Qualys VP Alex Kreilein explains why counting vulnerabilities fails and how VEX-enhanced SBOMs enable true risk operations ...

A critical flaw in legacy D-Link DSL routers lets unauthenticated attackers run commands and hijack DNS, with active ...

In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple ...

As 2025 ends, global security is defined by a systemic shift. The year underscores a critical question — can democracies adapt to a new era of conflict?

The popular tool for creating no-code workflows has four critical vulnerabilities, one with the highest score. Admins should ...

An aardvark works in an office typing at a desktop PC while happy human workers mill about in the background. Credit: VentureBeat made with ChatGPT Positioned as a scalable defense tool for modern ...

This disclosure is provided to ensure transparency regarding the author’s professional background and potential biases. The author has maintained both collaborative and contentious relations with DJI, ...

India is considering new smartphone security rules that would require device makers to allow government access to source code for “vulnerability analysis.” It would also require companies to notify ...

Cloud environments are dynamic by design. New identities are created, policies adjusted, and workloads deployed or retired several times a day. Yet many organizations continue to rely on scanning and ...

A vulnerability in SmarterTools’ SmarterMail platform could lead to remote code execution on vulnerable mail servers.

SlowMist has issued a public security alert about HitBTC after failing to receive any response under responsible disclosure.