on an underground hacking forum, offering to sell a zero-day ...

Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows ...

Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues.

A Windows Remote Desktop exploit is reportedly being sold on the dark web for $220,000, but Microsoft already patched the flaw.

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups ...

CISA has expanded the Known Exploited Vulnerabilities catalog with three bugs targeted by the nation-state-grade Coruna iOS exploit kit.