Security News > 2025 > April

Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow...

Perforce Software announced its latest platform update for Puppet Enterprise Advanced, designed to streamline DevSecOps practices and fortify enterprise security postures. This release...

There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server...

As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for...

In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and...

Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID...

Shadow IT isn’t just a security risk, it’s a legal one. When teams use unsanctioned tools, they can trigger compliance violations, expose sensitive data, or break contracts. Let’s look at where...

Email is still the top way attackers get into organizations. Now, big players like Google, Yahoo, and Microsoft are cracking down. They’re starting to require email authentication, specifically...

New research from EY US shows that cyber attacks are creating serious financial risks. C-suite leaders don’t always agree on how exposed their companies are or where the biggest threats come from....

School IT admins are doing tough, important work under difficult conditions. From keeping Wi-Fi stable during exams to locking down systems from phishing emails, their job is part technician, part...