The security vendor silently patched a vulnerability, but did not assign the flaw a CVE or publicly disclose its existence until 17 days later. By then, widespread…

Researchers say the nation-state attacker could cause more serious problems with the BIG-IP source code it nabbed during the attack on F5’s systems.

Each day without reauthorization erodes the trust, coordination, and shared visibility that have underpinned the resilience of America’s most critical systems.

The security vendor’s customers have confronted a barrage of actively exploited defects since 2021. The brute-force attack on a company-controlled system underscores broader security pitfalls are afoot.

Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise.

The agency, which issued an emergency directive to federal agencies Thursday, said it took months to determine the root cause and mitigate the activity.

The company confirmed to CyberScoop that an unidentified cybercriminal accessed SonicWall’s customer portal through a series of brute-force attacks.

It also builds on previous efforts to promote “secure by design” principles in AI systems and tools.

As the state responded to a pro-Iranian attack, officials tell CyberScoop that it avoided reaching out to the federal agency, partly because it has been “politicized and…

The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.