IBM API Connect 9.8 CVSS Auth Bypass Hits 1,000+ Firms
A critical authentication bypass vulnerability in IBM API Connect allows remote attackers to gain unauthorized access without credentials. CVE-2025-13915 scores 9.8 on CVSS—one ...
38 State Tech Laws Hit Jan 1, 2026: AI Transparency Clash
On January 1, 2026, developers woke up to a new reality: 38 state tech laws ...
React2Shell: 90K+ Next.js Apps Hit by 10.0 CVSS RCE
Within hours of its December 3, 2025 disclosure, China state-sponsored hackers were already exploiting it. ...
API Security 2026: 99% Hit, 400% Surge, $186B Cost
Ninety-nine percent of organizations suffered at least one API security incident in 2025. API attacks ...
California DROP: Delete Data From 500+ Brokers Now
California just automated privacy rights enforcement at scale. The state launched DROP (Delete Request and ...
Microsoft Kills Windows Offline Activation After 24 Years
Microsoft killed Windows phone activation on Dec 3, 2025, forcing users to an online portal requiring Microsoft accounts. Air-gapped systems are locked out.
Rust Enterprise Migration 2026: Microsoft, Google, Meta Race to Replace C++
CISA’s January 1, 2026 deadline for memory safety roadmaps has transformed Rust from a developer ...
SBOM Compliance Gap: 48% Failing, $60B Lost in Attacks
Despite widespread regulatory mandates, 48% of security professionals admit their organizations are falling behind SBOM ...
Headphone Jacking: $400 Headphones Hijack Your Phone
Hackers can silently hijack your phone through premium Bluetooth headphones. CVEs disclosed Jan 1, 2026 ...
Libsodium’s First CVE in 13 Years: Zig Caught It
Thirteen years. Zero vulnerabilities. A perfect security track record that ended on December 30, 2025. ...