Amazon Q VS Extension Flaw Leads to Cloud Credential Theft

Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.

Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.

New Initiative Tackles Security for End-of-Life Open Source Software

The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regulatory compliance.

AI Decline? Confidence in Autonomous Penetration Testing Falls

Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.

Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions

Cisco joins a growing list of security platform providers who are betting that securing the agentic workforce means turning identity into the primary control plane.

In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw

The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.

EdTech Attackers Shift From Schools to Their Software Suppliers

Educational institutions, the edtech companies they rely on, and, more concerningly, the challenges they pose for schools are the focus of the latest Reporters' Notebook video series.