With NIST's National Vulnerability Database now triaging only a fraction of incoming CVEs, security teams must diversify beyond NVD while rethinking patch SLAs and risk scoring.
There's an all-too-common frustration that shows up in enterprise security survey results when the gap between a security team’s intentions and its execution leaves an opening for attackers to succeed.
Executives think their teams are fixing critical vulnerabilities. Their security practitioners disagree by 42 percentage points.
An analysis of the National Vulnerability Database's shift to risk-based triage and what it actually means for the people patching systems (first of a two-part analysis)
A new Dbt Labs survey of 363 data practitioners finds 72% are sprinting into AI-assisted coding while fewer than one in four invest in the pipeline controls that keep those outputs secure — and the practitioners closest to the data are more worried about it than their bosses.
IRGC-affiliated actors used legitimate engineering software to compromise American water, energy, and government systems. A new report ties the hacktivist ecosystem to Iranian intelligence, enabling them to communicate directly with Iranian intelligence.
Agentic AI will increasingly cut out humans in many management and operational decisions. These systems are designed to plan, decide, and act — continuously — without a human in every loop. Here's what that means for OT security.
Iran's proxies hacked the FBI director who vowed to hunt them down.
The tens of thousands of at-risk water utilities across this country are still out there — now slightly more aware of how exposed they are, which isn’t exactly progress.
Critical infrastructure organizations reported thousands of incidents in the covered period, and year-over-year data shows a roughly 180% increase in the exploitation of vulnerabilities as an initial access path, concentrated heavily on edge devices and remote access infrastructure.
The Office of the Director of National Intelligence’s 2026 Annual Threat Assessment (ATA) highlights escalating risks to the U.S. from China, Russia, Iran, North Korea, and aggressive ransomware actors, emphasizing pre-positioning in key systems for potential disruption during crises.
The Purdue Model has long been the GuideStar for securing factories, power plants, and water systems: layer your sensors at the bottom, controllers above, and tie it all to enterprise IT at the top with firewalls segmenting between. Simple. Effective. Or so the industry told itself.
Many medical devices have expected lifespans measured in decades, and the majority of connected medical devices currently in use wouldn't meet the FDA's latest cybersecurity standards if submitted for approval. Adversaries have noticed.
The bring-your-own-device (BYOD) dimension carries implications well beyond Stryker.
While Iranian drones were taking out Amazon's data centers in the Gulf, Tehran's hackers were already inside U.S. banks, airports, and defense networks — and they got there weeks before the first missile flew.
Ransomware events surged 55% in 2025, supply chain attacks widened the blast radius, and nation-state actors showed up. New data from Health-ISAC shows why the health sector's security problem continues to grow.
