Security List 2025- 2026 2025 2024 2023 2021 2020 2019 2018
DATE | NAME |
Info | CATEG. |
WEB |
| 31.12.25 | Microsoft Teams to let admins block external users via Defender portal | Microsoft announced that security administrators will soon be able to block external users from sending messages, calls, or meeting invitations to members of their organization via Teams. | Security | |
| 31.12.25 | Microsoft Teams strengthens messaging security by default in January | Microsoft Teams will automatically enable messaging safety features by default in January to strengthen defenses against content tagged as malicious. | Security | |
| 7.12.25 | New wave of VPN login attempts targets Palo Alto GlobalProtect portals | A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. | Security | |
| 7.12.25 | Cloudflare down, websites offline with 500 Internal Server Error | Cloudflare is down, as websites are crashing with a 500 Internal Server Error. Cloudflare is investigating the reports. | Security | |
| 7.12.25 | Microsoft 365 license check bug blocks desktop app downloads | Microsoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage. | Security | |
|
6.12.25 |
Microsoft Defender portal outage disrupts threat hunting alerts | Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities, including threat hunting alerts. | Security | |
| 30.11.25 | GreyNoise launches free scanner to check if you're part of a botnet | GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networks. | Security | |
| 30.11.25 | Tor switches to new Counter Galois Onion relay encryption algorithm | Tor has announced improved encryption and security for the circuit traffic by replacing the old tor1 relay encryption algorithm with a new design called Counter Galois Onion (CGO). | Security | |
| 30.11.25 | Code beautifiers expose credentials from banks, govt, tech orgs | Thousands of credentials, authentication keys, and configuration data impacting organizations in sensitive sectors have been sitting in publicly accessible JSON snippets submitted to the JSONFormatter and CodeBeautify online tools that format and structure code. | Security | |
| 28.11.25 | MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants | Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in | Security | The Hacker News |
| 8.11.25 | Microsoft removing Defender Application Guard from Office | Microsoft plans to remove Defender Application Guard from Office by December 2027, starting with the February 2026 release of Office version 2602. | Security | |
| 8.11.25 | OAuth Device Code Phishing: Azure vs. Google Compared | Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs' Live Hack to learn about attack techniques, defensive tactics, and get an Identity Security Assessment. | Security | |
| 3.11.25 | The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations | Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules | Security | The Hacker News |
| 3.11.25 | Why password controls still matter in cybersecurity | Passwords still matter — and weak policies leave the door wide open. Specops Software explains how longer passphrases, smarter banned-password lists, and adaptive rotation strategies can strengthen security without frustrating users. | Security | |
| 2.11.25 | Microsoft promises more Copilot features in Microsoft 365 companion apps | Microsoft 365 companion apps will be getting more Copilot features in the coming weeks. | Security | |
| 2.11.25 | Microsoft: DNS outage impacts Azure and Microsoft 365 services | Microsoft is suffering an ongoing DNS outage affecting customers worldwide, preventing them from logging into company networks and accessing Microsoft Azure and Microsoft 365 services. | Security | |
| 1.11.25 | Microsoft sued for allegedly tricking millions into Copilot M365 subscriptions | The Australian Competition and Consumer Commission (ACCC) is suing Microsoft for allegedly misleading 2.7 million Australians into paying for the Copilot AI assistant in the Microsoft 365 service. | Security | |
| 1.11.25 | Google Chrome to warn users before opening insecure HTTP sites | Google announced today that the Chrome web browser will load all public websites via secure HTTPS connections by default and ask for permission before connecting to public, insecure HTTP websites, beginning with Chrome 154 in October 2026. | Security | |
| 1.11.25 | Google says everyone will be able to vibe code video games | Google AI Studio product lead teased that everyone will be able to vibe code video games by the end of the year. | Security | |
| 1.11.25 | Microsoft: New policy removes pre-installed Microsoft Store apps | Microsoft now allows IT administrators to remove pre-installed Microsoft Store apps (also known as in-box apps) using a new app management policy. | Security | |
| 1.11.25 | A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do | A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. | Security | The Hacker News |
| 29.10.25 | Why Early Threat Detection Is a Must for Long-Term Business Growth | In cybersecurity, speed isn't just a win — it's a multiplier. The faster you learn about emerging threats, the faster you adapt your defenses, the less damage you suffer, and the more | Security | The Hacker News |
| 27.10.25 | How to reduce costs with self-service password resets | Password resets account for nearly 40% of IT help desk calls, costing orgs time and money. Specops Software's uReset lets users securely reset passwords with flexible MFA options like Duo, Okta, and Yubikey while enforcing identity verification to stop misuse. | Security | |
| 25.10.25 | Maximizing gateway security: Beyond the basic configuration | Gateways can do more than route traffic, they can also strengthen your entire security posture. Learn how NordLayer combines ZTNA, firewalls, and private gateways to secure hybrid teams and keep networks compliant. | Security | |
| 19.10.25 | VMware Certification: Your Next Career Power Move | VMware certification isn't just about passing exams — it's about mastering systems, proving expertise, and your career. Gain hands-on labs, discounts, and mentorship with VMUG Advantage to reach your next goal faster. | Security | |
|
11.10.25 |
Signal adds new cryptographic defense against quantum attacks | Signal announced the introduction of Sparse Post-Quantum Ratchet (SPQR), a new cryptographic component designed to withstand quantum computing threats. | Security | |
|
11.10.25 |
Gmail business users can now send encrypted emails to anyone | Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. | Security | |
|
5.10.25 |
How To Simplify CISA's Zero Trust Roadmap with Modern Microsegmentation | CISA says microsegmentation isn't optional—it's foundational to Zero Trust. But legacy methods make it slow & complex. Learn from Zero Networks how modern, automated, agentless approaches make containment practical for every org. | Security | |
| 4.10.25 | VMware Certification Is Surging in a Shifting IT Landscape | VMware certification is surging as IT teams face hybrid infra, cloud complexity, & rising risks. See how VMUG Advantage helps practitioners & enterprises turn certification into stronger security & measurable value. | Security | |
| 3.10.25 | Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security | Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in | Security | The Hacker News |
| 27.9.25 | GitHub tightens npm security with mandatory 2FA, access tokens | GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. | Security | |
| 27.9.25 | New EDR-Freeze tool uses Windows WER to suspend security software | A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft's Windows Error Reporting (WER) system. | Security | |
| 27.9.25 | Mozilla now lets Firefox add-on devs roll back bad updates | Mozilla has announced a new feature that enables Firefox extension developers to roll back to previously approved versions, allowing them to quickly address critical bugs and issues. | Security | |
| 17.9.25 | From Quantum Hacks to AI Defenses – Expert Guide to Building Unbreakable Cyber Resilience | Quantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation further and faster than | Security | The Hacker News |
| 13.9.25 | Signal adds secure cloud backups to save and restore chats | Signal has introduced a new opt-in feature that helps users create end-to-end encrypted backups of their chats, allowing them to restore messages even if their phones are damaged or lost. | Security | |
| 13.9.25 | Action1 vs. Microsoft WSUS: A Better Approach to Modern Patch Management | With WSUS deprecated, it's time to move from an outdated legacy patching system to a modern one. Learn from Action1 how its modern patching platform offers cloud-native speed, 3rd-party coverage, real-time compliance, and zero infrastructure. Try it free now! | Security | BleepingComputer |
| 12.9.25 | Microsoft now enforces MFA on Azure Portal sign-ins for all tenants | Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025. | Security | |
| 23.8.25 | Okta open-sources catalog of Auth0 rules for threat detection | Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. | Security | |
| 25.7.25 | Intel announces end of Clear Linux OS project, archives GitHub repos | The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. | Security | |
| 18.7.25 | UK launches vulnerability research program for external experts | UK's National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts. | Security | BleepingComputer |
| 5.7.25 | Microsoft: DNS issue blocks delivery of Exchange Online OTP codes | Microsoft is working to fix a DNS misconfiguration that is causing one-time passcode (OTP) message delivery failures in Exchange Online for some users. | Security | |
| 5.7.25 | Microsoft open-sources VS Code Copilot Chat extension on GitHub | Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license. | Security | BleepingComputer |
| 1.7.25 | Microsoft Removes Password Management from Authenticator App Starting August 2025 | Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. Microsoft's move is part of a much larger shift away from | Security | The Hacker News |
| 30.6.25 | Cloudflare open-sources Orange Meets with End-to-End encryption | Cloudflare has implemented end-to-end encryption (E2EE) to its video calling app Orange Meets and open-sourced the solution for transparency. | Security | |
| 30.6.25 | Let’s Encrypt ends certificate expiry emails to cut costs, boost privacy | Let's Encrypt has announced it will no longer notify users about imminent certificate expirations via email due to high costs, privacy concerns, and unnecessary complexities. | Security | BleepingComputer |
| 26.6.25 | The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience | SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate | Security | The Hacker News |
| 26.6.25 | How Today’s Pentest Models Compare and Why Continuous Wins | Legacy pentests give you a snapshot. Attackers see a live stream. Sprocket's Continuous Penetration Testing (CPT) mimics real-world attackers—daily, not annually—so you can fix what matters, faster. Learn why CPT is the future. | Security | BleepingComputer |
| 23.6.25 | Can users reset their own passwords without sacrificing security? | Self-service password resets (SSPR) reduce helpdesk strain—but without strong security, they can open the door to attackers. Learn why phishing-resistant MFA, context-aware verification, and risk-based detection are critical to secure SSPR implementation. | Security | |
| 23.6.25 | Microsoft to remove legacy drivers from Windows Update for security boost | Microsoft has announced plans to periodically remove legacy drivers from the Windows Update catalog to mitigate security and compatibility risks. | Security | |
| 22.6.25 | Microsoft unveils new security defaults for Windows 365 Cloud PCs | Microsoft has announced new Windows 365 security defaults starting in the second half of 2025 and affecting newly provisioned and reprovisioned Cloud PCs. | Security | BleepingComputer |
| 15.6.25 | Microsoft Edge now offers secure password deployment for businesses | Microsoft announced that a new Edge feature allowing employees to share passwords more securely in enterprise environments has reached general availability. | Security | BleepingComputer |
| 14.6.25 | ConnectWise rotating code signing certificates over security concerns | ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. | Security | BleepingComputer |
| 13.6.25 | ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks | ConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise | Security | The Hacker News |
| 3.6.25 | Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues | Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed | Security | The Hacker News |
| 3.6.25 | Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN | Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed | Security | The Hacker News |
| 1.6.25 | Getting Exposure Management Right: Insights from 500 CISOs | Pentesting isn't just about finding flaws — it's about knowing which ones matter. Pentera's 2025 State of Pentesting report uncovers which assets attackers target most, where security teams are making progress, and which exposures still fly under the radar. Focus on reducing breach impact, not just breach count. | Security | |
| 30.5.24 | Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable | Not every "critical" vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what's actually exploitable in your environment — so you can patch what matters. | Security | BleepingComputer |
| 30.5.24 | Glitch to end app hosting and user profiles on July 8 | Glitch has announced it is ending app hosting and user profiles on July 8, 2025, responding to changing market dynamics and extensive abuse problems that have raised operational costs. | Security | BleepingComputer |
| 24.5.24 | ThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability Windows | Patching is basic cyber hygiene — but executing it at scale, securely, and fast? That's the real challenge. ThreatLocker's Patch Management flips the script with control, visibility, and Zero Trust workflows built for today's threat landscape. | Security | BleepingComputer |
| 21.5.24 | Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager | Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user's password when it detects the | Security | The Hacker News |
| 18.5.24 | Google Chrome to block admin-level browser launches for better security | Google is rolling out a change to Chromium that "de-elevates" Google Chrome so it does not run as an administrator to increase security in Windows. | Security | |
| 18.5.24 | Australian Human Rights Commission leaks docs to search engines | The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines. | Security | BleepingComputer |
| 16.5.24 | Google to pay $1.375 billion to settle Texas data privacy violations | Google has agreed to a $1.375 billion settlement with the state of Texas over a 2022 lawsuit that alleged it had been collecting and using biometric data of millions of Texans without properly acquiring their consent. | Security | BleepingComputer |
| 16.5.24 | Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals | 99% of enterprise users have browser extensions but over half carry high-risk permissions. LayerX's 2025 report reveals how everyday extensions expose sensitive data, and what security teams must do now. | Security | |
| 16.5.24 | Bluetooth 6.1 enhances privacy with randomized RPA timing | The Bluetooth Special Interest Group (SIG) has announced Bluetooth Core Specification 6.1, bringing important improvements to the popular wireless communication protocol. | Security | |
| 11.5.24 | Medical device maker Masimo warns of cyberattack, manufacturing delays | Medical device company Masimo Corporation warns that a cyberattack is impacting production operations and causing delays in fulfilling customers' orders. | Security | |
| 11.5.24 | New Microsoft 365 outage impacts Teams and other services | Microsoft is investigating a new Microsoft 365 outage affecting multiple services across North America, including the company's Teams collaboration platform. | Security | BleepingComputer |
| 8.5.24 | Why EASM is vital to modern digital risk protection | You can't protect what you can't see. From shadow IT to supplier risk, modern attack surfaces are sprawling fast — and External Attack Surface Management (EASM) is how security teams take back control. Learn from Outpost24 how EASM powers proactive digital risk protection. | Security | BleepingComputer |
| 6.5.24 | The Risk of Default Configuration: How Out-of-the-Box Helm Charts Can Breach Your Cluste | Have you ever used pre-made deployment templates to quickly spin up applications in Kubernetes environments? While these “plug-and-play” options greatly simplify the setup process, they often prioritize ease of use over security. | Security | Microsoft blog |
| 6.5.24 | Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks | Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations | Security | The Hacker News |
| 30.4.25 | Customer Account Takeovers: The Multi-Billion Dollar Problem You Don't Know About | Everyone has cybersecurity stories involving family members. Here's a relatively common one. The conversation usually goes something like this: "The strangest | Security | The Hacker News |
| 25.4.25 | Microsoft Entra account lockouts caused by user token logging mishap | Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. | Security | |
| 23.4.25 | Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito | Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. | Security | The Hacker News |
| 21.4.25 | Chrome extensions with 6 million installs have hidden tracking code | A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. | Security | BleepingComputer |
| 20.4.25 | Microsoft: Office 2016 and Office 2019 reach end of support in October | Microsoft has reminded customers that Office 2016 and Office 2019 will reach the end of extended support six months from now, on October 14, 2025. | Security | BleepingComputer |
| 20.4.25 | Jira Down: Atlassian users experiencing degraded performance | Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products. | Security | BleepingComputer |
| 20.4.25 | 41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That | Your dashboards say you're secure—but 41% of threats still get through. Picus Security's Adversarial Exposure Validation uncovers what your stack is missing with continuous attack simulations and automated pentesting. | Security | |
| 20.4.25 | CISA extends funding to ensure 'no lapse in critical CVE services' | CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. | Security | BleepingComputer |
| 20.4.25 | MITRE warns that funding for critical CVE program expires today | MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. | Security | |
| 20.4.25 | Cybersecurity firm buying hacker forum accounts to spy on cybercriminals | Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals. | Security | |
| 20.4.25 | SSL/TLS certificate lifespans reduced to 47 days by 2029 | The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. | Security | BleepingComputer |
| 20.4.25 | Enhancing your DevSecOps with Wazuh, the open source XDR platform | Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle. | Security | |
| 15.4.25 | Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds | Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people | Security | The Hacker News |
| 6.4.25 | Oracle privately confirms Cloud breach to customers | Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017. | Security | BleepingComputer |
| 6.4.25 | Genetic data site openSNP to close and delete data over privacy concerns | The openSNP project, a platform for sharing genetic and phenotypic data, will shut down on April 30, 2025, and delete all user submissions over privacy concerns and the risk of misuse by authoritarian governments. | Security | BleepingComputer |
| 5.4.25 | Nearly 24,000 IPs behind wave of Palo Alto Global Protect scans | A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with researchers concerned it may be a prelude to an upcoming attack or flaw being exploited. | Security | |
| 5.4.25 | VMware Workstation auto-updates broken after Broadcom URL redirect | VMware Workstation users report that the software's automatic update functionality is broken after Broadcom redirected the download URL to its generic support page, triggering certificate errors. | Security | BleepingComputer |
|
23.3.25 |
Cloudflare now blocks all unencrypted traffic to its API endpoints | Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. | Security | |
|
23.3.25 |
Microsoft: Exchange Online bug mistakenly quarantines user emails | Microsoft is investigating an Exchange Online bug causing anti-spam systems to mistakenly quarantine some users' emails. | Security | |
|
19.3.25 |
Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security | Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition | Security | The Hacker News |
|
16.3.25 |
Microsoft says button to restore classic Outlook is broken | Microsoft is investigating a known issue that causes the new Outlook email client to crash when users click the "Go to classic Outlook" button, which should help them switch back to the classic Outlook. | Security | BleepingComputer |
|
16.3.25 |
Mozilla warns users to update Firefox before certificate expires | Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates. | Security | BleepingComputer |
| 11.3.25 | Google paid $12 million in bug bounties last year to security researchers | Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024. | Security | BleepingComputer |
| 1.3.25 | Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language | Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the | Security | The Hacker News |