2026 Phishing Threat Predictions: 5 Key Takeaways
As organizations prepare for another year of highly sophisticated, AI-driven email threats, Cofense’s 2026 Phishing Threat Predictions webinar brought together experts Joshua Bartolomie, Max...
CVE-2025-55182 (React2Shell): Remote code execution in React Server Components and Next.js
Learn more about the CVE-2025-55182 vulnerability affecting React Server Components and affecting Next.js. - Read more
’Tis the Season to Be Cyber-Wary: How Thales Protects Against Account Takeover During Peak...
The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush...
Seasonal Surge: Why HR Phishing Peaks in Q4 and the Seven Themes Behind It
By: Jacob Malimban, Intelligence TeamQ3 and Q4 of each year tend to see the most Human Resources (HR) task-related phishing threats, but the specific...
Intellexa’s Global Corporate Web
The author, Julian-Ferdinand Vögele, thanks Amnesty International's Security Lab for its ongoing reporting on the Intellexa and Predator spyware ecosystem. Today,...
The Maturity Gap: The Next Frontier in Threat Intelligence
The Maturity Gap: The Next Frontier in Threat Intelligence ...
UNC1549 Critical Infrastructure Espionage Attack
A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across Europe and other regions. The threat actor...
Inside the CopyCop Playbook: How to Fight Back in the Age of Synthetic Media
Key Takeaways CopyCop is scaling AI-driven influence operations globally. The Russian influence network known as CopyCop has created more...
Decreasing Certificate Lifetimes to 45 Days
Let’s Encrypt will be reducing the validity period of the certificates we issue. We currently issue certificates valid for 90 days, which will be...
CVE-2025-61757: Imperva Customers Protected Against Critical Oracle Identity Manager Authentication Bypass Leading to Remote...
At the end of October 2025, Oracle released an emergency security alert addressing CVE-2025-61757, a high-severity authentication-bypass flaw that enables remote code execution in the Identity Manager...
Latest article
Oracle PeopleSoft Zero-Day
What is the Attack? Google Threat Intelligence Group (GTIG) and Mandiant...
Mistic Backdoor Blends With Microsoft Endpoint Security Tooling to Evade Detection
A new and stealthy backdoor named Mistic has been quietly targeting corporate networks since April 2026, disguising itself using the names and appearance of...
Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs
Amazon Web Services (AWS) recently announced support for resource-based policies and resource control policies (RCPs) for AWS Sign-In. By using resource-based policies and RCPs,...
Healthcare Vendor Xsolis Reports Breach Affecting 1.4M People
Xsolis confirmed a healthcare data breach affecting nearly 1.4 million people after a phishing attack exposed health and identity data.
The post Healthcare Vendor Xsolis...
