Security

The T-Mobile breach exposing 40+ million records highlights systemic failures in API security and data protection that the entire industry needs to address.

The Pegasus Project revelations expose industrial-grade zero-click exploits targeting journalists and activists — and raise uncomfortable questions about software supply chains.

The REvil ransomware group exploited Kaseya’s VSA platform to hit over 1,500 businesses simultaneously. This is what supply chain attacks look like at scale.

The Colonial Pipeline ransomware attack exposes how deeply intertwined our digital infrastructure has become with physical systems we take for granted.

Codecov’s compromised Bash Uploader script exposed CI/CD secrets for thousands of organizations, highlighting a systemic weakness in how we trust third-party tools in our build pipelines.

Attackers pushed malicious commits to PHP’s official Git repository, exposing the fragile trust model behind open-source supply chains.

Four zero-day vulnerabilities in Microsoft Exchange Server are being actively exploited at scale, and the fallout is only beginning.

Three months after the SolarWinds breach disclosure, the full scope is still unfolding and the implications for software supply chain security demand fundamental changes in how we build and deploy software.

WhatsApp’s updated privacy policy drives millions to Signal, highlighting the growing demand for privacy-respecting open-source alternatives.

The SolarWinds supply chain attack is a watershed moment for software security — and it has profound implications for how we build, ship, and trust code.

FireEye discloses that sophisticated attackers stole their red team tools. The implications for the security industry — and every organization using those tools — are serious.

A joint NSA/CISA advisory details 25 CVEs actively exploited by Chinese state-sponsored actors. The uncomfortable truth: most are well-known and patchable.