Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices
SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025
Reports provide structured accounts of cyber incidents, vulnerabilities, and controls, helping readers assess security risks and responses.
Search across headline titles and summaries.
Background for this topic.
A report is a documented account of an event, investigation, assessment, or analysis, supported by evidence and presented for others to review. In information security, the term commonly covers incident findings, vulnerability research, threat-intelligence assessments, audit results, and surveys of security practices. A useful report states its scope, methods, evidence, timeframe, and level of confidence rather than presenting conclusions without context.
Reports help practitioners prioritize remediation, validate controls, and improve incident response, but their details require careful interpretation. A vulnerability report should identify affected versions, exploit conditions, and mitigation steps; an incident report should distinguish confirmed facts from assumptions and protect sensitive personal or investigative data. Threat reports may contain indicators of compromise that need verification before being used in detection systems. Reports used for compliance or executive decisions should preserve a clear evidence trail, since incomplete scope, outdated findings, or undisclosed conflicts can lead to misplaced security priorities.
SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025
GenAI Chooses Insecure Code Nearly Half the Time, Veracode FindsThere's been little improvement in how well AI models handle core security decisions, says a report from application security company Veracode. Large language models introduce vulnerabilities in nearly half of test cases when asked to complete secure code tasks, it found.
Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks
Spikes in attacker activity precede the disclosure of vulnerabilities 80% of the time, according to a new GreyNoise report
US court docs reveal that infamous Chinese snoops filed IP papers like tax returns Security researchers have uncovered more than a dozen patents for offensive cybersecurity tools filed by Chinese companies allegedly tied to Beijing's Silk Typhoon espionage crew.…
AI Tools Detect Breaches Quicker but Shadow AI Causes Breaches, TooOrganizations are detecting data breaches more quickly and paying less to remediate them, says IBM's new "Cost of a Data Breach Report 2025." Some caveats apply, with U.S. organizations experiencing higher breach costs. Breach fallout from shadow AI is also rising.
IBM report shows a rush to embrace technology without safeguarding it, and as for governance... Organizations rushing to implement AI are neglecting security and governance, IBM claims, with attackers already taking advantage of lax protocols to target models and applications.…
Senator Declines to Lift Hold on Trump's CISA Nominee Without Clear TimelineThe U.S. Cybersecurity and Infrastructure Security Agency plans to release a report on telecom vulnerabilities exploited in the Salt Typhoon cyberespionage campaign to help move along President Donald Trump's nomination to lead the agency - but Sen. Ron Wyden still intends to delay the vote.
A SentinelLabs report has revealed patents linked to firms aiding China's cyber-espionage operations, exposing new capabilities
Google’s Project Zero team will provide limited details of new vulnerabilities early following discovery, in a bid to speed up end users’ patching
AI is reshaping vCISO services—and SMBs are fueling the surge. Cynomi's 2025 report shows 3x adoption growth and major workload drops as MSPs and MSSPs scale cybersecurity like never before. Learn more in the 2025 State of the vCISO Report. [...]
The security nerds' equivalent of the Epstein files saga The US Cybersecurity and Infrastructure Security Agency on Tuesday finally agreed to make public an unclassified report from 2022 about American telecommunications networks' poor security practices.…
The company has yet to report an exact number of how many individuals were impacted by the breach and plans to start the notification process around Aug. 1.
In what's the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal's GitHub organization account and leveraged that access to publish 10 malicious packages to the npm registry