CLFS zero-day. LDAP critical RCEs. RDS critical RCEs. Hyper-V critical RCE.
CLFS zero-day. LDAP critical RCEs. RDS critical RCEs. Hyper-V critical RCE.
In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 967k unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum.
Sustainability risk management (SRM) is a business strategy that aligns profit goals with a company’s environmental, social and governance (ESG) policies.
Google’s latest Android update fixes 62 flaws, including two zero-days previously used in limited targeted attacks
NIST marks CVEs pre-2018 as “Deferred” in the NVD as agency focus shifts to managing emerging threats
Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack surface against ransomware.
Explore how AI is transforming cyber defense, evolving from traditional firewalls to real-time intrusion detection systems.
Armis survey reveals that the growing threat of nation-state cyber-attacks is disrupting digital transformation
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog
At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought:
In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that must implement and protect it has changed radically. This has greatly expanded the “attack surface” that must be defended to prevent unauthorized wiretaps, especially at scale. The job of the illegal eavesdropper has gotten significantly easier, with many more options and opportunities for them to exploit. Compromising our telecommunications infrastructure is now little different from performing any other kind of computer intrusion or data breach, a well-known and endemic cybersecurity problem. To put it bluntly, something like Salt Typhoon was inevitable, and will likely happen again unless significant changes are made…