Cybersecurity news, vulnerabilities, data breaches, and security best practices.
Attackers are actively exploiting CVE-2026-0625 (CVSS 9.3) in legacy D-Link DSL routers that reached end-of-life in 2020, with no patches forthcoming.
New interagency report provides implementation guidance for federal agencies and cloud providers to protect identity tokens from forgery and theft, addressing recent high-profile attack techniques.
Coordinated browser updates for Chrome 144 and Firefox 147 address critical sandbox escape and code execution bugs, with no evidence of exploitation in the wild.
Microsoft's first Patch Tuesday of 2026 addresses 114 vulnerabilities including one actively exploited zero-day in Desktop Window Manager tracked as CVE-2026-20805.
CISA launched CPG 2.0, aligning with NIST CSF 2.0 framework, introducing a new "Govern" function for executive accountability, and consolidating IT/OT security goals for clearer, actionable guidance.
Federal agencies must patch CVE-2026-20805 by February 3, 2026 after CISA confirmed active exploitation of the Windows Desktop Window Manager vulnerability.
Hackers claim to have stolen precise location data for millions of smartphone users from data broker Gravy Analytics, exposing the risks of location tracking.