Enterprise Security Tech

When VulnCheck first reported active exploitation of CVE-2025-24893 in late October, the attacks appeared to stem from a small number of opportunistic actors abusing exposed XWiki servers. Two weeks later, that has changed dramatically.According to new Canary Intelligence  data from VulnCheck, exploitation has exploded across the internet, attracting everything from crypto-miners and botnets to custom-built scanning tools and manual intrusion attempts. From Niche Exploit to

Black Friday has always been a hacker’s holiday. But according to new research from Forcepoint , this year’s threats are more advanced—and more convincing—than ever. Cybercriminals are now wielding artificial intelligence to clone legitimate shopping sites, mimic trusted retailers, and launch phishing campaigns that are virtually impossible to distinguish from the real thing. Forcepoint’s Findings: AI Turns Holiday Scams into Precision Attacks Forcepoint analysts say AI has f

Anthropic’s revelation that hackers linked to China allegedly used its Claude AI system to automate attacks against roughly 30 organizations has ignited one of cybersecurity’s most polarizing debates yet: can artificial intelligence truly orchestrate espionage on its own—or is this another case of overhyped “AI panic” masking a deeper failure of model governance? The Rise of the AI Operator According to Anthropic, the attackers disguised themselves as cybersecurity researcher

In the fast-moving world of cybersecurity operations, the tension between ingesting more telemetry and keeping budgets under control has become acute. For years, organizations have felt forced into a trade-off: either accept spiraling data-storage costs or curtail log ingestion and risk creating blind spots. Enter Securonix’s newly launched Data Pipeline Manager (DPM) with its “Flex Consumption” model—a move that aims to flip that script. A Shift in the SIEM Economics Based

For years, even the most mature software supply chain security programs have had a glaring blind spot — firmware. The low-level code running beneath operating systems on routers, MRI machines, industrial controllers, and countless other devices has remained largely opaque to security teams. That changes with a new partnership between Manifest  and NetRise , promising what the companies call the first unified, end-to-end view of software and firmware risk. Closing the Loop Bet

In this exclusive Q&A, Ngaire Guzzetti, Technical Director at CyXcel , discusses the widening trust gap between enterprises and their vendors—and why it’s putting resilience on the line. From fragmented oversight to the rise of AI-driven threats, Guzzetti unpacks how organizations can rebuild trust, strengthen accountability, and modernize risk management in an increasingly interconnected world. Your recent research found that a third of U.S. risk managers don’t fully trust t