Palo Alto Networks
One-time SMS links that never expire can expose personal data for years
Online services often treat one-time links sent by text message as low-risk conveniences. A new study shows that these links can expose large amounts of personal data for …
When the Olympics connect everything, attackers pay attention
Global sporting events bring a surge of network traffic, new systems, and short term partnerships. That mix draws attention from cyber threat actors who see opportunity in …
QR codes are getting colorful, fancy, and dangerous
QR codes have become a routine part of daily life, showing up on emails, posters, menus, invoices, and login screens. Security-savvy users have learned to treat links with …
Formal proofs expose long standing cracks in DNSSEC
DNSSEC is meant to stop attackers from tampering with DNS answers. It signs records so resolvers can verify that data is authentic and unchanged. Many security teams assume …
Cloud security is stuck in slow motion
Cloud environments are moving faster than the systems meant to protect them. A new Palo Alto Networks study shows security teams struggling to keep up with development cycles, …
Gainsight breach: Salesforce details attack window, issues investigation guidance
The number of Salesforce customers affected by the recent compromise of Gainsight-published applications is yet to be publicly confirmed, but Salesforce released indicators of …
Fake spam filter alerts are hitting inboxes
A new phishing campaign is attempting to trick users into believing they’ve missed important emails, security researchers are warning. The emails The bogus email alerts look …
CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)
CISA has added CVE-2025-21042, a vulnerability affecting Samsung mobile devices, to its Known Exploited Vulnerabilities (KEV) catalog, and has ordered US federal civilian …
Infosec products of the month: October 2025
Here’s a look at the most interesting products from the past month, featuring releases from: Acronis, Akeyless, Axoflow, Blumira, Cayosoft, Confluent, Corelight, Elastic, …
Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287)
Attackers have been spotted exploiting the recently patched WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers. An out-of-band …
Palo Alto Networks launches Prisma AIRS 2.0 to deliver end-to-end security across the AI lifecycle
Palo Alto Networks announced Prisma AIRS 2.0, a major platform upgrade that completes the native integration of recently acquired Protect AI to deliver a comprehensive AI …
Attackers target retailers’ gift card systems using cloud-only techniques
A newly uncovered attack campaign mounted by suspected Morocco-based attackers has been hitting global retailers and other businesses issuing gift cards. What makes this …
Featured news
Resources
Don't miss
- Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)
- Notepad++ supply chain attack: Researchers reveal details, IoCs, targets
- Why boards must prioritize non-human identity governance
- Open-source attacks move through normal development workflows
- Product showcase: 2FAS Auth – Free, open-source 2FA for iOS