Security reports may have long names, but they are powerful lenses for evaluating endpoint security. Use them together to build a balanced view of protection, detection, and response so you can …

Microsoft closed 2025 with a December Patch Tuesday that fixes 56 vulnerabilities across Windows and related products, including one actively exploited flaw and two zero-days. Three issues are rated …

Vendors are rushing out critical patches after severe flaws in Fortinet, Ivanti, and SAP products were found to enable authentication bypass and remote code execution. Fortinet Affected products: …

A single booby-trapped Zoom invite was all it took. After malware hijacked a hedge fund executive’s email, fraudsters green-lit $8.7 million in fake invoices—an attack that helped sink Levitas …

Storm-0249 is moving beyond its initial-access-broker roots and refining a stealthy toolkit to enable ransomware operations. Recent analysis from ReliaQuest highlights a pivot to domain spoofing, …

North Korea-linked threat actors are exploiting React2Shell, a critical React Server Components (RSC) flaw tracked as CVE-2025-55182 (CVSS 10.0), to deliver a newly uncovered remote access trojan …

Zero Trust promises a smaller attack surface and faster threat response, but many teams struggle to implement it because security tools don’t reliably share signals. According to Accenture, 88% of …

Cybercriminal service growth: four distinct threat clusters are now using CastleLoader, reinforcing evidence that GrayBravo is operating a malware-as-a-service model. Who is GrayBravo Tracked by …

Identity has become the new network boundary—and attackers know it. Recent ransomware hits on UK retailers M&S and Co‑op reportedly began with vishing that harvested helpdesk passwords, providing …

Overview ESET Research uncovered a refined MuddyWater campaign primarily against Israeli organizations, with one confirmed target in Egypt. The Iran‑aligned APT (also known as Mango Sandstorm/TA450) …