Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

Oracle has confirmed suffering a data breach but the tech giant is apparently trying to downplay the impact of the incident.

The State Bar of Texas is notifying thousands of individuals that their personal information was stolen in a February ransomware attack.

A critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise.

Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild ...

The notorious cybercrime group Hunters International is dropping ransomware to focus on data theft and extortion.

US and allied countries warn of threat actors using the “fast flux” technique to change DNS records and hide malicious servers’ locations. Threat actors are employing a technique known as ‘fast flux’ ...

An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data.

Cisco fixes two high-severity denial-of-service vulnerabilities in Meraki devices and Enterprise Chat and Email.

Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one ...

GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected.

Less than two dozen cybersecurity merger and acquisition (M&A) deals were announced by security firms in March 2025.