News

Breach lingered for months before stronger signature checks shut the door

A state-sponsored cyber criminal compromised Notepad++'s update service in 2025, according to the project's author.…

Don't be scared of the digital dark – learn how to keep the lights on

Opinion  Barely a month into 2026, electrical power infrastructure on two continents has tested positive for cyberattacks. One fell flat as attempts to infiltrate and disrupt the Polish distribution grid were rebuffed and reported. The other, earlier attack was part of Operation Absolute Resolve, the US abduction of Venezuela's President Maduro from Caracas on January 3.…

Your cloud security must stand alone

Partner Content  As cloud adoption accelerates, many organizations are increasingly relying on the native security features offered by cloud service providers (CSPs). The ability to manage web application firewalls (WAF), data encryption, and key management (KMS) within a single provider ecosystem appears efficient and convenient. However, when security and reliability are viewed through the lens of enterprise risk management, this convenience may come at a significant cost.…

Also, South Korea gets a pentesting F, US Treasury says bye bye to BAH, North Korean hackers evolve, and more

Infosec in Brief  As if AI weren't enough of a security concern, now researchers have discovered that open-source AI deployments may be an even bigger problem than those from commercial providers. …

'I did not think it was going to happen to me, but here we are'

Nearly every company, from tech giants like Amazon to small startups, has first-hand experience with fake IT workers applying for jobs - and sometimes even being hired. …

Consider yourselves compromised, experts warn

Ivanti has patched two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product that are already being exploited, continuing a grim run of January security incidents for enterprise IT vendors.…