Illinois Representative Delia Ramirez has been appointed as the top Democrat on the House Homeland Security Committee's Cybersecurity and Infrastructure Protection Subcommittee, replacing Eric Swalwell following his resignation from Congress.
Google blocked 8.3 billion ads and suspended 24.9 million advertiser accounts in 2025 using Gemini AI, as cybercriminals increasingly leverage generative AI to run sophisticated malvertising campaigns at scale.
Splunk has released security fixes addressing a high-severity remote code execution vulnerability tracked as CVE-2026-20204 in Splunk Enterprise and Cloud Platform, along with several other flaws across its product lineup.
Microsoft is investigating why this month's KB5082063 security update is failing to install on certain Windows Server 2025 systems, with affected machines reporting error code 0x800F0983.
National Cyber Director Sean Cairncross confirmed Wednesday that additional executive orders are expected as the Trump administration moves to implement its national cybersecurity strategy published last month.
NIST has announced it will only enrich CVE records that meet specific priority criteria, abandoning its longstanding goal of processing every submitted vulnerability as submission volumes grow exponentially.
Overwhelmed by a growing flood of vulnerabilities, NIST has announced it will limit in-depth CVE analysis to those in CISA's known exploited vulnerabilities catalog, federal government software, and critical software under Executive Order 14028.
More than 30 WordPress plugins in the EssentialPlugin package were secretly backdoored in August 2025 following an acquisition, with the malicious code recently activated to generate spam pages, redirects, and fake content.
A newly identified malware family called AgingFly is being deployed against Ukrainian local governments, hospitals, and Defense Forces personnel, stealing credentials from Chromium browsers and WhatsApp. Ukraine's CERT team attributed the campaign to threat cluster UAC-0247.
A critical unauthenticated vulnerability in Nginx UI's Model Context Protocol endpoint is being actively exploited in the wild, enabling attackers to fully take over web servers without credentials. Over 2,600 publicly exposed instances remain potentially vulnerable.