​Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and “patch everything in time” stopped working years ago. Stop betting the org on winning that… Read More »Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

​The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and… Read More »Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

​Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted… Read More »Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

​Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb… Read More »New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

​Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims’ systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed… Read More »Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

​Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has… Read More »Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

​The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of… Read More »Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

​The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per… Read More »Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

​Most organizations now recognize that endpoint protection alone is no longer sufficient. That’s why adoption of endpoint detection and response (EDR) has accelerated rapidly in recent years. Organizations understand that… Read More »How Leading Organizations Are Turning EDR Into Operational Resilience