Enterprise Security Tech

According to research from Simcha Kosman, a senior cyber researcher at CyberArk Labs , a critical remote code execution flaw in Apache bRPC  has put a spotlight on a class of debugging features that quietly sit inside many production systems, rarely scrutinized until something goes wrong. Tracked as CVE-2025-60021 and scored at a near-maximum CVSS 9.8, the vulnerability affects all versions of Apache bRPC prior to 1.15.0. It stems from a command injection issue in the framew

The future of enterprise security is supposed to be autonomous. AI agents negotiate contracts, move money, write code, and respond to incidents at machine speed. But according to a new industry survey, the foundation those agents depend on is still riddled with legacy systems that attackers already know how to exploit. That tension sits at the center of The Identity Underground Annual Pulse 2026 , a new report drawing on survey data and candid commentary from more than 150 id

The Everest ransomware crew is once again claiming a marquee victim, this time alleging it has siphoned a vast trove of customer data from Under Armour and leaked it onto a cybercrime forum. If verified, the incident would rank among the largest retail data exposures in recent memory and highlight how modern ransomware campaigns can linger long after an initial intrusion. The scale of the alleged breach comes from Have I Been Pwned , which says it ingested data tied to 72.7

A massive trove of stolen login credentials, totaling nearly 150 million unique usernames and passwords, was recently found sitting exposed on the open internet, underscoring just how industrialized and fragile the modern credential theft ecosystem has become. The cache, uncovered by cybersecurity researcher Jeremiah Fowler at ExpressVPN , contained more than 149 million records and roughly 96 gigabytes of raw data. The database was neither encrypted nor protected by a passwo

Browser extensions were once treated as a mild nuisance in the security threat model. That era is over. Over the past few months, browser based attacks have accelerated in scale and ambition, shifting from opportunistic scams to coordinated campaigns that quietly compromise millions of users. In December 2025 , a set of linked extension driven attacks exposed gaps across Chrome, Edge, and Firefox, ultimately impacting nearly nine million users. Weeks later, researchers uncove

A critical security flaw in SmarterTools’ SmarterMail email platform is being actively exploited just days after a fix was released, underscoring how quickly attackers are now able to dissect patches and weaponize them against unprepared organizations. The issue, tracked initially by watchTowr Labs as WT-2026-0001, was disclosed to SmarterTools on January 8 and patched on January 15 with SmarterMail Build 9511. Within 48 hours, evidence emerged that attackers had already begu