Safety & Security

There’s a newly discovered Chinese advanced persistent threat (APT) out in the wild, and it’s been targeting the government of Mongolia. The group, “GopherWhisper,” is only now being described in …

Wiz, AI-BOMs, and securing the AI development sprawl Google has expanded its Wiz portfolio to tackle the chaos of AI development and multi-cloud risk. Wiz is being positioned as the …

A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role …

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply …

As we kicked off 2026, our focus remained clear: help EHS teams reduce manual work, connect critical systems, and turn data into action faster. Across the 25.13, 26.1, and 26.2 …

The most effective way to prevent psychological harm at work is to redesign work and its systems, especially the workload. What is often overlooked is the need …

2025 marked a special year in the history of vulnerability rewards and bug bounty programs at Google: our 15th anniversary 🎉🎉🎉! Originally started in 2010, our vulnerability reward program (VRP) …

OPINION On March 10, 2026, Microsoft patched CVE-2026-26144, a cross-site scripting (XSS) vulnerability in Excel. XSS in Office isn’t anything new, but what makes this XSS different is what happens after …

Endor Labs notes in their report that Thymeleaf has defense-in-depth layers to block dangerous expressions and in this case two of them failed. For example, a string check scanned the …

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness …