IN THE NEWS

The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 instructs the Office of Management and Budget (OMB) to consult with CISA, the Office of the National Cyber Director, NIST, and other relevant departments, and require federal contractors to have a VDP that is consistent with NIST guidelines.

Four key cyber staff at the National Security Council are now in place — several have been strong advocates for offensive cyber operations in a likely preview of where President Donald Trump’s cyber policy is heading.

Cyber threats continue to evolve at an unprecedented pace, presenting significant challenges to America’s digital infrastructure from sophisticated nation-state actors.

From vendors offering SASE platforms and next-gen firewalls to those focused on protecting IoT, here’s a look at the 20 network security companies that made our Security 100 for 2025.

When big corporations want to reduce their carbon footprint, they might appoint a chief sustainability officer to create company-wide initiatives to achieve their goal.

A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices.

The last-minute cybersecurity executive order from the outgoing Biden administration, signed by President Joe Biden Thursday, includes several new requirements for software vendors that supply the federal government.

A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains.

Infoblox Threat Intel researchers have discovered new insights into the use of spoofed domains in modern malicious spam (malspam) campaigns, sending unsolicited emails that contain harmful attachments or links designed to infect the recipient's computer with malware or to steal sensitive information.

This story, originally published Jan. 7, now includes details of a new PayPal phishing attack, new research into email domain spoofing and reports of a PhishWP WordPress malicious phishing plugin threat among more advice for Gmail users.