Cybersecurity news, vulnerabilities, data breaches, and security best practices.
The NSA released Phase One and Phase Two Zero Trust Implementation Guidelines, providing 152 structured activities across multiple maturity levels for federal and defense organizations.
Adobe's February 2026 Patch Tuesday addresses 44 vulnerabilities across nine product advisories, with no evidence of active exploitation.
SAP released 26 new security notes on February 10, 2026, including two critical vulnerabilities in CRM, S/4HANA, and NetWeaver platforms.
CISA added six actively exploited Microsoft zero-day vulnerabilities to its Known Exploited Vulnerabilities catalog following Microsoft's February 2026 Patch Tuesday, with federal agencies required to patch by March 3.
Apple releases security updates across all platforms to address CVE-2026-20700, a memory corruption vulnerability in dyld exploited in highly targeted attacks.
Microsoft's February 2026 Patch Tuesday addresses 58 vulnerabilities including six actively exploited zero-days affecting Windows, Office, and other core products.
Microsoft releases emergency out-of-band update for actively exploited Office vulnerability bypassing security controls.
US cybersecurity agency mandates federal agencies patch CVE-2026-21509 by February 16, 2026.
Over 70% of organizations experienced software supply chain security incidents in 2025, with attacks hitting record levels in October and increasingly targeting CI/CD pipelines.
Redis Enterprise Software version 7.2 reaches end of support on February 28, 2026, requiring organizations to upgrade to newer versions to continue receiving security patches.
Cisco Duo CA bundle expires April 15, 2026, requiring action before deadline.
React released security patches in versions 19.2.4 and 19.1.5 to address denial-of-service vulnerabilities in Server Components, following the disclosure of multiple deserialization issues.