Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server.

Vulnerabilities in Nvidia Riva could allow hackers to abuse speech and translation AI services that are typically expensive.

Threat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation ...

The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.

Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes.

The National Institute of Standards and Technology (NIST) has selected a fifth algorithm (HQC) to add to its PQC portfolio.

A UK government analysis of current best practices for OSS and supply chain risk management finds weaknesses in current ...

US officials said they have not determined who was behind an apparent cyberattack on the social media platform X.

Zoom has patched five vulnerabilities in its Workplace and Rooms applications, including four high-severity flaws.

Fortinet has published 17 new advisories to inform customers about 18 vulnerabilities patched in its products.

The existence of Volt Typhoon came to light in May 2023, when Microsoft reported that the group, which the tech giant linked ...