(Adobe Stock)

CISA orders federal agencies to patch GeoServer flaw

Steve ZurierDecember 12, 2025

Experts point out that our adversaries now use GeoServer to collect intelligence data.

RESOURCES

Identity
Securing the AI-first enterprise: Access controls for AI agents and non-human identities
Email security
Beyond the inbox: Defending against sophisticated email threats in the era of cloud and AI
Identity
Phishing-resistant authentication is taking off
Government security
ICIT Gala & Benefit 2025: Funding non-partisan research to strengthen critical infrastructure
CSPM
Beyond CSPM: Building real-time, resource-optimized security strategies

PODCASTS

Vulnerability Management
Disney Gone Wild, Docker, AIs, Passkeys, Gogs, React2Shell, Notepad++, Josh Marpet… – SWN #537
Network Security
Tech Segment: MITM Automation + Security News – Josh Bressers – PSW #904
Cloud Security
Salesforce Security Risks, Boards Duty of Care, and Managing CISO Risks – Justin Hazard – BSW #425
Vulnerability Management
Hypnotoad, AI Galore, Storm-0249, DocuSign, Broadside, Goldblade, Aaran Leyland… – SWN #536
Application security
Making OAuth Scale Securely for MCPs – Aaron Parecki – ASW #360

FEATURED

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

(Credit: daily_creativity – stock.adobe.com)

AI/ML

OpenAI lays out its plan for major advances in AI cybersecurity features

Laura FrenchDecember 12, 2025

The ChatGPT maker says it’s using a combination of training, detection and red teaming to prevent misuse.

DevSecOps

Gogs Git service zero-day exploited since Dec. 1

Steve ZurierDecember 11, 2025

A patch hasn’t been released yet – here are five tips for security pros.

North Korea digital technology flag cyber background. North Korean banner cyberattack and espionage concept illustration.

Vulnerability Management

North Korea-linked ‘EtherRAT’ backdoor used in React2Shell attacks

Laura FrenchDecember 11, 2025

The malware retrieves C2 addresses from Ethereum smart contracts to avoid takedowns.

Critical Infrastructure Security

US charges Ukrainian for pro-Russia critical infrastructure attacks

Steve ZurierDecember 10, 2025

In a rare case, the FBI aims to bring a nation-state-backed cybercriminal to justice.

AI/ML

Google addresses ‘GeminiJack’ exploit affecting Gemini Enterprise

Laura FrenchDecember 10, 2025

An indirect prompt injection could have exfiltrated data from emails, documents or calendars.

Vulnerability Management

React2Shell lands on CISA’s KEV list: patch right away!

Steve ZurierDecember 9, 2025

10.0 RSC flaw actively exploited in the wild by China-based threat groups within hours of public disclosure leads the pack for December's Patch Tuesday.

(Credit: Postmodern Studio – stock.adobe.com)

Ransomware

DocuSign phishing ranks as top inbox threat, analysis finds

Laura FrenchDecember 9, 2025

DocuSign was the most impersonated brand among phishing emails that bypassed secure email gateways.

Ransomware

Total ransomware payments surpass $4.5 billion since 2013

Steve ZurierDecember 8, 2025

Even though there was a drop in 2024, the pace of ransomware payments accelerated.

Cybersecurity News, Awards, Webinars, eSummits, Research

CISA orders federal agencies to patch GeoServer flaw

RESOURCES

PODCASTS

FEATURED

Perspectives Spotlight: Expert Insights

Get daily email updates

Perspectives

How the ‘Lethal Trifecta’ sets the conditions for stealing data on command

AI code is creating security bottlenecks faster than it’s solving them

Fight evolving bots by focusing on API security

4 security mistakes that could tank your holiday sales

Why identity has become the path to cloud security

In Brief

MITRE ATT&CK Evaluations results bared

LastPass hit with 1.2 million fine after 2022 data breach

Trump signs AI executive order, legality challenged

Salt Typhoon hackers reportedly part of Cisco training scheme

Google patches trio of Chrome security bugs

More Resources

From admin-led maintenance to policy-as-code: Re-architecting Salesforce governance for security

Salesforce security in a shared-responsibility world: Catching misconfigurations and drift before they become breaches

Why workforce password management is non- negotiable

From classrooms to command posts: The cyber education crisis

We’re the federal government, and we’re (maybe) no longer here to help

OpenAI lays out its plan for major advances in AI cybersecurity features

Gogs Git service zero-day exploited since Dec. 1

North Korea-linked ‘EtherRAT’ backdoor used in React2Shell attacks

US charges Ukrainian for pro-Russia critical infrastructure attacks

Google addresses ‘GeminiJack’ exploit affecting Gemini Enterprise

React2Shell lands on CISA’s KEV list: patch right away!

DocuSign phishing ranks as top inbox threat, analysis finds

Total ransomware payments surpass $4.5 billion since 2013

EVENTS

SASE’s Role In Securing AI Adoption

Beyond the SEG: Rethinking Email Security for the Modern Enterprise

The Rise of Shadow AIT: From Blind Spots to Real-Time Insight

Beyond MFA: Securing the human element with identity threat detection

Mainframe security at a crossroads: Meeting upcoming MFA compliance deadlines