CVE-2025-55182 React vulnerability could soon be exploited – so patch now

eact is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the low-skilled threat actors to execute malicious code (RCE) on vulnerable instances. Earlier this Read More …

The Dual-Use Dilemma of AI: Malicious LLMs

A fundamental challenge with large language models (LLMs) in a security context is that their greatest strengths as defensive tools are precisely what enable their offensive power. This issue is known as the dual-use dilemma, a concept typically applied to Read More …

European Union Agency for Cybersecurity (ENISA) becomes a Common Vulnerabilities and Exposures (CVE) Program-Root

As a Common Vulnerability and Exposure (CVE) Numbering Authority (CNA), ENISA is authorised to assign CVE Identifiers (CVE IDs) and to publish CVE Records for vulnerabilities discovered by or reported to EU CSIRTs, in line with their dedicated coordinator roles Read More …

Louvre used ‘Louvre’ as password for its video surveillance system

At the time of the brazen heist of $102 million in jewels from the Louvre last month, the password to the world-famous museum’s video surveillance system was simply “Louvre,” according to a museum employee with knowledge of the system. The Read More …

Key Emerging Cybersecurity Threats and Challenges for 2025 and Beyond

The global threat landscape is undergoing an unprecedented transformation. Organizations are facing dizzying levels of complexity, driven by rapid technological innovation, the widespread adoption of artificial intelligence, and the expected disruptive effects of quantum computing. At the same time, shifting Read More …

Germany: Cyber Security in Road Transport 2025

Information technology has been part of modern vehicles for a long time already: connected services, AI-based assistants and over-the-air updates are standard in many vehicle models – and with autonomous driving functions the complexity grows further. Cyber security is of Read More …

Cyber’s Focus On Prevention Hasn’t Worked, Making Cyber Resilience Elusive

We’ve spent decades chasing the illusion of “perfecting prevention.” The industry has poured billions into digital walls, endpoint solutions, SIEM, SOAR and user awareness training—all to build a world in which breaches don’t happen. However, that world doesn’t exist. The Read More …

Denmark energy cyber attack highlights infrastructure security gaps

November 2023 saw an unprecedented cyber attack on Denmark’s energy infrastructure. In a co-ordinated breach of 22 companies, criminal gangs gained access to industrial control systems. Investigators believe at least one of the attackers was acting on behalf of a Read More …

Malicious Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025)

In this previous blog, Fortiguard Labs highlighted a growing trend in the use of open source software (OSS) repositories as channels for malware distribution in supply chain security. With the continued reliance on third-party packages in development workflows, threat actors Read More …

Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN

In late July 2025, Arctic Wolf observed an increase in ransomware activity targeting SonicWall firewall devices for initial access. In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall Read More …