News • Insights • Analysis
Instagram says that although some users received suspicious-looking password reset requests, it has not been breached. That seemingly contradicts a Friday Bluesky post from antivirus software company Malwarebytes, which shared a screenshot of an email from Instagram informing users of Read More …
A maximum-severity bug in the popular automation platform n8n has left an estimated 100,000 servers wide open to complete takeover, courtesy of a flaw so bad it doesn’t even require logging in. The vulnerability, uncovered by researchers at security outfit Read More …
Business continuity plans are lagging behind the speed and complexity of modern cyberattacks, according to Eric Schmitt (pictured), chief information security officer at Sedgwick. “In most cases, it is not,” Schmitt said, when asked whether current business continuity frameworks are Read More …
In Q3 2025, the percentage of ICS computers on which malicious objects were blocked decreased from the previous quarter by 0.4 pp to 20.1%. This is the lowest level for the observed period. Regionally, the percentage of ICS computers on which Read More …
A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using Read More …
The National Motor Freight Traffic Association, Inc. (NMFTA)™ announced the release of its 2026 Transportation Industry Cybersecurity Trends Report, the latest annual assessment of cyber threats, adversary tactics, and resilience trends shaping the future of freight and logistics in North Read More …
Multifunction printers (MFPs) do far more than print. They scan, email, fax, store, and authenticate. That convenience comes with risk. Our latest report, Understanding Multifunction Printer (MFP) Security within the Enterprise Business Environment, from Rapid7’s Deral Heiland, Principal Security Researcher Read More …
eact is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the low-skilled threat actors to execute malicious code (RCE) on vulnerable instances. Earlier this Read More …
A fundamental challenge with large language models (LLMs) in a security context is that their greatest strengths as defensive tools are precisely what enable their offensive power. This issue is known as the dual-use dilemma, a concept typically applied to Read More …
As a Common Vulnerability and Exposure (CVE) Numbering Authority (CNA), ENISA is authorised to assign CVE Identifiers (CVE IDs) and to publish CVE Records for vulnerabilities discovered by or reported to EU CSIRTs, in line with their dedicated coordinator roles Read More …
