CISA’s 2025-2026 International Strategic Plan aims to strengthen external partnerships to reduce risks to critical infrastructure relied on in the US

Outages are inevitable. Our focus should be on minimizing their scope, addressing underlying causes, and understanding that protecting systems is about keeping bad actors out while maintaining stability and reliability.

The benefits of a multi-cloud approach can only be fully enjoyed with proper oversight of one’s data and a clear plan for disaster recovery

With a lack of cybersecurity awareness training resources for all employees, organizations are more susceptible to being breached or falling short when it comes to preventing threats.

A new variant of the sophisticated attacker tool gives cybercriminals even more control over victim devices to conduct various malicious activities, including fraud and cyber espionage.

The U.S. and multiple global law enforcement agencies have exposed “Operation Magnus,” targeting malware networks RedLine Stealer and META.

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

The LiteSpeed Cache vulnerability allows administrator-level access, risking security for over 6 million WordPress sites

The new FakeCall variant uses advanced vishing tactics, featuring Bluetooth for device monitoring

In a major security update, Apple has fixed dozens of bugs and vulnerabilities across its operating systems and services

CISA warns of critical Apple vulnerabilities with updates released on October 28, 2024. Users must apply updates to enhance security and functionality.

The company's data loss prevention platform integrates with AI to help customers identify and classify data across SaaS and GenAI applications, endpoints, and emails.

A national security memorandum on artificial intelligence tasks various federal agencies with securing the AI supply chain from potential cyberattacks and disseminating timely threat information about them.

The Russian-backed group is using a novel access vector to harvest victim data and compromise devices in a large-scale intelligence-gathering operation.

In a vengeful move against the happiest place on Earth, the former employee allegedly used his old credentials to make potentially deadly changes.

Despite the absence of laws specifically covering AI-based attacks, regulators can use rules around fraud and deceptive business practices to fight AI-based fraud and deepfakes.

ITRC data finds 81% of US small businesses have suffered a data or security breach over the past year

Transform AI proof-of-concepts into full-scale implementations