Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server.

Vulnerabilities in Nvidia Riva could allow hackers to abuse speech and translation AI services that are typically expensive.

Threat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation ...

The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.

Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes.

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.

The National Institute of Standards and Technology (NIST) has selected a fifth algorithm (HQC) to add to its PQC portfolio.

The House of Representatives has passed a bill aimed at requiring federal contractors to have a Vulnerability Disclosure Policy (VDP). The House of Representatives has passed a bill aimed at requiring ...

Organizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM. Amid the government-led push toward more secure ...

A UK government analysis of current best practices for OSS and supply chain risk management finds weaknesses in current ...

US officials said they have not determined who was behind an apparent cyberattack on the social media platform X.

Zoom has patched five vulnerabilities in its Workplace and Rooms applications, including four high-severity flaws.