Navigate
Home
Blog
Dashboard
Feeds
Articles
Search
Overview
Topics
Assistant
Home
Blog
Dashboard
Feeds
Articles
Search
Overview
Topics
Assistant
Login
Google Chrome emergency update fixes 6th zero-day exploited in 2023
Pro-Palestinian group GhostSec hacked Berghof PLCs in Israel
What's new in the Windows 11 22H2 Moment 3 update, now available
Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems
Pro-Palestine APT Group Uses Novel Downloader in New Campaign
Security Leaders Discuss Industry Trends at Dark Reading's News Desk at RSAC 2023
Vigil: Open-source Security Scanner for LLM Models Like ChatGPT
Kaspersky Relocates Cyberthreat-Related Data Processing for Users in Latin America and Middle East to Switzerland
Samsung Galaxy smartphones are getting this new security feature
'Bitter' espionage hackers target Chinese nuclear energy orgs
Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware
Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government
Ukraine energy facility took unique Sandworm hit on day of missile strikes, report says
[eBook] A Step-by-Step Guide to Cyber Risk Assessment
Payment Card-Skimming Campaign Now Targeting Websites in North America
The Emotet botnet is back, and it has some new tricks to spread malware | ZDNet
CISA Unveils Cybersecurity Strategic Plan for Next 3 Years
Feds Forced Travel Firms to Share Surveillance Data on Hacker
Lock your doors to Kerberos golden ticket attacks
UK Minister Warns Meta Over End-to-End Encryption
New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia
Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach
Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers
'CryptoRom' Crypto Scam Abusing iPhone Features to Target Mobile Users
GM plans to let you talk to your car with ChatGPT, Knight Rider-style
Spyware App Compromised Over 60,000 Android Devices to Steal Sensitive Data
This sneaky hacking group hid inside networks for 18 months without being detected | ZDNet
Cavelo Raises CA$5 Million for Attack Surface Management Platform
Five easy steps to keep your smartphone safe from hackers
Alleged Iranian hackers target victims in Saudi Arabia with new spying malware
Ransomware attacks are increasing with more dangerous hybrids ahead
Chinese hackers accused of targeting Southeast Asian gambling sector
Unified Threat Management: The All-in-One Cybersecurity Solution
Ransomware Group Claims Major Okta Breach
Curl CVE has security community on edge as patch drops
Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers
ShadowPad Threat Actors Return With Fresh Government Strikes, Updated Tools
Microsoft Patches MotW Zero-Day Exploited for Malware Delivery
Threat and Vulnerability Roundup for the week of July 30th to August 5th
Enterprise Browser Startup Island Snags Massive Funding Round
Friendly Hacker, Keren Elazari, to Announced as Keynote Speaker at Infosecurity Europe 2023
Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers
Facebook Take Down ChatGP-themed Malware Attacks That Stole FB Accounts
Forty Countries Agree Not to Pay Cybercrime Ransoms
Microsoft warning: These phishing attackers used fake OAuth apps to steal email
The Week in Ransomware - December 16th 2022 - Losing Trust
New Ransomware With RAT Capabilities Impersonating Sophos
Industry Coalition Urges Congress to Hold off on SBOMs Requirements for Defense Contractors
Dozens of popular Minecraft mods found infected with Fracturiser malware
Russian threat group targets online vendors in Singapore | Cybernews
Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating
CISA warns govt agencies to patch Ivanti bug exploited in attacks
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems
IBM rebuilds QRadar for hybrid clouds and AI workloads
U.S. State Department unveils new Bureau of Cyberspace and Digital Policy
North Korean supply chain attacks prompt joint warning from Seoul and London
Microsoft fixes bug that breaks Windows Start Menu, UWP apps
Webinar Today: Using Governance and Privilege to Gain Control Over Third-Party Access
Proton Launches Open Source Password Manager
Optus breach – Aussie telco told it will have to pay to replace IDs
Are Educational Institutions Easy Victims of Ransomware Groups?
Cyberpion rebrands as Ionix, offering new EASM visibility improvements
CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
Supply Chain Attack Defense Demands Mature Threat Hunting
HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack
Researchers Find New Malware Attacks Targeting Russian Government Entities
Hackers are using this new trick to deliver their phishing attacks
Financially Motivated Threat Actor Strikes with New Ransomware and Clipper Malware
APT31 Implants Target Industrial Organizations
Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
Ransoming Linux and ESXi systems is getting easier
Congressman ‘coming for answers’ after ‘no-fly list’ hack
Copper Mining Firm Shuts Down Mill after Ransomware Attack
Former Navy IT Manager Sentenced to Prison for Hacking, Selling PII
Reddit awards hero hacker $10k bounty | Cybernews
UK privacy authority to appeal decision overturning $10 million fine on Clearview AI
Reddit says limited amount of source code, employee data accessed in phishing attack
3CX data exposed, third-party to blame
Hackers use fake ‘Windows Update’ guides to target Ukrainian govt
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
New Stealthy Variant of Linux Backdoor BPFDoor Emerges from the Shadows
Why Zero Trust Should be the Foundation of Your Cybersecurity Ecosystem
Clop ransomware gang starts extorting MOVEit data-theft victims
Black Friday warning as ‘grinch bots’ target retailers
Half of Security Leaders Consider Quitting
Meta Set to Enable Default End-to-End Encryption on Messenger by Year End
Red Sift adds protection against phishing, BEC, and brand abuse
Protected Virtual Machines Exposed to New 'CacheWarp' AMD CPU Attack
Hackers Use Shapeshifting Tactics to Steal Information Stealing Malware
Hackers earn $1,035,000 for 27 zero-days exploited at Pwn2Own Vancouver
Johnson Controls Hit by Ransomware
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine
Google AMP Abused in Phishing Attacks Aimed at Enterprise Users
CISA to warn critical infrastructure of ransomware-vulnerable devices
Sydney University Suffers Supply Chain Breach
Interpol arrests suspected senior member of hacker group OPERA1ER
Threat actors can use ChatGPT, too. Here’s what businesses should watch
Fears grow of deepfake ID scams following Progress hack
Atlassian data leak caused by stolen employee credentials
Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid
Google Drive files mysteriously disappearing, users report
The future of the internet is up for vote at the U.N.
Colombian energy supplier EPM hit by BlackCat ransomware attack
Nearly 70% of tested ServiceNow instances leaking data
Microsoft Said that Hackers Use Google Ads to Deliver Royal Ransomware Payloads
Seiko “BlackCat” Data Breach: 60,000 Records on the Line
3CX hack highlights risk of cascading software supply-chain compromises
Researchers Spot Supply Chain Attack Targeting GitLab CI Pipelines
Microsoft Accused of Negligence in Recent Email Compromise
Google Launches New Open-Source Bug Bounty to Tackle Supply Chain Attacks
ALPHV/BlackCat Ransomware Gang Targets Businesses Via Google Ads
Digital Safety Advice is Not Getting Through to Women
Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign
SharkBot Malware Found in Android File Manager Apps With Thousands of Downloads
New Rilide Malware Attacking Enterprise Employees to Steal Credentials
Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks
Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware
New Linux malware targets WordPress sites by exploiting 30 bugs
So far, AI hasn’t been profitable for Big Tech
Crimeware Group Asylum Ambuscade Ventures Into Cyber-Espionage
GIFShell attack creates reverse shell using Microsoft Teams GIFs
Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters
Australia's Hack-Back Plan Against Cyberattackers Raises Familiar Concerns
How to go incognito in Chrome, Edge, Firefox, and Safari
MOVEit vulnerability snags almost 200 victims, more expected
Pro-Kremlin hackers target Latvia’s parliament after declaring Russia a sponsor of terrorism
Zoom’s bug bounty ROI clear as program pays $1.8 million to fix over 400 bugs
FTC warns of ‘staggering’ losses to social media scams since 2021
The DHS’s CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accounts
Finland's Spy Service Warns of Russian Interference, Attacks
Android Phones Will Now Warn About Unknown Bluetooth Trackers, Including AirTags
With Stable Diffusion, you may never believe what you see online again
US govt agencies released a joint alert on the Lockbit 3.0 ransomware
Hackers spoof fintech apps to profit from tax season | CyberNews
ChatGPT to ThreatGPT: Generative AI Impact in Cybersecurity and Privacy
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away
Microsoft Raises Alert for Under-Attack Windows Flaw
Exploit Code Published for Remote Root Flaw in VMware Logging Software
SAP Releases 7 New Notes on October 2023 Patch Day
Russian TV Stations Hacked
How to use Bitwarden Send (and when you should)
Apple Emergency Update for New Zero-Day Used to Hack iPhones
Viasat shares details on KA-SAT satellite service cyberattack
Online library app Onleihe faces issues after cyberattack on provider
Microsoft Teams stores cleartext auth tokens, won’t be quickly patched
Estée Lauder takes down some systems following cyberattack
Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities
The Week in Ransomware - February 10th 2023 - Clop's Back
120,000+ Compromised Computers Leaked Hacker Data From Top Cybercrime Forums
Google pushes emergency Chrome update to fix 8th zero-day in 2022
New MidgeDropper Malware Variant Found Targeting Windows Users
GitLab Released Emergency Fix For Critical Vulnerability – Update Now!
Risks of Sharing Sensitive Corporate data into ChatGPT
Why this threat intelligence expert believes cyberattacks aren’t Ukraine’s biggest concern
Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation
Best YubiKey: You need this cheap security tool | ZDNet
Ransomware experts laud Hive takedown but question impact without arrests
Automotive supplier breached by 3 ransomware gangs in 2 weeks
Conti, the notorious ransomware group, proclaimed dead | CyberNews
BlackLotus is the first bootkit bypassing UEFI Secure Boot on Windows 11
Potential Backdoor in Gigabyte PCs Exposes Supply Chain Risks
Atlassian Confluence customers confront pair of critical vulnerabilities
Mozilla Firefox 111.0.1 fixes Windows 11 and macOS crashes
Over 10% of Enterprise IT Assets Found Missing Endpoint Protection
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme
ShadowPad-Associated Hackers Targeted Asian Governments
October Patch Tuesday Addresses Three Zero-Days
Emergency Firefox Update Patches Two Actively Exploited Zero-Day Vulnerabilities
U.S. Bank of the West Found a Debit Card Stealing Skimmers on ATMs
'Raccoon Stealer' Scurries Back on the Scene After Hiatus
Netgear fixes bad Orbi firmware update that locked admin console
Interpol Seized $130 Million from Cybercriminals in Global "HAECHI-III" Crackdown Operation
Dozens of countries will pledge to stop paying ransomware gangs
DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace
New Jersey, Pennsylvania hospitals affected by cyberattacks
Cybersecurity for Industrial Control Systems: Part 1
Hackers Using Microsoft-signed Malicious Windows Drivers in Ransomware Attacks
Chinese Spyware Targets Uyghurs Through Apps: Report
Cloudflare DDoS protections ironically bypassed using Cloudflare
What Exposed OPA Servers Can Tell You About Your Applications
Dark Web Markets Offer New FraudGPT AI Tool
9 Vulnerabilities Patched in SEL Power System Management Products
The Irish DPC fined WhatsApp €5.5M for violating GDPR
GIGABYTE releases new firmware to fix recently disclosed security flaws
Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks
For Maine, the MOVEit attack is personal
Seoul expects to become a metaverse city in less than five years | CyberNews
Australian Police Probe Purported Hacker's Ransom Demand
Google Plans To Roll Out IP Protection Feature In Chrome Browser
New Stealc malware emerges with a wide set of stealing capabilities
Police Arrest Suspected OPERA1ER Cybercrime Kingpin
Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws
Microsoft Names Russian Threat Actor
Industry 4.0: CNC Machine Security Risks Part 2
HackerOne Exceeds $300m in Bug Bounty Payments
Google Authenticator Flaw Inadvertently Facilitated $15 Million Theft
Attackers find new ways to deliver DDoSes with “alarming” sophistication
Man Charged With Remote Attack on Water Plant
'Anonymous Sudan' Claims Responsibility for DDoS Attacks Against Israel
Researchers Uncover New technique to Detect Malicious Websites
Clop ransomware now uses torrents to leak data and evade takedowns
Infosecurity Europe Unveils Keynote Speakers for 2022 Event
FTC sues data broker for selling sensitive location info
Healthcare giant Henry Schein hit twice by BlackCat ransomware
1.2 Million Bad Apps Blocked From Reaching Google Play in 2021
The 5 best VPN routers of 2023
Spoofing an Apple device and tricking users into sharing sensitive data
TikTok’s Parent Company Admits Using the Platform’s Data to Track Journalists
New P2PInfect worm malware targets Linux and Windows Redis servers
MMRat Android Trojan Executes Remote Financial Fraud Through Accessibility Feature
FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies
Over 80,000 Hikvision cameras can be easily hacked
New Redigo malware drops stealthy backdoor on Redis servers
Siemens Energy confirms data breach after MOVEit data-theft attack
Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking
CISA 'temporarily' removes Windows vulnerability from its must-patch list | ZDNet
CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog
Microsoft wants you to learn more about new features in Windows 11
How Belarusian hacktivists are using digital tools to fight back
Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions
Supply chain blunder puts 3CX telephone app users at risk
LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender
Russia-linked threat actors launched hundreds of cyberattacks on Ukraine
4 Okta customers hit by campaign that gave attackers super admin control
New stealthy and modular Deadglyph malware used in govt attacks
Earth Estries Targets Government, Tech for Cyberespionage
Massive ad-fraud op dismantled after hitting millions of iOS devices
Samsung Issued Patches for Multiple Critical Security Flaws
Industry Reactions to Govt Requiring Security Guarantees From Software Vendors
US Cybersecurity Lab Suffers Major Data Breach
What are Bitwarden Organizations and how do you use them?
Social media hearings highlight lack of trust, transparency in sector
Top 10 Passwordless Authentication Tools - 2023
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug
Vice Ransomware Group Uses Custom Ransomware with New Encryption Algorithms
Okta revises original statement, says 366 customers affected by Lapsus$ breach
Firefox fixes a flurry of flaws in the first of two releases this month
eSentire introduces LLM Gateway to help businesses secure generative AI
Quarter of Security Pros Say Mental Health Has Worsened
Asylum Ambuscade hackers mix cybercrime with espionage
TikTok suspends livestreaming and new uploads in Russia | CyberNews
Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages
Cisco fixes critical bugs in SMB routers, exploits available
Small drones are giving Ukraine an unprecedented edge
Automatic Updates Deliver Malicious 3CX 'Upgrades' to Enterprises
Microsoft 365 phishing attacks use encrypted RPMSG messages
Researchers to release PoC exploit for critical ManageEngine RCE bug, patch now
Google to distribute 100,000 Titan Security Keys to high-risk users
Clop Ransom Gang Breaches Big Names Via MOVEit Flaw
FCC Proposes Tighter Data Breach Reporting Rules for Wireless Carriers
US links Russia to Ukraine DDoS attacks
Boeing confirms cyberattack amid LockBit ransomware claims
Veeam warns of critical bugs in Veeam ONE monitoring platform
LokiBot Malware Targets Windows Users in Office Document Attacks
ChatGPT-Related Malicious URLs on the Rise
Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users
Apple bans employees from using ChatGPT. Should you?
The Week in Ransomware - March 24th 2023 - Clop overload
Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000
Supply chain attack against 3CX communications app could impact thousands
Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides
Hackers breach healthcare orgs via ScreenConnect remote access
Source code for BlackLotus Windows UEFI malware leaked on GitHub
Microsoft retires Visual Studio for Mac, support ends in a year
Mexico-Based Hacker Targets Global Banks with Android Malware
Bitzlato Crypto Exchange Founder Arrested for Aiding Cybercriminals
Cryptominers hijack $53 worth of system resources to earn $1
Ex-Gumshoe Nabs Cybercrooks with FBI Tactics
Scattered Spider hackers use old Intel driver to bypass security
U.S. sanctions crypto-exchange Garantex for aiding Hydra Market
Hackers Attacking Power Generator Systems to Infect With Ransomware
How to lock an Apple Note to keep prying eyes out of your ideas
Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware
How to Automate the Hardest Parts of Employee Offboarding
Leaseweb Reports Cloud Disruptions Due to Cyberattack
Thousands of secrets lurk in app images on Docker Hub
GenAI in productivity apps: What could possibly go wrong?
Sextortion ring disbanded in Asia | Cybernews
Amazon to make MFA mandatory for 'root' AWS accounts by mid-2024
New White Rabbit ransomware linked to FIN8 hacking group
Why Walden thinks this national cybersecurity strategy will work
Cryptocurrency companies backdoored in 3CX supply chain attack
Cybercriminals who breached Nvidia issue one of the most unusual demands ever
US govt sanctioned North Korea-linked APT Kimsuky
Internet access severed in Gaza as IDF announces ‘expanding’ ground operation
MGM Resorts says ransomware attack cost $100 million, data stolen
Cloudflare website down, showing ‘We’re sorry’ Google errors
How secure a Twitter replacement is Mastodon? Let us count the ways
Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows
Ilya Sachkov versus the Kremlin
China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
ViperSoftX info-stealing malware now targets password managers
Rhysida ransomware leaks documents stolen from Chilean Army
Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets
CISA added 9 new flaws to the Known Exploited Vulnerabilities Catalog, including Magento e Chrome bugs
CISA Addresses 'Cyber Poor' Small Biz, Local Government
Russia targets Ukraine with new Android backdoor, intel agencies say
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands
US Government Wants Security Guarantees From Software Vendors
New SEC Cybersecurity Rules: What You Need to Know
Hackers pretending to be Iranian govt use SMS messages to steal credit card info, create botnet | ZDNet
UK military intelligence team wins Western Europe’s ‘largest cyber warfare exercise’ held in Estonia
Human Error the Leading Cause of Cloud Data Breaches
ScanSource says ransomware attack behind multi-day outages
Users of cybercrime forums often fall victim to info-stealers, researchers find
What SOCs Need to Know About Water Dybbuk
What is Contact Key Verification and how is it used?
Here's a New Tool That Scans Open-Source Repositories for Malicious Packages
ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
Nordic Choice Hotels hit by Conti ransomware, no ransom demand yet
FDCA JuleCTF Challenge 13 and 14 – Write Up Intro -
Regulator: “Harmful” Web Design Could Break Data Protection Laws
Hackers Flood NPM with Bogus Packages Causing a DoS Attack
Initial Access Broker Activity Doubles in a Year
Apple pulls no punches in lawsuit against 'amoral' NSO Group
Microsoft warns of emerging 'ice phishing' threat on blockchain, DeFi networks | ZDNet
Killnet as a private military hacking company? For now, it's probably just a dream
Senegal shuts off mobile internet after arrest of opposition leader
MOVEit maker announces new critical vulnerability affecting a different file transfer tool
Spanish Police Arrest Alleged Radioactive Monitoring Hackers
VSCode Marketplace can be abused to host malicious extensions
LockBit Makes $91m From US Victims in Two Years
Previously unknown hacking group targets Hong Kong organizations in supply chain cyberattack
New ‘White Rabbit’ Ransomware May Be New FIN8 Tool
More than $30 million seized from North Korean hackers involved in Axie crypto-theft
Chinese government hackers ‘frequently’ targeting MPs, warns new report
European Parliament declares Russia a terrorism sponsor, then its site goes down
MITRE releases new list of top 25 most dangerous software bugs
Outrage over Telenor Myanmar sale grows as more ties between military and new owner revealed | ZDNet
Brave takes on the creepy websites that override your privacy settings
Henry Schein says customer data breached in cyber incident
Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands
How we host Ars, the finale and the 64-bit future
Cybersecurity Threat 1H 2023 Brief with Generative AI
Windows security in ’22 — you need more than just antivirus software
These 6 Questions Will Help You Choose the Best Attack Surface Management Platform
Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories
Almost all developers are using AI despite security concerns, survey suggests
Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware
A CISOs Practical Guide to Storage and Backup Ransomware Resiliency
Air Canada says hackers accessed limited employee records during cyberattack
StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs
China-linked APT likely linked to Fortinet zero-day attacks
State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments
Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition
Anonymous hacked Roskomnadzor agency revealing Russian disinformation
TP-Link Tapo L530E smart bulb flaws allow hackers to steal user passwords
A Hackers Pot of Gold: Your MSP's Data
'DangerousSavanna' Hackers Targeted Financial Institutions in Africa For Two Years
LemonDuck Malware Attacking Docker to Mine cryptocurrency
Truebot Malware Activity Increases With Possible Evil Corp Connections
FBI is investigating a cybersecurity incident on its network
Biden Puts Top Chinese Military Medical Institute on Export Control Blacklist
Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition
AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping
Hackers Selling Powerful Infostealers on Underground Forums
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
ChatGPT Highlights a Flaw in the Educational System
Mitigate the LastPass Attack Surface in Your Environment with this Free Tool
Threat Actors Abuse Cloudflare Tunnel for Persistent Access, Data Theft
Exchange Server under pressure as opportunistic actors step up attacks
Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round
Hacktivists fund their operations using common cybercrime tactics
New Infostealer Malware 'Erbium' Offered as MaaS for Thousands of Dollars
10 Best Enterprise Remote Access Software - 2023
Over 12,000 Computers Compromised by Info Stealers Linked to Users of Cybercrime Forums
Hamas’ online infrastructure reveals ties to Iran, researchers say
Top 13 SaaS Cybersecurity Threats in 2023: Is Your Business Prepared?
Phishers Abuse Microsoft Voicemail Service to Trick Users
Hundreds of thousands trafficked into cyber scamming in Southeast Asia, UN says
French Dad Takes nearby Town Internet Down to Stop his Kid GoingOnline
Navigating the Digital Frontier in Cybersecurity Awareness Month 2023
Apple re-releases zero-day patch after fixing browsing issue
Thousands of Cisco IOS XE devices hacked in widespread attacks
Threema claims encryption flaws never had a real-world impact
WhatsApp Secret Code Feature Lets Users Set Unique Locked Chat Passwords
Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion
Big names disclose MOVEit-related breaches, including PwC, EY and Genworth Financial
Intel investigating leak of Intel Boot Guard private keys after MSI breach
New review will examine NSA and Cyber Command’s ‘dual hat’ structure
Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites
Nation-state Hackers Target Journalists with Goldbackdoor Malware
Adobe Acrobat Sign abused to push Redline info-stealing malware
In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities
Coca-Cola embraces controversial AI image generator with new “Y3000” flavor
Windows 11 23H2 - New features in the Windows 11 2023 Update
New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators
U.S. government offensive cybersecurity actions tied to defensive demands
China-linked APT40 used ScanBox Framework in a long-running espionage campaign
Phishing drops IceXLoader malware on thousands of home, corporate devices
Atlassian rolled out fixes for Confluence zero-day actively exploited in the wild
Microsoft 365 now prevents data leaks with new session timeouts
Ukraine's 'IT Army' Stops 1,300 Cyberattacks in 8 Months of War
Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
Apple Zero-Day Flaws Exploited For Predator Spyware Attacks
Fenix Cybercrime Group Poses as Tax Authorities to Target Latin American Users
Beware of the new phishing technique “file archiver in the browser” that exploits zip domains
Holiday Season Cyber Alert: Reflectiz Declares War on Magecart
Companies have to figure out the skills they need to reap AI benefits
Raspberry Robin Malware Attacks Against Telecom and Government Sectors
Ransomware tales: The MitM attack that really had a Man in the Middle
SMBs seek cyber training, support as attack risk surges
Critical Atlassian Confluence CVE under exploit by prolific state-linked actor
S3 Ep132: Proof-of-concept lets anyone hack at will
SecurityWeek to Host 2022 Attack Surface Management Summit Today
Recently discovered IceFire Ransomware now also targets Linux systems
IT Admins Set Admin Portal Passwords to ‘admin’ - Almost 40,000 Entries Found
New Microsoft bug bounty program focuses on AI-powered Bing
Over 50 New CVE Numbering Authorities Announced in 2022
China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons
Multiple Vulnerabilities Found In Samsung Galaxy App Store App
China's APT41 Linked to WyrmSpy, DragonEgg Mobile Spyware
New BLUFFS Bluetooth Attack Methods Can Have Large-Scale Impact: Researcher
Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware
Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware
COVID-bit Attack Targets Air-Gapped Systems Via Power-Supply Radiations
Caesars shakes off cyberattack with strong Q3 Las Vegas demand
At Least 30% of
Amadey malware spreads via software cracks laced with SmokeLoader
Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts
Ransomware Mastermind Uncovered After Oversharing on Dark Web
Thales to buy app and data security firm Imperva in $3.6 billion deal
Southern African power generator targeted with DroxiDat malware
In a Post-Macro World, Container Files Emerge as Malware-Delivery Replacement
API Attacks Soar Amid the Growing Application Surface Area
Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange
Boeing systems hit in reported Lockbit cyberattack
Okta Employee's Use of Personal Google Account Leads to Security Breach
Clop ransomware group triggers new attack spree, hitting household brands
'BlazeStealer' Python Malware Allows Complete Takeover of Developer Machines
How Water Labbu Exploits Electron-Based Applications
Windows 11 23H2 update coming this fall, here's what's new
UK hacker busted in Spain gets 5 years over Twitter hack and more
Android Spyware BouldSpy Linked to Iranian Government
California city warns of data breach after ransomware attack claims
You're definitely not making the most of your password manager
City of Philadelphia Releases Cyber-Breach Notice
Cloudflare website downed by DDoS attack claimed by Anonymous Sudan
PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS
Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO
Why Signature-Based Detection Struggles to Keep Up with the New Attack
Regulator Reveals Large Disparity in APP Fraud Reimbursement
New Year's Surprise: Cybersecurity M&A, Funding Activity Snowballs in Q4
Phishers Targeted Financial Services Most During H1 2022
Rhysida ransomware gang is auctioning data stolen from the British Library
How a Recession Will Affect CISOs?
Ransomware Group RansomedVC Closes Shop
SIM swapper gets 8 years in prison for account hacks, crypto theft
PCI Data Security Standard v4.0 Released to Address Emerging Threats
S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]
US sanctions Russian who laundered money for Ryuk ransomware affiliate
Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel
UK Parliament launches inquiry into national security strategy around ransomware
CISA to establish network of regional election advisers for 2024
Cybersecurity workforce shortage reaches 4 million despite significant recruitment drive
Social media is drowning in misinformation on the Israel-Hamas conflict
SMBs hit by rise in legitimate tool-based attacks
Chinese "Override Panda" Hackers Resurface With New Espionage Attacks
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation
Norwegian Giant Tomra Suffers “Extensive” Attack
European Parliament approves sweeping big tech antitrust laws
Best cybersecurity schools and programs | ZDNet
Iranians hacked US companies, sent ransom demands to printers, indictment says
YourCyanide: A CMD-based Ransomware With Multiple Layers of Obfuscation
AI-powered Bing Chat loses its mind when fed Ars Technica article
Japan's Nagoya Port Suspends Cargo Operations Following Ransomware Attack
How Hackers Abusing ChatGPT Features For Their Cybercriminal Activities - Bypass Censorship
Batloader: A Batch File That Delivers Several Different Types of Malware
CISA launches pilot program offering ‘cutting-edge’ services to critical infrastructure orgs
CISA warns of breach risks from IDOR web app vulnerabilities
Windows Task Manager refresh can be paused using CTRL key
BidenCash leaks 2.1M stolen credit/debit cards
Best VPN for streaming of 2022
Palo Alto Networks closely watched ahead of late Friday Q4 report
Hacker Groups Adding New Double DLL Sideloading Technique to Evade Detection
Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts
What is Security Keys for Apple ID and why does it matter?
Microsoft finds vulnerabilities it says could be used to shut down power plants
Who's Experimenting with AI Tools in Your Organization?
White House unveils ‘whole of society’ push to expand cybersecurity workforce
Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence
CISA's Goldstein: Ukrainian response to Viasat hack proves need for redundancy, resilience
US Treasury Sanctions Iranian Minister Over Hacking of Govt and Allies
Microsoft: 0ktapus Cyberattackers Evolve to 'Most Dangerous' Status
Senate committee advances Fick nomination as State Department’s top cyber diplomat
Four Convicted in $18m Investment Fraud Scheme
1.1 quintillion operations per second: US has world’s fastest supercomputer
Kali Linux 2022.2 released with 10 new tools, WSL improvements, and more
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks
LAUSD says Vice Society ransomware gang stole contractors’ SSNs
3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox
BlueCharlie Hacker Group Builds a 94-Domain Password Stealing Platform
Okta breach: 134 customers exposed in October support system hack
Privid: A Privacy-Preserving Surveillance Video Analytics System
House panel approves major cash infusion for CISA
Seiko says ransomware attack led to leak of 60,000 ‘items’ of personal data
Cyber Attack on DP World Halted Container Movements
Scam Job Offers Target Uni Students
Netcraft Raises $100M, Hires New CEO for Global Expansion
Researchers Harvest, Analyze 100K Cybercrime Forum Credentials
The VC View: Incident Response and SOC Evolution
Progress Software facing dozens of class action lawsuits, SEC investigation following MOVEit incident
80,000+ Exploitable Hikvision Cameras Exposed Online
Zimbra Zero-day XSS Vulnerability Actively Exploited by Hackers
Community Health Systems data breach caused by GoAnywhere MFT hack
Dark Pink APT group linked to new KamiKakaBot attacks in Southeast Asia
CISA adds Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog
Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover
Researchers Uncover Malware Posing as WordPress Caching Plugin
Biometric Authentication Isn't Bulletproof —Here's How to Secure It
Encrypted Messaging App Exclu Used by Criminal Groups Cracked by Joint Law Enforcement
Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
GuLoader Malware Utilizing New Techniques to Evade Security Software
New Ransomware Group BianLian Activity Exploding
Massive Exploit Against WooCommerce Payments Underway Bug on 600,000 Websites
S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]
Ransomware decryption: This tool could help some BianLian ransomware victims get files back
Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities
Chinese hackers breach US critical infrastructure in stealthy attacks
North Korean hackers once again exploit Internet Explorer’s leftover bits
Royal ransomware expands attacks by targeting Linux ESXi servers
Snort Flaw Let Attacker to Trigger DoS Condition & Pass Malicious Traffic
CISA adds two Zabbix flaws to its Known Exploited Vulnerabilities Catalog
Chinese influence operation aimed to protect Beijing's stake in rare earth mining, research finds
Cuba Ransomware Group Steals Credentials Via Veeam Exploit
Technical Details, IoCs Available for Actively Exploited BIG-IP Vulnerability
The strange similarities between Lockbit 3.0 and Blackmatter ransomware
Why Ensuring Supply Chain Security in the Space Sector is Critical
VMware Releases Patches for New Vulnerabilities Affecting Multiple Products
Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges
Okta Post-Exploitation Method Exposes User Passwords
NCSC: Iranian and Russian Groups Targeting Government, Activists and Journalists With Spearphishing
UK Cops Collar 7 Suspected Lapsus$ Gang Members
Google Mandates Data Deletion Policy For Android Apps
This era of big tech exceptionalism has got to end: Australian eSafety Commissioner | ZDNet
EtherHiding: A Novel Technique to Hide Malicious Code Using Binance's Smart Chain
NSA insider to succeed George Barnes as agency’s deputy director
Biden AI order could lead to reforms in how federal agencies work with data brokers
Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims
Meta spins off PyTorch Foundation to make AI framework vendor neutral
New Samsung data breach impacts UK store customers
ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More
Five arrested in takedown of Lolek bulletproof hosting service
Closing the Door DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme
What is Digital Forensics? Tools, Types, Phases & History
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits
Russian National Arrested in Canada Over LockBit Ransomware Attacks
New wave of data-destroying ransomware attacks hits QNAP NAS devices
New Phishing Attack Exploits Cloudflare R2 Hosting Service to Steal Cloud Passwords
Apple Patches Two Zero-Days Exploited in the Wild
Cybersecurity investments boost profitability, resilience: White House
New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government
8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server
New critical Citrix ADC and Gateway flaw exploited as zero-days
Will Russian Oil Ban Spur Increased Cyber-Attacks
Hackers Backdoor Windows Device Using Cobalt Strike Alternative 'Sliver'
EPA unveils cybersecurity oversight for public drinking water systems
Spera exits stealth to reveal identity-based threat hunting capabilities
CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency
Nation-state hacker group targeting Taiwan, US, Vietnam and Pacific Islands
US uncovers “Swiss Army knife” for hacking industrial control systems
Black Hat Announces Sustainability Pledge
While Russian tanks attack, Ukrainian supporters hack back
Luckymouse Uses Compromised MiMi Chat App to Target Windows and Linux Systems
How Telegram found itself in the middle of the war between Russia and Ukraine
Nvidia thinks AI boom is far from over as GPU sales drive big earnings win
Cisco warns of bug that lets attackers break traffic encryption
Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software
Google ads push malicious CPU-Z app from fake Windows news site
Wazuh - The free and open source XDR platform
Multiple Document Management XSS Flaw Let Attackers Access Sensitive Documents
Patch Tuesday includes 6 Windows zero-day flaws; patch now!
Paladin Cloud launches new tool for attack surface discovery and management
Foxconn Confirms Ransomware Hit Factory in Mexico
Estée Lauder beauty giant breached in two separate ransomware attacks
Ukraine: Volunteer IT Army is going to hit tens of Russian targets from this list
UK's controversial online safety bill set to become law
All versions of Ivanti product affected by vulnerability used in Norway gov’t attack
Kali Linux 2023.3 Released - What's New!
China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
Russia leads in content removal requests to Google
Section 702 surveillance powers are necessary, but FBI access needs limits, panel says
AP News Site Hit by Apparent Denial-of-Service Attack
New GoTrim botnet brute forces WordPress site admin accounts
New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force
MongoDB rolls out queryable encryption to secure sensitive data workflows
AI Solutions Are the New Shadow IT
Fake Reservation Links Prey on Weary Travelers
FBI Lifts the Lid on Notorious Scattered Spider Group
Ransomware Reaches New Heights
GoTo, parent company to LastPass, names new CISO
Chinese actors behind attacks on industrial enterprises and public institutions
Facebook's Metaverse is Expanding the Attack Surface
Android Banking Trojan Zanubis Evolves to Target Peruvian Users
Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining
The Vulnerable Maritime Supply Chain - a Threat to the Global Economy
Google: We stopped these hackers who were targeting job hunters and crypto firms | ZDNet
Google provides rules to detect tens of cracked versions of Cobalt Strike
Break into Ethical Hacking with 18 Advanced Online Courses for Just $42.99
New GwisinLocker ransomware encrypts Windows and Linux ESXi servers
New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps
How to Interpret the 2023 MITRE ATT&CK Evaluation Results
Massive 3CX Supply-Chain Attack Let Hackers Inject Backdoor on Crypto Firms
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024
A big bet to kill the password for good
Security Affairs newsletter Round 355
High-speed AI drone beats world-champion racers for the first time
BlackCat ransomware gang behind Reddit breach from February
Hackers are Actively Using the new.zip Domain for Malicious Attacks
Google: State hackers still exploiting Internet Explorer zero-days
8 million people hit by data breach at US govt contractor Maximus
Netscaler ADC bug exploited to breach US critical infrastructure org
Clop ransomware likely exploiting MOVEit zero-day since 2021
OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default
University of Manchester Hack - Over One Million NHS patient data Exposed
CISA warns of hackers exploiting PwnKit Linux vulnerability
Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions
Best Software Defined Perimeter (SDP) Tools in 2023
TSMC says some of its data was swept up in a hack on a hardware supplier
Camaro Dragon APT Group Exploits TP-Link Routers With Custom Implant
Spotify’s new royalties scheme angers indie musicians
Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry
QNAP Urged customers to disable UPnP Port on their Routers
Experts released PoC Exploit code for actively exploited PaperCut flaw
New Backdoor Targets French Entities via Open-Source Package Installer
Windows is in Moscow’s crosshairs, too
Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices
Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising
Where is the Origin QAKBOT Uses Valid Code Signing
3CX threat actor named as company focuses on security upgrades, customer retention
Skiff Banks $10.5M for E2E Encrypted Workplace Collaboration
Malicious Notepad++ Google ads evade detection for months
Cops Arrest Suspected Multimillion-Dollar Fraud Mastermind
Google exposes intelligence and defense employee names in VirusTotal leak
CapraRAT Android Malware Hijack Android Phones Mimicking YouTube App
ChatGPT is enabling script kiddies to write functional malware
Segway Hit by Magecart Attack Hiding in a Favicon
S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]
AI-powered Bing Chat spills its secrets via prompt injection attack
DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors
Cyber Command, NSA nominee now double-blocked
Data Distribution Service: Mitigating Risks Part 3
Google TAG warns of Russia-linked APT groups targeting Ukraine
Chinese hackers backdoor chat app with new Linux, macOS malware
Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges
Scammers target older people online. Here are the 3 warning signs to watch for
Google researchers fount multiple security issues in Intel TDX
Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
Microsoft and Fortra crack down on malicious Cobalt Strike servers
Google Authenticator will now sync your 2FA codes to use on different devices
Ransomware groups go after a new target: Russian organizations
FTC Looking at Rules to Corral Tech Firms' Data Collection
Experts warn attackers started exploiting Citrix ShareFile RCE flaw CVE-2023-24489
CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability
'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks
HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks
In Other News: Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty
DOJ reverses itself, says good-faith security researchers should be left alone
Avast released a free decryptor for the Windows version of the Akira ransomware
#SOOCon23: Open Source Tools can Automate SBOM Requirements
New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network
US Accuses Venezuelan Doctor of Creating and Selling Ransomware
The strange link between Industrial Spy and the Cuba ransomware operation
CWP bugs allow code execution as root on Linux servers, patch now
Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying
Hackers Exploit Bug in SMS Verification Services to Infect Android Devices
In Other News: Cybersecurity Funding Rebounds, Cloud Threats, BeyondTrust Vulnerability
Twitter confirms zero-day used to expose data of 5.4 million accounts
Unveiling the Unseen: Identifying Data Exfiltration with Machine Learning
T-Mobile confirms Lapsus$ hackers breached internal systems
CISA, HHS Release Cybersecurity Healthcare Toolkit
North Korean hackers exploit Itaewon tragedy to infiltrate South Korean targets
Ukraine cyber officials warn of a ‘surge’ in Smokeloader attacks on financial, government entities
Microsoft Teams' GIFShell Attack: What Is It and How You Can Protect Yourself from It
Earth Preta Updated Stealthy Strategies
Security Incident Impacts CardioComm’s Operations
Ads, NFTs and other badness: Pour one out for the decline of dumb TVs
Five ways your data may be at risk — and what to do about it
One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems
APT Groups Using HrServ Web Shell to Hack Windows Systems
Non-bank financial institutions must report data security breaches: FTC
Ransomware attack knocks Rackspace’s Exchange servers offline
DDoS attacks that come combined with extortion demands are on the rise | ZDNet
Barracuda ESG zero-day attacks linked to suspected Chinese hackers
Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors
Apple just released iOS 16.5.1 with security fixes
Experts spotted a new variant of UpdateAgent macOS malware dropper written in Swift
Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability
CISA Releases Decision Tree Model to Help Companies Prioritize Vulnerability Patching
FTC Accuses CafePress of Data Breach
One Year Later: Log4Shell Remediation Slow, Painful Slog
FBI Dismantled Notorious IPStorm Botnet Infrastructure
New Ransomware Spotted: White Rabbit and Its Evasion Tactics
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps
MalasLocker Ransomware Attacks Users of Zimbra Servers
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks
More than 2,000 cybersecurity patent applications filed since 2010: report
North Korean Group TA444 Shows 'Startup' Culture, Tries Numerous Infection Methods
Powerful Ethnic Militia in Myanmar Repatriates 1,200 Chinese Suspected of Involvement in Cybercrime
Researchers Develop RCE Exploit for the Latest F5 BIG-IP Vulnerability
Microsoft releases OOB updates for January Windows update issues
USPTO’s API Flaw Leads to Years-Long Data Leak
Suspect in $70 million ransomware attack extradited to the US | CyberNews
Lockbit Ransomware Aims To Target macOS Systems – But May Not Be As Successful
Auth0 warns that some source code repos may have been stolen
SolarWinds: Here's how we're building everything around this new cybersecurity strategy | ZDNet
Microsoft Defender For Cloud Now Supports Google Cloud
Experts discovered a previously undocumented initial access vector used by P2PInfect worm
Russia-linked APT29 targets diplomatic and government organizations
North Korean Hackers Target macOS Crypto Engineers With Kandykorn
D-Link Hacked: Hackers Steal Source Code and Customer Personal Information
Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast
Russian state-owned Sberbank hit by 1 million RPS DDoS attack
Is this ThinkPad-inspired phone the best for business users? It sure looks like it
CISA adds VMware’s Cloud Foundation bug to Known Exploited Vulnerabilities Catalog
Exploit released for 9.8-severity PaperCut flaw already under attack
New Abcbot botnet goes after Chinese cloud providers
Legal Industry Faces Double Jeopardy as a Favorite Cybercrime Target
Samsung Galaxy S22 hacked again on second day of Pwn2Own
CISA: New Whirlpool backdoor used in Barracuda ESG hacks
Google 0-day browser bug under attack, patch available
Iran-linked spy APT MuddyWater ratchets up anti-Israel attacks: Report
Hackers Infect Windows Users with Weaponized MSIX App Packages
New Cyberespionage Group 'Worok' Targeting Entities in Asia
Hackers warn University of Manchester students’ of imminent data leak
Cybersecurity - the More Things Change, the More They Are The Same
New HiatusRAT malware attacks target US Defense Department
Kubernetes taps Sigstore to thwart open-source software supply chain attacks | ZDNet
MPs Dangerously Uninformed About Facial Recognition – Report
SGX, Intel’s supposedly impregnable data fortress, has been breached yet again
WhatsApp Hit with €5.5m fine for GDPR Violations
CISA discovered a new backdoor, named Whirlpool, used in Barracuda ESG attacks
Make API Management Less Scary for Your Organization
SEC to require companies to disclose cybersecurity incidents
11 robot toys that make great gifts in 2023
Xiaomi Phones’ TEE Vulnerability May Allow Forge Mobile Payments
Vulnerable Arm GPU drivers under active exploitation. Patches may not be available
US Congress rolls back proposal to restrict use of Chinese chips
OpenSSL issues a bugfix for the previous bugfix
Experts warn against ransomware complacency
All Dutch govt networks to use RPKI to prevent BGP hijacking
Gaps in Azure Service Fabric’s Security Call for User Vigilance
Agenda Ransomware Attacking Critical Infrastructure to Steal Sensitive Data
Convincing, Malicious Google Ads Look to Lift Password Manager Logins
‘Anomalous’ spyware stealing credentials in industrial firms
11 Best Cloud Access Security Broker Software (CASB) - 2023
Dallas County confirms cybersecurity 'incident' after ransomware gang claims attack
Riot Games Latest Video-Game Maker to Suffer Breach
Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies
CISA: Ivanti hacks targeting Norway began in April
Brand Names in Finance, Telecom, Tech Lead Successful Phishing Lures
Microsoft Visual Studio Code flaw lets extensions steal passwords
Microsoft Warns About Phishing Attacks by Russia-linked Hackers
Russian hackers using new Graphiron information stealer in Ukraine
PyPI open-source code repository deals with manic malware maelstrom
UK to Place Security Requirements on App Developers and Store Operators
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
Apple releasing iOS 16 with Lockdown, Safety Check security features
Ukraine Secret Service Arrests Hacker Helping Russian Invaders
White House Proposes $10.9 Billion Budget for Cybersecurity
The MOVEit spree is as bad as — or worse than — you think it is
Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cybercrime Enterprise
Tech trade group comes out against Indian cybersecurity law over reporting mandate
No More Ransom Has Helped Over 1.5m Victims
This "teler-waf" Tool Protects Go Apps From Web-based Attacks
Zero-day in Salesforce email services exploited in targeted phishing Facebook campaign
Majority of GAO's Cybersecurity Recommendations Not Implemented by Federal Agencies
Citrix Patches Critical Vulnerability in Gateway, ADC
Ukraine Police dismantled a transnational fraud group that made €200 million per year
Bug in Minecraft mods allows hackers to exploit players' devices
Microsoft pledges to bolster security as part of ‘Secure Future’ initiative
DarkGate Operator Uses Skype, Teams Messages to Distribute Malware
Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure
ASVEL basketball team confirms data breach after ransomware attack
Attackers Can Compromise Most Cloud Data in Just 3 Steps
CardinalOps Launches MITRE ATT&CK Security Layers for Measuring Detection Posture
Global cybercrime treaty could be ‘disastrous for human rights,’ NGOs warn
UK fines Equifax $13.6 million for 2017 data breach
Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs
Ransomware attack on indie game maker wiped all player accounts
Russians dodging mobilization behind flourishing scam market
Two flaws in Samsung Galaxy Store can allow to install Apps and execute JS code
CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog
What’s next for NCSC’s Ian Levy? ‘A Proper Job,’ he tells The Record
RapperBot Crew Drops DDoS/CryptoJacking Botnet Collab
Hackers drain bitcoin ATMs of $1.5 million by exploiting 0-day bug
WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams
UK explains likelihood of catastrophic cyberattacks — and its response plans
Cybrary Raises $25 Million to Tackle Cybersecurity Workforce Training
New Windows 11 test build adds Smart App control, better Microsoft 365 account management | ZDNet
Australia’s Casino Giant Crown Resorts disclosed data breach after Clop ransomware attack
Beanstalk DeFi platform loses $182 million in flash-loan attack
Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar
Hackers target Europe’s grid, Ukraine to use new Cisco device for protection
Mallox Ransomware Group Activity Shifts Into High Gear
New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors
New Windows PowerToy OCR tool will let you copy text from images
These ransomware victims are paying more to recover data
Study: Africa Cybersecurity Improves But Lacks Cross-Border Frameworks
Five Eyes nations warn MSPs of stepped-up cybersecurity threats
Microsoft now lets you enable the Windows App Installer again, here's how
CISA Advisory Details How Hackers Targeted Defense Industrial Base Organization
GhostSec Leaks Source Code of Alleged Iranian Surveillance Tool
New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems
New Chaos Malware Variant Ditches Wiper for Encryption
DoppelPaymer ransomware supsects arrested in Germany and Ukraine
LastPass Massive Hack Tied to Engineer Failure to Update Plex on Home Computer
Bah scumbugs, “Scrooge4lyf” is back… -
US Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean Hackers
Google announces zero-day in Chrome browser – update now!
Threat actors actively exploit Control Web Panel RCE following PoC release
Russia jails Group-IB co-founder for 14 years in treason case
Senators Introduce Quantum Encryption Preparedness Law
10 Best Network Security Companies For CISO - 2024
7 Key Findings from the 2022 SaaS Security Survey Report
Two new vulnerabilities found in popular baseboard software
North Korean State Actors Attack Critical Bug in TeamCity Server
Ivanti fixed a new critical Sentry API authentication bypass flaw
iLeakage updates Spectre for novel info-stealing side-channel attack
Researchers Uncovered C2 Infrastructure Used by Baking Malware Ursnif
Nearly-Impossible-to-Detect Linux Malware Target Financial Sectors
LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach
Ransomware Profits Decline as Victims Dig In, Refuse to Pay
A basic text-color trick can fool phishing filters
Zoho ManageEngine PoC Exploit to be Released Soon - Patch Before It's Too Late!
CISA plans to share more information on ransomware actors in its exploited vulnerability alerts
US Government: North Korean Threat Actors Are Targeting Cryptocurrency Organizations
Fortinet Quietly Patched Pre-Auth RCE Flaw In Fortigate Firmware
Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw
US Critical Infrastructure Targeted by AvosLocker Ransomware
Okta confirms support engineer's laptop was hacked in January
REvil says they breached electronics giant Midea Group | Cybernews
Hackers Hijack NortonLifeLock Customer Accounts
Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software
How Huawei made a cutting-edge chip in China and surprised the US
New CVSS Version Unveiled Amid Rising Cyber Threats
Top 6 e-signature software tools
NIST Updates Supply Chain Cybersecurity Guidance
Test your outrage over Google's new Topics advertising system
Windows CE, Microsoft’s stunted middle child, reaches end of support at 26 years
CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability
Russian Sandworm hackers pose as Ukrainian telcos to drop malware
The Week in Ransomware - August 5th 2022 - A look at cyber insurance
Cybersecurity Experts Warn Against Valentine's Day Romance Scams
Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet
Hackers Use Fake Update Page Mimicking Victim's Browser to Deliver NetSupport RAT
DangerousPassword Attacks Targeting Windows, macOS, and Linux Software Developers
FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports
U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator
Ransomware Attacks Cost UK Unis Over £2m
Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom
Data Distribution Service: Exploring Vulnerabilities and Risks Part 2
Russian Threat Actor “farnetwork” Linked With 5 Ransomware Strains
Snatch gang ‘consistently evolved’ in targeting multiple industries, feds say
U.S. Offers $15 Million Bounty for Leaders of Conti Ransomware Gang
Crook sentenced to 18 months for stealing $20M in SIM swapping attack
Critical Infrastructure Stakeholders Gather for Day 2 of SecurityWeek's 2023 ICS Cybersecurity Conference
BORN Ontario child registry data breach affects 3.4 million people
New Google Tool Helps Devs Root Out Open Source Bugs
Ukraine Shutters Major Russian Bot Farm
Morgan & Morgan Sues Tampa General Hospital Over Data Breach
North Korean APTs Stole ~$400M in Crypto in 2021
A new Linux flaw can be chained with other two bugs to gain full root privileges
[eBook] Your 90-Day MSSP Plan: How to Improve Margins and Scale-Up Service Delivery
URL and DNS Filtering: The Dynamic Web Security Duo
Iranian Hackers Target Women Involved in Human Rights and Middle East Politics
Final Call for Views on Government App Security Proposals
Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks
US sanctions orgs behind North Korea’s ‘illicit’ IT worker army
Vietnam Post exposes 1.2TB of data, including email addresses
Cryptojacking Attack Patterns Checklist for Administrators and Security Professionals: Microsoft
This tiny device is sending updated iPhones into a never-ending DoS loop
CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalog
Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud
Android TV box on Amazon came pre-installed with malware
Tipalti investigates claims of data stolen in ransomware attack
Wireshark 4.0.8 Released - What's New!
New Bumblebee malware replaces Conti's BazarLoader in cyberattacks
Singapore to build nationwide quantum-safe network
SMBs Exposed to Attacks by Critical Vulnerability in DrayTek Vigor Routers
US Gov Issues Guidance for Developers to Secure Software Supply Chain
Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage
UK cyber-argency warns of a new ‘class’ of Russian hackers
Interested in cybersecurity? Join us for Security SOS Week 2022!
Passkeys may not be for you, but they are safe and easy—here’s why
New Stealthy Linux Malware Targeting Endpoints & IoT Devices
Top 10 Best Cyber Attack Simulation Tools - 2023
Chinese Cyberspies Targeted Japanese Political Entities Ahead of Elections
Ransomware victims continue to pay up, while also bracing for AI-enhanced attacks
Binance blockchain suffers $570 million hack
Clop Ransomware Gang Likely Exploiting MOVEit Transfer Vulnerability Since 2021
New Python malware backdoors VMware ESXi servers for remote access
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer
FCC bans imports of telecom gear from China-based companies
Ransomware gangs increase efforts to enlist insiders for attacks
ICBC Ransomware Attack – China’s Largest Bank Forced To Use USBs
Cuba ransomware uses Veeam exploit against critical U.S. organizations
Exploit Code Published for Critical VMware Security Flaw
Hackers behind 3CX breach also breached US critical infrastructure
Apple Releases Security Patches For Older iPhone and iPad Models
Norwegian police recover $5.8M crypto from massive Axie Infinity hack
MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel
Statc Stealer, a new sophisticated info-stealing malware
Colonial Pipeline Hit by ‘CyberNiggers’ Hacker Group, Sensitive Data for Sale on Dark Web
NATO Condemns Alleged Iranian Cyberattack on Albania
ChatGPT Leveraged to Enhance Software Supply Chain Security
'Poisoned' Tor Browser tracks Chinese users' online history, location
Eastern European energy and defense firms targeted with MATA backdoor
WordPress Plugin Used in 1M+ Websites Patched to Close Critical Bug
Recent legal developments bode well for security researchers, but challenges remain
Bing Chat is now “Microsoft Copilot” in potentially confusing rebranding move
'Long Live Log4Shell': CVE-2021-44228 Not Dead Yet
Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
Descope launches authentication and user management SaaS
Red Cross worried about misuse of stolen data by nation states and cybercriminals after hack | ZDNet
Cybersecurity M&A Roundup for November 1-15, 2022
Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems
How safe is society’s critical infrastructure from infosec attacks?
FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022
Earth Preta Spear-Phishing Governments Worldwide
The sign-in menu is the latest frontier for Microsoft ads in Windows 11
Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps
India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First
Russian Spies, War Ministers Reliant on Cybercrime in Pariah State
Healthcare provider Ardent Health Services disclosed a ransomware attack
BEC scammers impersonate CEOs on virtual meeting platforms
Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet
Russian state hackers lure Western diplomats with BMW car ads
Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability
From the front lines of ‘the first real cyberwar’
SEC Investigating Progress Software Over MOVEit Hack
Microsoft Outlook flooded with spam due to broken email filters
Coinbase Employee Falls for SMS Scam in Cyber Attack, Limited Data Exposed
Multi-Continental Operation Leads to Arrest of Cybercrime Gang Leader
After Russia’s invasion of Ukraine, it's time to hunker down
Chinese researchers urge to adopt methods to destroy Starlink | CyberNews
Cyber Skills Gap Reaches 4 Million, Layoffs Hit Security Teams
Defenders detected a 28-fold surge in Emotet email spam | CyberNews
Windows 10 KB5026435 update released with 2 new features, 18 fixes
DarkHotel hacking campaign targets luxury Macao resorts
How Hackers Phish for Your Users' Credentials and Sell Them
Microsoft shares workaround for Outlook freezes, slow starts
Microsoft code-sign check bypassed to drop Zloader malware
OpenAI Released ChatGPT Enterprise With SOC 2 Compliant & Data Encryption
FBI: Hackers used malicious PHP code to grab credit card data | ZDNet
10 Best ZTNA Solutions (Zero Trust Network Access) in 2023
Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer
Spyware Company QuaDreams Set to Close
Top Russian meat producer hit with Windows BitLocker encryption attack
Customs and Border Protection acquired ‘huge amount of surveillance power’
FBI: Use a Burner Phone at the Olympics
SOVA Android Banking Trojan Returns With New Capabilities and Targets
New WikiLoader Malware Goes to Extreme Lengths to Hide
Norwegian government IT systems hacked using zero-day flaw
QCT Servers Affected by 'Pantsdown' BMC Vulnerability
Exploits released for two Samsung Galaxy App Store vulnerabilities
Credit card info of 1.8 million people stolen from sports gear sites
North Korean hackers named behind the $620 million Ronin hack | CyberNews
Ukrainian activists hack Trigona ransomware gang, wipe servers
Kaspersky releases a free decryptor for Yanluowang ransomware
NPM packages found containing the TurkoRat infostealer
Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment
Mystery solved in destructive attack that knocked out >10k Viasat modems
Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign
Quarter of Crypto Tokens in 2022 Linked to Pump-and-Dump
STOP Ransomware vaccine released to block encryption
Okta support system breach highlights need for strong MFA policies
VPN sales rocket as Russia clamps down on web access at home | Cybernews
Critical Atlassian Bug Exploited in Ransomware Attacks
Social Blade Confirms Breach After Hacker Offers to Sell User Data
PJCIS concerned TSSR's 'do your best' requirements are not enough anymore | ZDNet
CitrixBleed worries mount as nation state, criminal groups launch exploits
Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices
Australian ports operator recovering after major cyber incident
Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware
Cyber authorities have a plan to defend remote monitoring tools
Cyber Espionage Group Earth Kitsune Deploys WhiskerSpy Backdoor in Latest Attacks
Almost two million affected by data company Zeroed-In Technologies breach
Apple patches new zero-day exploited to hack iPhones, iPads, Macs
Hackers Infect Linux Machines with Rootkits via Apache ActiveMQ Vulnerability
New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
Microsoft Confirms Exploitation of Two Exchange Server Zero-Days
VHD Ransomware Linked to North Korea’s Lazarus Group
Avast confirms it tagged Google app as malware on Android phones
New PowerDrop Malware Targeting U.S. Aerospace Industry
Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519
Hackers Abusing Cloudflare Tunnels for Covert Communications
QNAP warns of new crypto-miner targeting its NAS devices
Unknown APT group is targeting Russian government entities
5.4 million Twitter users' stolen data leaked online — more shared privately
NSA, Cyber Command nominee Haugh offers latest warning on AI as election threat
FBI: Ransomware attacks are piling up the pressure on public services | ZDNet
Gamblers’ data compromised after casino giant fails to set password
Reptile Rootkit employed in attacks against Linux systems in South Korea
Two arrested for attacking nuclear warning system | Cybernews
CISA, Claroty highlight severe vulnerabilities in popular power distribution unit product
E-commerce Fraud Surges By Over 50% Annually
Chrome 108 Patches High-Severity Memory Safety Bugs
VirusTotal AI code analysis expands Windows, Linux script support
Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites
Log4j flaw: Thousands of applications are still vulnerable, warn security researchers | ZDNet
Huawei, Vivo phones tag Google app as TrojanSMS-PA malware
Ransomware Trained on Manufacturing Firms Led Cyberattacks in Industrial Sector
WormGPT, the generative AI tool to launch sophisticated BEC attacks
Web Filtering & Compliances for Wi-Fi Providers
Startup Security Tactics: Friction Surveys
Australia charges dev of Imminent Monitor RAT used by domestic abusers
Hackers exploit WordPress plugin flaw that gives full control of millions of sites
Louisiana authorities investigating ransomware attack on city of Alexandria
More than $100 million stolen from Poloniex crypto platform
FBI, CISA, and NSA warn of hackers increasingly targeting MSPs
Cybersecurity M&A Roundup for August 1-15, 2022
Google rolled out emergency fixes to address actively exploited Chrome zero-day
Federal government refreshes digital transformation strategy and expands cyber hub trial | ZDNet
10 Best SIEM Tools for SOC Operations - 2023
MGM Resorts disruption linked to recent attacks against hospitality industry
U.S. seized 18 web domains used for recruiting money mules
Microsoft Strengthens Cloud Logging Against Nation-State Threats
Malicious Macro-Enabled Docs Delivered via Container Files to Bypass Microsoft Protections
End-to-end grocery shopping comes to WhatsApp | Cybernews
Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions
Hackers use WormGPT to Launch Sophisticated cyberattacks
Hackers Use CAPTCHA Bypass Techniques to Create Five GitHub Accounts Every Minute
Cisco Patches High-Severity Vulnerabilities in Networking Software
Philadelphia Inquirer operations disrupted after cyberattack
29 Weaponized Python PyPI Packages Aimed to Infect Developers With Malware
What is Malware Attack? Types, Methods, Distribution, Protection - Guide
Majority of Security Managers Lack Threat Intelligence Skills
#CCSE22: The Latest Cybersecurity Workforce Trends
Google Suing Cybercriminals Who Delivered Malware via Fake Bard Downloads
Shadowserver Starts Conducting Daily Scans to Help Secure ICS
New Kraken botnet is allowing operators to earn USD 3,000 every month
Outdated IoT healthcare devices pose major security threats
Microsoft adds HSTS support to Exchange Server 2016 and 2019
Chinese gov’t hackers exploiting new Atlassian vulnerability, Microsoft says
Meta Fights Sprawling Chinese 'Spamouflage' Operation
US surprises Nvidia by speeding up new AI chip export ban
Skeletons in the Closet: Security 101 Takes a Backseat to 0-days
Acer confirms breach after 160GB of data for sale on hacking forum
Attackers Dangle AI-Based Facebook Ad Lures to Hijack Business Accounts
Reasonable Valuations Drove Mergers and Acquisition Activity in Q3, 2023
APIC/EPIC! Intel chips leak secrets even the kernel shouldn’t see…
Security has an underlying defect: passwords and authentication
Twitter Restricts SMS-based 2FA To Twitter Blue Users – Other 2FA Will Work
BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection
Bug Hunter GPT - AI Assistant that Replies for Hacking Questions
Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own
Cisco fixes AnyConnect bug giving Windows SYSTEM privileges
Pentagon moves closer to picking leader for top cyber job
Apple warns Armenians of state-sponsored hacking attempts
Several Malware Families Using Pay-Per-Install Service to Expand Their Targets
Examining the Black Basta Ransomware’s Infection Routine
How Continuous Pen Testing Protects Web Apps from Emerging Threats
GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains
Ransomware profits drop 40% in 2022 as victims refuse to pay
2022 Top Five Immediate Threats in Geopolitical Context
Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates
5 Years That Altered the Ransomware Landscape
US candidate defeats Russian rival to head UN tech agency
Chrome Security Update: 15 Critical Vulnerabilities Fixed, Over $60,000 Rewarded
Google gives 50% bonus to Android 13 Beta bug bounty hunters
Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe
Multiple AudioCodes Desk Phone and Zoom Zero Touch Flaws Enable Remote Attacks
Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition
ServiceNow embeds AI-powered customer-assist features throughout products
FCC proposes $45 million fine for health insurance robocaller
Samsung Confirms Data Breach After Hackers Leak Galaxy Source Code
How to password-protect a file in Apple Pages (and when you might want to)
Singapore must clamp down on security inertia before digital banking era can take off | ZDNet
Flaws in MegaRAC baseband management firmware impact many server brands
Japan’s cybersecurity agency breached by suspected Chinese hackers: report
Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022
New TOITOIN Banking Trojan Targeting Latin American Businesses
Multiple colleges, K-12 schools facing outages after cyberattacks
Hacker says hijacking libraries, stealing AWS keys was ethical research
D.C. Board of Elections: Hackers may have breached entire voter roll
Patch Now: 2 Apple Zero-Days Exploited in Wild
How Do You Defend Against Software Supply Chain Attacks? - Cyber Security News
Palo Alto Networks adds new CI/CD security module to Prisma Cloud
TikTok Fined Over $5m for Cookie Violations
MTTR “not a viable metric” for complex software system reliability and security
Microsoft found TikTok Android flaw that let hackers hijack accounts
Ghost Sites - Hackers May Steal Corporate Data From Deactivated Salesforce Communities
Nearly 300 Vulnerabilities Patched in Huawei's HarmonyOS in 2022
#CyberMonth: ENISA Celebrates 10 Years of European Cybersecurity Month with New, Proactive Slogan
Microsoft Sysmon now detects when executables files are created
Adware on Google Play and Apple Store installed 13 million times
CISA warns of a critical flaw affecting Illumina medical devices
Malicious file analysis – Example 01
The latest high-severity Citrix vulnerability under attack isn’t easy to fix
'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections
WA government allocates AU$25.5m to expand cybersecurity services
DHS grants $375 million to state and local government cyber-resilience efforts
Magento stores targeted in massive surge of TrojanOrders attacks
Palo Alto to Acquire Israeli Software Supply Chain Startup
Apple fixes eighth zero-day used to hack iPhones and Macs this year
UK government announces crackdown on cryptocurrency adverts | ZDNet
Dirty Pipe Linux flaw impacts most QNAP NAS devices
New Android malware 'RatMilad' can steal your data, record audio
Hands on with Windows 11's 'never combine' taskbar feature
Hackers Abuse Mitel Devices to Amplify DDoS Attacks by 4 Billion Times
Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access
Hackers Can Bypass Fingerprint Locks On Phones With BrutePrint Attack
House Democrats propose major funding increase for CISA
Long Beach is latest California city facing cybersecurity incident
Nonprofits Form Cyber Coalition
Organizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of Exploited Flaws
Top 10 Best IoT Security Tools - 2023
Cyberattack Knocks Thousands Offline in Europe
New AD CTS Attack Vector Enables Lateral Movement Between Microsoft tenant
Marina Bay Sands Singapore luxury resort breached
Meta's paid ad-free service targeted in Austrian privacy complaint
Organizations tempt risk as they deploy code more frequently
Clop ransomware claims to be behind GoAnywhere zero-day attacks
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
MacStealer - New macOS-Based Malware Steals Passwords, Cookies & Credit Cards From Browser
LockBit ransomware gang now also claims City of Oakland breach
Hack the Pentagon 3.0 Bug Bounty Program to Focus on Facility Control Systems
Malicious PyPI Module Poses as SentinelOne SDK
US govt: Iranian hackers breached federal agency using Log4Shell exploit
SEC Charges SolarWinds and CISO With Misleading Investors
US dismantled the Russia-linked Cyclops Blink botnet
Lessons Learned on Ransomware Prevention from the Rackspace Attack
C10p's MOVEit Campaign Represents a New Era in Cyberattacks
NFT Investors Lose $1.7M in OpenSea Phishing Attack
Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners
Kansas courts confirm data theft, ransom demand after cyberattack
Google Uncovers Initial Access Broker Behind Conti Ransomware
Redwire developing first commercial space greenhouse | Cybernews
US govt grants academics $12M to develop cyberattack defense tools
Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'
Ukrainian software developers share their stories and photos from the war zone | ZDNet
Microsoft announces Windows 11 ‘Moment 3’ update, here are the new features
Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks
Five Eyes agencies warn of attacks on MSPs
BGP Flaw Can Be Exploited for Prolonged Internet Outages
Microsoft: Business email compromise attacks can take just hours
High-Value Targets: String of Aussie Telco Breaches Continues
Citrix and NSA urge admins to fix actively exploited zero-day in Citrix ADC and Gateway
Conti Ransomware Operation Shut Down After Splitting into Smaller Groups
Ducktail Spear-Phishing Campaign Uses LinkedIn to Hijack Facebook Business Accounts
NVIDIA releases GPU driver update to fix 29 security flaws
British Airways, BBC and Boots were impacted the by Zellis data breach
URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”
US: Iranian Hackers Breached Government with Log4Shell
DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data
Pwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hacked
Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet
New Zealand university operating despite cyberattack
New ShellBot DDoS Malware Targeting Poorly Managed Linux Servers
New Exploit Bypasses Existing Spectre-v2 Mitigations in Intel, AMD, Arm CPUs
Best Cyber Monday VPN deals 2022: Save on Surfshark, Atlas, and more
Massive cybercrime URL shortening service uncovered via DNS data
Magniber Ransomware Now Targets Windows 11 Machines
DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities
Japanese Space Agency JAXA hacked in summer cyberattack
US passes the Quantum Computing Cybersecurity Preparedness Act – and why not?
Discord Adopts Temporary CDN Links To Prevent Malware
Meta Takes Action Against Multiple Foreign Influence Campaigns
EU urged to prepare for quantum cyberattacks with coordinated action plan
No More Ransom helps millions of ransomware victims in 6 years
STARK#MULE Targets Koreans with U.S. Military-themed Document Lures
Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products
Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks
Ukraine: Sandworm hackers hit news agency with 5 data wipers
Barracuda Email Security Gateway (ESG) hacked via zero-day bug
QNAP warns of new DeadBolt ransomware encrypting NAS devices
Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack
Attackers impersonate CircleCI platform to compromise GitHub accounts
Google disrupts the CryptBot info-stealing malware operation
Australian Taxation Office issues capital gains warning for crypto and NFT sellers | ZDNet
6 Steps to Accelerate Cybersecurity Incident Response
Phishers Using Ukraine Invasion to Solicit Cryptocurrency
MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses
Microsoft warns of Remote Desktop freezes on Windows 11 22H2
Over 4,000 Sophos Firewall devices vulnerable to RCE attacks
AdSense fraud campaign relies on 10,890 sites that were infected since September 2022
US DoJ Announces Plan to Shakeup Cybercrime Investigations
Silobreaker Unveils Geopolitical Threat Intelligence Capabilities With RANE at Infosecurity Europe 2023
Researchers analyzed the PREDATOR spyware and its loader Alien
Koverse Launches Zero Trust Data Platform
GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
Wallarm touts API leak protection with new scanning feature
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol
USB drive malware attacks spiking again in first half of 2023
Instagram scammers as busy as ever: passwords and 2FA codes at risk
Washington State Department of Transportation working to recover from cyberattack
GTA Online bug exploited to ban, corrupt players’ accounts
17 Android Apps on Google Play Store, dubbed DawDropper, were serving banking malware
These cybercriminals plant criminal evidence on human rights defender, lawyer devices | ZDNet
Russia's cyber personnel has 'underperformed' in Ukraine: U.S. Defense official
Fifth of Government Workers Don't Care if Employer is Hacked
Apple spits at Facebook, Google and, oh, the whole internet really | ZDNet
Ransomware attacks doubled year on year. Are organizations equipped to handle the evolution of Ransomware in 2023?
Ukraine Asks for Hackers’ Help
British Afrobeat singer pleads guilty to stealing $6 million in hacks on financial accounts
Cyberespionage APT Now Identified as Three Separate Actors
New Wi-Fi MITM Attack That Can Evade WPA3 Security Mechanisms
PayPal Used to Send Malicious “Double Spear” Invoices
Black Hat and DEF CON Roundup
How one group of 'fellas' is winning the meme war in support of Ukraine
Of Cybercriminals and IP Addresses
Daixin Team targets health organizations with ransomware, US agencies warn
Three new MOVEit bugs spur CISA warning as more victims report breaches
US disrupts Russia-linked Snake implant’s network
FBI: Cuba ransomware breached 49 US critical infrastructure orgs
Ordr Raises $40 Million to Secure Connected Devices
Stolen ChatGPT premium accounts up for sale on the dark web
Pro-Russian group Killnet claims responsibility for DDoS attack that has taken down the European Parliament site
US online pharmacy Ravkoo links data breach to AWS portal incident
FBI director expects onslaught of digital assaults targeting midterm elections
Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update
Global advertising giant Omnicom suffers 'suspicious' IT incident
Mysterious 'Worok' Group Launches Spy Effort With Obfuscated Code, Private Tools
CISA adds TP-Link, Apache, and Oracle bugs to its Known Exploited Vulnerabilities catalog
Scammers Mimic ChatGPT to Steal Business Credentials
Lazarus Group Hacked Software Vendor to Steal Source Code, Attack Supply Chain
Security Vulnerability In Dahua IP Cameras Could Allow Device Takeover
Almost 100,000 new mobile banking Trojan strains detected in 2021 | ZDNet
Employees cause more cyber breaches in healthcare than other industries: report
Black Basta Ransomware Group Makes $100m Since 2022
DOJ arrests man behind brazen $100 million attack on Mango Markets
Pilfered Keys Free App Infected by Malware Steals Keychain Data
Mitsubishi Electric faked safety and quality control tests for decades
InHand Industrial Router Vulnerabilities Expose Internal OT Networks to Attacks
FAA clears Musk's SpaceX for Starship rocket lift off
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers
Strike Security Scores Funding for 'Perpetual Pentesting' for SMBs
MOVEit mass exploit timeline: How the file-transfer service attacks entangled victims
North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware
New XLoader Botnet version uses new techniques to obscure its C2 servers
Canadian man accused of extorting $28 million in ransomware scheme extradited to U.S.
'Asylum Ambuscade' Cyberattackers Blend Financial Heists & Cyber Espionage
Intel suspends all operations in Russia “effective immediately”
Ukrainian Man Arrested for Alleged Role in Ransomware Attack on Kaseya, Others
HinataBot, a new Go-Based DDoS botnet in the threat landscape
APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries
Debit card fraud leaves Ally Bank customers, small stores reeling
Uber ‘Cough Girl’ Accused of Identity Theft
Researchers Uncover Covert Attack Campaign Targeting Military Contractors
Understanding Active Directory Attack Paths to Improve Security
RedEyes APT Group Attacking Individuals to Exfiltrate Sensitive Data
Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider
Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution
KeePass fixed the bug that allows the extraction of the cleartext master password
Phishing, Smishing Surge Targets USPS
Google tackles open source security with vulnerability rewards program
The International Criminal Court will now prosecute cyberwar crimes
MFA Bypass Vulnerability Found In Box CMS And File Sharing Software
Ransomware Actors Extort University Via Alert System
Massive Twitter data leak investigated by EU privacy watchdog
Senate proposes surveillance bill without FBI warrant requirement
New Chrome Feature Alerts Users About Malicious Extensions
U.S. Government Recovers $2.4 Million From A Business Emails Hack
Window Snyder's Start-up Launches Security Platform for IoT Device Makers
Pwn2Own Toronto 2022 Day 2: Participants earned $281K
Microsoft brings back January 2022 Windows Server updates
IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
Key Proposals in Biden's Cybersecurity Strategy Face Congressional Challenges
Progress warns of maximum severity WS_FTP Server vulnerability
Adobe warns of critical ColdFusion RCE bug exploited in attacks
Top 7 Ecommerce Cybersecurity Threats in 2023
Twitter, amid security and compliance officer exodus, could run afoul of FTC rules
APAC consumers share more data, but will ditch firms over security breach | ZDNet
Sam Bankman-Fried convicted of multi-billion dollar FTX fraud
Emotet Banking Trojan Resurfaces, Skating Past Email Security
Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers
Aussie Government Exposed Personal Info Via Security Report
MGM still responding to wide-ranging cyberattack as rumors run rampant
CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software
LLM meets Malware: Starting the Era of Autonomous Threat
3 security gadgets I never leave home without
APT-Like Phishing Threat Mirrors Landing Pages
D-Link Confirms Breach, Rebuts Hacker's Claims About Scope
CISA orders federal agencies to patch Looney Tunables Linux bug
Gamaredon hackers target Ukrainian military orgs amid counteroffensive efforts
Children in UK abusing AI to create explicit images of classmates
GoTrim botnet actively brute forces WordPress and OpenCart sites
Fortinet Critical Flaw: Let a Remote Attacker Execute Arbitrary Code
AI wins state fair art contest, annoys humans
Zero Day Threat Protection for Your Network
Ransomware Deals Deathblow to 157-year-old College
Hatch Bank data breach caused by the exploitation of the GoAnywhere MFT zero-day
8Base ransomware operators use a variant of Phobos ransomware
Highly Sophisticated Dolphin Malware Steals Sensitive Files and Store Them on Google Drive
Water sector in the US and Israel still unprepared to defeat cyber attacks
Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak
UK Government Urges Action to Enhance Supply Chain Security
Top Information Security Threats for Businesses 2023
miniOrange’s WordPress Social Login and Register plugin was affected by a critical auth bypass bug
Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug
Ransomware Diaries: Undercover with the Leader of Lockbit
S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
CISA added 2 more security flaws to its Known Exploited Vulnerabilities Catalog
Mystery hackers are “hyperjacking” targets for insidious spying
Wireshark 4.2.0 Released - What’s New!
The VC View: The DevSecOps Evolution and Getting "Shift Left" Right
Fake in-browser Windows updates push Aurora info-stealer malware
iPhones Hacked via Zero-click Exploit to Drop QuaDream Spyware
‘Elephant Beetle’ spends months in victim networks to divert transactions
Chinese hackers create Linux version of the SideWalk Windows malware
How Quantum Computing Will Impact Cybersecurity
Node JS Authentication: Role Based vs Attribute-Based Access Control
Apple Opens Application for Security Research Device Program
Hackers Exploit Pre-Authentication RCE Vulnerabilities in Adobe ColdFusion
Microsoft Teams Targeted in Midnight Blizzard Phishing Attacks
New Vulnerabilities Found in Adobe ColdFusion
White House: Arrested Russian hacker was behind Colonial Pipeline attack
Generative AI is scaring CISOs – but adoption isn’t slowing down
Global 2000 companies failing to adopt key domain security measures
Adafruit suffers GitHub data breach – don’t let this happen to you
Hackers Steal Over $600M in Major Crypto Heist
drIBAN Fraud Operations Target Corporate Banking Customers
Secure Boot Bypass Flaws Affect Bootloaders of Many Devices Made in Past Decade
How vx-underground is building a hacker's dream library
Operation ChattyGoblin: Hackers Targeting Gambling Firms via Chat Apps
New Research Exposes Airbnb as Breeding Ground For Cybercrime
How to protect your privacy in Windows 11
WordFly breach affects arts institutions | Cybernews
National Cyber Director eyes retirement: report
Over 19,000 End-of-life Cisco VPN Routers Open for RCE Attacks
Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room
Russian hackers switch to LOTL technique to cause power outage
CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild
State-sponsored Iranian hackers attack Turkish government, private organizations | ZDNet
How the war in Ukraine has strengthened the Kremlin's ties with cybercriminals
Okta revealed that its private GitHub repositories were hacked this month
Researchers spot an increase in Jupyter infostealer infections
Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge
4 ways to secure your remote work setup
US Cyber Safety Board to Review Cloud Attacks
US Announces Charges, Arrests Over Multi-Million-Dollar Cybercrime Schemes
Russian hacktivists now targeting Israeli global satellite and Industrial Control Systems
Cyber agencies renew warnings of Russia-linked threats against industrial targets
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware
NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets
New Condi DDoS botnet targets TP-Link Wi-Fi routers
Call for Submissions to UK's New Computer Misuse Act
Exchange Online to block emails from vulnerable on-prem servers
‘We are unstoppable': How a team of Polish programmers built a digital tool to evade Russian censorship
Extending ZTNA to Protect Against Insider Threats
Windows: Still insecure after all these years
Time to update: Google Chrome browser patches high-severity security flaw
'Dirty Pipe' Linux Flaw Affects a Wide Range of QNAP NAS Devices
New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace
New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks
First American Title Insurance Settles $1M Breach Case with NY Authorities
Just what does Windows 11 bring to the table?
Iranian APT Targets US With Drokbk Spyware via GitHub
Fortinet Discloses Critical Authentication Bypass Vulnerability Under Exploit
Numerous orgs hacked after installing weaponized open source apps
OpenAI, Microsoft, Google and Anthropic Form Body to Regulate AI
Hackers can hack organizations using data found on their discarded enterprise network equipment
LockBit Ransomware Now Targeting Apple macOS Devices
Microsoft launched its new Microsoft Defender Bounty Program
S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]
New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities
Over 90 WordPress themes, plugins backdoored in supply chain attack
Google exposes tactics of a Conti ransomware access broker
Experts warn of a surge in NetSupport RAT attacks
Microsoft rebrands Azure Active Directory to Microsoft Entra ID
Gay hookup site typosquatted by 50 domains to push dodgy Chrome extensions
Multiple Vulnerabilities Found In ownCloud File Sharing App
AI-generated video of Will Smith eating spaghetti astounds with terrible beauty
Royal Ransomware Targets US Healthcare
Google’s OSS-Fuzz Tool Now Detects Log4Shell Log4j Bug Via Jazzer
SheetJS ditches npm registry over 2FA requirement and 'legal matters'
Ransomedvc to Shutdown Operations, Selling Out Infrastructure
Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution
Elon Musk's Twitter followers targeted in fake crypto giveaway scam
LoRaWAN's Protocol Stacks: The Forgotten Targets at Risk
Microsoft fixes Acropalypse privacy bug in Windows 11 Snipping Tool
Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms
Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack
Adware cleaner apps promoted on Facebook sneaked into the Play Store
The best personal safety alarms of 2023
On security researcher's newsletter, exposing cybercriminals behind ransomware
10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack
Google Pixel bug preventing users from making 911 calls caused by Microsoft Teams | ZDNet
Microsoft: Windows preview updates to target last week of the month
New Lenovo BIOS updates fix security bugs in hundreds of models
Misconfiguration and vulnerabilities biggest risks in cloud security: Report
New 'MMRat' Android Trojan Targeting Users in Southeast Asia
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Baidu shares fall after Ernie AI chatbot demo disappoints
Security Turbulence in the Cloud: Survey Says…
EvilExtractor malware activity spikes in Europe and the U.S.
Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands
India removes ban on VLC media player after cybersecurity concerns addressed
UK Shoppers Lost Nearly £11m to Fraud Last Festive Season
Updated RapperBot malware targets game servers in DDoS attacks
Ransomware Attack Forces Canadian Mining Company to Shut Down Mill
Cyberattacks pivot from large health systems to smaller hospitals, specialty clinics
Purchase Scams Surge as Fraud Losses Hit £580m
Canada to ban Huawei and ZTE and tell telcos to rip out 5G and 4G equipment | ZDNet
Security Affairs newsletter Round 381
Hackers Using Red Teaming Tools to Connect with C&C Servers
GitHub to mandate 2FA for all code contributors by 2023
Exfiltrator-22 Post-Exploitation Toolkit Nips At Cobalt Strike's Heels
API Security Flaw Impacted Grammarly, Vidio and Bukalapak
Cyber Front Z, a Russian troll operation ousted from Facebook, was clumsy, ineffective, according to Meta
US Confirms Iranian Attacks on Water Companies
GoDaddy admits: Crooks hit us with malware, poisoned customer websites
US Scrambles to Investigate Military Intel Leak
US, UK Sanction More Members of Trickbot Russian Cybercrime Group
Record-Breaking Year for DDoS Attacks Targeting Russia
Comm100 Chat Service Hacked In A Supply-Chain Attack
CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’
Upgraded Kazuar Backdoor Offers Stealthy Power
Okta Says US Customers Targeted in Sophisticated Attacks
NSO spyware found targeting journalists and NGOs in El Salvador | ZDNet
Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan
Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk
Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users
Office 365 boosts email security against MITM, downgrade attacks
Ransomware Targets Unpatched WS_FTP Servers
US and UK expose new Russian malware targeting network devices
Hackers use fake OnlyFans pics to drop info-stealing malware
Yellow Pages Canada Hit by Cyber-Attack, Black Basta Claims Credit
WooCommerce Payments WP Plugin Flaw Goes Under Active Attack
Phishing attempts from FancyBear and Ghostwriter stepping up says Google | ZDNet
Scammers pose as Alexei Navalny to extort money | CyberNews
New Variant of Spectre Attack Bypasses Intel and Arm Hardware Mitigations
Hackers exploiting unpatched RCE bug in Zimbra Collaboration Suite
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
FBI warns of 2022 Beijing Olympics cyberattack, privacy risks
US Agencies: Karakurt extortion group demanding up to $13 million in attacks
A YouTuber is encouraging you to DDoS Russia—how risky is this?
McLaren Health Care Hacked: Attackers Claim 6 TB of Patient Data Stolen
Webinar Today: Blast Radius & Simulated Attack Paths
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
NCR suffers Aloha POS outage after BlackCat ransomware attack
RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia
Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries
WordPress plugin lets users become admins – Patch early, patch often!
Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations
How the FBI nuked Qakbot malware from infected Windows PCs
The Week in Ransomware - May 20th 2022 - Another one bites the dust
Russian APT Intensifies Cyber Espionage Activities Amid Ukrainian Coun
Ransomware attacks more than doubled last year – these cybersecurity basics can protect you | ZDNet
GitHub.com rotates its exposed private SSH key
Apple Patches Actively Exploited iOS Zero-Days
Microsoft to Block Excel Add-ins to Stop Office Exploits
New York health network restores services after crippling cyberattack
Okta: Breach Affected All Customer Support Users
Malicious NuGet Packages Caught Distributing SeroXen RAT Malware
India targets Microsoft, Amazon tech support scammers in nationwide crackdown
What is the Best Pen Testing Schedule for Your Development Cycle?
Security Affairs newsletter Round 365 by Pierluigi Paganini
PlugX malware delivered by exploiting flaws in Chinese programs
Study Reveals Inaudible Sound Attack Threatens Voice Assistants
Notorious Cyber Gang FIN7 Returns Cl0p Ransomware in New Wave of Attacks
Cybercriminals bypass Windows security with driver-vulnerability exploit
Threat actors pressure OT, critical infrastructure by leaking sensitive data
North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea
The real cost of ransomware is even bigger than we realised
Malware turns home routers into proxies for Chinese state-sponsored hackers
Colorado warns 4 million of data stolen in IBM MOVEit breach
Cyberattack on Japan’s Space Agency JAXA Confirmed!
Crypto Hack Let Hackers Stolen $160 Million From Crypto Firm Wintermute
Fortinet Addressed Critical RCE Vulnerability In FortiNAC Systems
Ciaran Martin and Leeza Garber to Headline at the Infosecurity Magazine Online Summit
‘CryptoRom’ Crypto Scam is Back via Side-Loaded Apps
Cyberinsurance Firm Resilience Raises $100 Million to Expand Its Cyber Risk Platform
Phishing Campaigns Target KFC, McDonald's in Saudi Arabia, UAE, Singapore
Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards
FBI Leads International Effort to Seize Domains for Notorious Genesis Market
Researcher Tricks ChatGPT into Building Undetectable Steganography Malware
Perimeter81 Vulnerability Disclosed After Botched Disclosure Process
Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected
Emotet Rises Again: Evades Macro Security via OneNote Attachments
Cisco: Hackers targeting zero-day found in internet-exposed routers
Apple finally adds encryption to iCloud backups
Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies
Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions
AI Boosts Malware Detection Rates by 70%
UK NCSC issues new guidance on post-quantum cryptography migration
QuickBlox Framework Security Flaws Exposes Millions of Users Sensitive Data
Prominent hackers target Russia’s satellite infrastructure | CyberNews
A New Malware "Prynt" Comes Up As A Lethal Stealer, Keylogger, Clipper
Exploit released for critical VMware SSH auth bypass vulnerability
Five Guys discloses hack of 2 employees’ emails
Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
How to Guard Your Data from Exposure in ChatGPT
Ransomware Halts Operations at Japan's Port of Nagoya
APT35 Develops Mac Bespoke Malware
North Korean APT Uses Malicious Microsoft OneDrive Links to Spread New Malware
Windows 10 KB5031356 update released with 25 improvements
Authorities Seized RagnarLocker Ransomware Dark Web Site
Microsoft: May Windows updates cause AD authentication failures
Enterprise Data Protection Company Seclore Raises $27 Million
Shutterfly says Clop ransomware attack did not impact customer data
Free Akira ransomware decryptor helps recover your files
How To Secure Web Applications Against AI-assisted Cyber Attacks
Visual Voice Mail on Android may be vulnerable to eavesdropping
FormBook Tops Check Point's Most Wanted Malware List For September
Calls Mount for US Gov Clampdown on Mercenary Spyware Merchants
Researchers Develop Exploit Code for Critical Fortinet VPN Bug
Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards
UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups
NetRise releases Trace solution with AI-powered semantic search aimed at protecting firmware
FBI warns of public 'juice jacking' charging stations that steal your data. How to stay protected
Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware
Zoom Patches Serious macOS App Vulnerabilities Disclosed at DEF CON
Long-awaited curl vulnerability flops
Hackers exploit MinIO storage system to breach corporate networks
HSE Cyber-Attack Costs Ireland $83m So Far
Securonix Secures Over $1B in Growth Investment From Vista Equity
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks
Persistent Espionage Campaign Targets APAC Governments
Is Your Online Store Hacked in a Carding Attack? Here's an Action Plan to Protect
E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse
CISA demystifies phishing-resistant MFA
Russian Security Takes Down REvil Ransomware Gang
North Korea's Kimsuky APT Keeps Growing, Despite Public Outing
CISA added SAP flaw to its Known Exploited Vulnerabilities Catalog
A deeper insight into the CloudWizard APT’s activity revealed a long-running activity
Microsoft Warns of Critical Bugs Being Exploited in the Wild
Researchers Observed Backdoor-Like Behavior In Gigabyte Systems
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Cyber venture capital funding on pace to hit four-year low
Zurich chief warned that cyber attacks will become uninsurable
CyberSec Community Rolls Out ETHOS – An Open Early Warning System
Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million
Australia's anti-trolling Bill enters Parliament retaining defamation focus | ZDNet
HiddenLayer Raises Hefty $50M Round for AI Security Tech
Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence
Thousands of secrets lurk in app images on Docker Hub
Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack
Most Enterprise SIEMs Blind to MITRE ATT&CK Tactics
Hive ransomware servers shut down at last, says FBI
CISA, FBI urge admins to patch Atlassian Confluence immediately
Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military
DHS warns local authorities, critical infrastructure providers over potential Russia threat
Our most-read cyber stories of 2021
Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants
Criminal IP Becomes VirusTotal IP and URL Scan Contributor
US cryptocurrency coder gets 5 years for North Korea sanctions busting
CISA JCDC Will Focus on Energy Sector
Microsoft releases Windows security updates for Intel CPU flaws
APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails
Iranian hackers lurked in Middle Eastern govt network for 8 months
Titan File Transfer Server Flaws Let Attackers Execute Remote Code
Microsoft 365 now auto-updates apps on locked or idle devices
Brits Lose $9.3bn to Scams in a Year
Cuba ransomware claims cyberattack on Philadelphia Inquirer
SEC sues SolarWinds and its CISO for fraudulent cybersecurity disclosures
MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?
Dev backdoors own malware to steal data from other hackers
Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices
Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware
In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit
200 Canon Printer Models May Expose Wi-Fi Connection Data
Dollar Tree hit by third-party data breach impacting 2 million people
Microsoft to let Windows 10 home users buy Extended Security Updates
Python Malware Poses DDoS Threat Via Docker API Misconfiguration
Analyzing a Facebook Profile Stealer Written in Node js
Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials
FBI Focuses on Cybersecurity With $90M Budget Request
Flashpoint releases Ignite platform with threat intelligence reports, rule-based alerts
Stolen Azure AD key offered widespread access to Microsoft cloud services
Was Steve Jobs right about this?
IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks
General Motors credential stuffing attack exposes car owners info
Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks
Apple, Civil Liberty Groups Condemn UK Online Safety Bill
Google Drive flags nearly empty files for 'copyright infringement'
macOS Info-Stealer Malware 'MetaStealer' Targeting Businesses
NCA Harvests Info on DDoS-For-Hire With Fake Booter Sites
Feds Hit DDoS-for-Hire Services with 48 Domain Seizures
US govt contractor Serco discloses data breach after MoveIT attacks
Governments intentionally shut down internet 182 times across 34 countries in 2021: report
Pixelating Text Leads to Information Leakage, Warns Firm
The CISO Carousel and its Effect on Enterprise Cybersecurity
This new ransomware has simple but very clever tricks to evade PC defenses | ZDNet
Group-IB CEO Ilya Sachkov sentenced to 14 years in a strict prison colony
Hackers push fake Pokemon NFT game to take over Windows devices
Microsoft fixes MoTW zero-day used to drop malware via ISO files
Police arrests Ragnar Locker ransomware developer in France
Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack
Over 19,000 end-of-life Cisco routers exposed to RCE attacks
OpenAI's new ChatGPT bot: 10 coolest things you can do with it
In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs
Russia or Ukraine: Hacking groups take sides
Most CISOs confront ransomware — and pay ransoms
Google Home speakers allowed hackers to snoop on conversations
Tech whiz kid Sam Altman is out of OpenAI for good: what happened?
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
Hackers are breaching scam sites to hijack crypto transactions
ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric
Hackers start exploiting critical ownCloud flaw, patch now
US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability
British Library Still Reeling After Major Cyber Incident
AI systems ‘subject to new types of vulnerabilities,’ British and US cyber agencies warn
State-Sponsored Online Spies Likely to Target Australian Submarine Program, Spy Agency Says
ICO Pursues Traffic Accident Data Thieves
'Proxyjacking' Cybercriminals Exploit Log4J in Emerging, Lucrative Cloud Attacks
Iranian Government Hackers Exploit Log4Shell in SysAid Apps for Initial Access
CISA warns of critical Apache RocketMQ bug exploited in attacks
Curl Releases Fixes For High-Severity Vulnerability
US and Japan warn of Chinese hackers backdooring Cisco routers
BackSlash’s new ASPM combines existing AppSec with context-based risk prioritization
Chilean government warns of Black Basta ransomware attacks after customs incident
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
Divided oversight panel recommends new limits for Section 702 searches
Threat Actor Abuses LinkedIn's Smart Links Feature to Harvest Credit Cards
Feds Shut Down RaidForums Hacking Marketplace
Adobe’s AI image generators get beefy updates, including vector graphics
US DoJ seizes $3.36B Bitcoin from Silk Road hacker
Cyberattacks in Ukraine Soon Could Spill Over to Other Countries
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse
Mazda’s DMCA takedown kills a hobbyist’s smart car API tool
An actively exploited Microsoft 0-day flaw still doesn’t have a patch
New Windows 11 policy lets admins control optional updates installation
Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique
In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques
New Statc Stealer Emerges As Potent Windows Malware
Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners
SpyNote Android malware spreads via fake volcano eruption alerts
Critical 'ShellTorch' Flaws Light Up Open Source AI Users, Like Google
Oklahoma Cops Say Rape Victims’ Data May Have Been Leaked
Kazakhstan refuses to extradite detained Russian cyber expert to US
‘War has no rules’: Hacktivists scorn Red Cross’ new guidelines
Now Abyss Locker also targets VMware ESXi servers
Clop, LockBit ransomware gangs behind PaperCut server attacks
Cisco Warns of Critical Vulnerability in End-of-Life Routers
Microsoft: Ransomware groups, nation-states exploiting Atlassian Confluence vulnerability
Tenable CEO calls out Microsoft delay on months-old Azure vulnerability
Windows 11 ‘ThemeBleed’ RCE bug gets proof-of-concept exploit
Hackers steal crypto assets by defeating 2FA with rogue browser extension
Atlassian & Bamboo RCE Flaw Let Attacker Execute Arbitrary Code
UK Publishes First Guidelines on Safe AI Development
Okta says its support system was breached using stolen credentials
Does Volvo Cars suffer a new data breach?
Almost 42K Cisco IOS XE devices exploited, no patch available
Healthcare in the Crosshairs of North Korean Cyber Operations
JumpCloud Cyberattack Linked to North Korean Hackers
Clearview AI wins appeal to overturn $10 million UK privacy fine
Security Firm Finds Over 130k Internet-Exposed Photovoltaic Diagnostics Systems
Mirai V3G4 botnet exploits 13 flaws to target IoT devices
Open-source software more resilient, study finds
Post-quantum cryptography – new algorithm “gone in 60 minutes”
Exploit Code Published for Critical-Severity VMware Security Defect
‘Hostile actors’ hacked UK electoral register, accessed ‘high volume’ of data
Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland
Sensitive records of over 280m Indian citizens exposed | Cybernews
Iran-linked APT Rocket Kitten exploited VMware bug in recent attacks
EPA says litigation from Republicans, water companies forced withdrawal of cybersecurity memo
Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group
GoldenJackal state hackers silently attacking govts since 2019
Facebook to Pay $725 Million to Resolve Cambridge Analytica Scandal Case
Checkmarx Finds Threat Actor 'Fully Automating' NPM Supply Chain Attacks
Cyber-criminals Exploit GPUs in Graphic Design Software
Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts
US sanctions Iran’s Ministry of Intelligence over Albania cyberattack
Thousands of Dollar Tree Staff Hit by Supplier Breach
Researchers unearth hacking group that's been active, yet undetected for years
What is ransomware? Everything you need to know and how to reduce your risk
Threat Actors Employ Remote Admin Tools to Gain Access over Corporate Networks
Russian hackers offered phony drone training to exploit WinRAR vulnerability
NSA Cybersecurity Director's Six Takeaways From the War in Ukraine
Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages
Microsoft's out-of-band patch fixes Windows AD authentication failures | ZDNet
P2P Worm Attacking 307,000 Redis Instances on Linux and Windows Systems
New powerful Prynt Stealer malware sells for just $100 per month
U.K. Police Arrest 142 in Global Crackdown on 'iSpoof' Phone Spoofing Service
Cyberattacks through Browser Extensions – the Importance of MFA
F5 warns its customers of tens of flaws in its products
Google fixed the second actively exploited Chrome zero-day of 2023
Microsoft: State hackers exploiting Confluence zero-day since September
Cybercriminals register .AI domains of trusted brands for malicious activity
Details of Over 300,000 Russian Reservists Leaked, Anonymous Claims
Hygge Bjørn forårsager Strømafbrydelser i Norge
Google Virus Total leaks list of spooky email addresses
How to encrypt a file on Linux (and when you should)
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors
A Chilling Russian Cyber Aim in Ukraine: Digital Dossiers
IBM: Cost of data breaches reaches all-time high of $4.5 million in 2023
Watch Out: Attackers Are Hiding Malware in 'Browser Updates'
'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign
Power Management Devices Flaw Let Attackers Shutdown Data Center
“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard
KeePass Exploit Allows Attackers to Recover Master Passwords from Memory
Hackers use open source Merlin post-exploitation toolkit in attacks
Microsoft Adding New Security Features to Windows 11
Google Cloud blocks largest HTTPS DDoS attack ever
New HiatusRAT campaign targets Taiwan and U.S. military procurement system
D-Link Says Hacker Exaggerated Data Breach Claims
Hackers Hide Information-Stealing Malware in PNG Files Using Steganography
UK police arrest seven individuals suspected of being hacking group members | ZDNet
GCHQ Reveals Details of State-Backed Breach
US disrupts prolific botnet controlled by Russian military, DOJ says
Supply Chain Attack Targets Customer Engagement Firm Comm100
Google Initiates the End of Passwords, Making Passkeys the Default for Users
Organizations rapidly shift tactics to secure the software supply chain
FTC files lawsuit against Kochava for harvesting and selling geolocation data
White House releases new U.S. national cybersecurity strategy
Google passkeys are a no-brainer. You’ve turned them on, right?
Port of Lisbon website still down as LockBit gang claims cyberattack
Silverfort Banks $65 Million for Identity Threat Protection Platform
Google Play Protect Bolsters Security Against Malicious Apps
Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users
Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack
Fake PoC with data-stealing malware discovered on GitHub
Earth Preta’s Cyberespionage Campaign Hits Over 200
Fake Windows 11 upgrade installers infect you with RedLine malware
BreachForums Administrator Baphomet Shuts Down Infamous Hacking Forum
Prove Identity Snags $40M Funding for ID Verification Tech
British Army general says UK now conducting ‘hunt forward’ operations
20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison
Eureka: With GPT-4 overseeing training, robots can learn much faster
Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault
Expert found critical flaws in OpenText Enterprise Content Management System
UAE-Linked APT Targets Middle East Government With New 'Deadglyph' Backdoor
MGM Resorts ESXi servers allegedly encrypted in ransomware attack
2 municipal water facilities report falling to hackers in separate breaches
Newly Discovered "By-Design" Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers
#CRESTCon: White House Shifts US Cybersecurity Strategy Towards International Cooperation
Russian ‘influence-for-hire’ firms spread propaganda in Latin America: US State Department
June's Patch Tuesday updates focus on Windows, Office
UK Parliament Opens Inquiry into Cyber-Resilience
Malicious NuGet packages abuse MSBuild to install malware
North Korea-linked ScarCruft APT uses large LNK files in infection chains
Webinar: Locking Down Financial and Accounting Data — Best Data Security Strategies
Threat Actors Mimic Popular IT Tools to Deliver Malware Stealthily
Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors
Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities
GnuTLS patches memory mismanagement bug – update now!
North Korean Hackers Amass $3bn in Cryptocurrency Heists
Zero-Day Flaw Discovered in Quarkus Java Framework
Zut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France
In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools
Zoom for Mac patches get-root bug – update now!
Zenbleed: How the quest for CPU performance could put your passwords at risk
Threat Actors Actively Exploiting Cisco IOS XE Zero-day Vulnerability
New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East
Study reveals AI prediction model that could help save firefighter lives | Cybernews
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation
Cyber Mercenary Group Void Balaur Continues Hack-For-Hire Campaigns
CISA Releases Recovery Tool for VMware Ransomware Victims
Highly invasive backdoor snuck into open source packages targets developers
Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key
Expanding Attack Blueprints 2022 Annual Cybersecurity Report
Ivanti warns of second vulnerability used in attacks on Norway gov’t
Death of Queen Elizabeth II exploited to steal Microsoft credentials
Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance
Robin Banks phishing service returns to steal banking accounts
Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers
App used by hundreds of schools leaking children's data
New Stealer-as-a-Ransomware Delivered Through Fake Updates
Man simulates time travel thanks to Stable Diffusion image synthesis
Sophos Firewall Zero-Day Exploited in Attacks on South Asian Organizations
AI Helps Uncover Russian State-Sponsored Disinformation in Hungary
COVID-bit: the wireless spyware trick with an unfortunate name
Microsoft attributes Charlie Hebdo attacks to Iranian nation-state threat group
The Week in Ransomware - May 13th 2022 - A National Emergency
DHS: Ransomware attackers headed for second most profitable year
ClearFake a New Malware Attacking Mac users via fake browser updates
FBI warns of residential proxies used in credential stuffing attacks
‘We hacked the hackers:’ DOJ, FBI take down Hive ransomware after spending months inside gang systems
New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
Crown Resorts confirms ransom demand after GoAnywhere breach
CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
Microsoft warns: This botnet has new tricks to target Linux and Windows systems | ZDNet
Clorox warns of product shortages a month after disclosing cyberattack
Confidence in File Upload Security is Alarmingly Low. Why?
DragonSpark threat actor avoids detection using Golang source code Interpretation
CISA Released a New Tool to Detect Hacking Activity in Microsoft Cloud Environments
F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide
Attackers Weaponizing QR Codes to Steal Employees Microsoft Credentials
How Ukraine's Cyber Police fights fraud, scams, and attacks on critical infrastructure
Cyber Safety Review Board to probe Lapsus$ ransomware spree
A flaw in OpenSSH forwarded ssh-agent allows remote code execution
Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog
Online Fraud Up 233%
Lenovo PC/Laptop Flaws Enable Attackers to Run Arbitrary Code
Backdoor deployment overtakes ransomware as top attacker action
iPhones and Macs get patches for two vulnerabilities
At TED AI 2023, experts debate whether we’ve created “the new electricity”
Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling
White House releases national cyber strategy, shifting security burden
Hackers now exploit critical Fortinet bug to backdoor servers
SLP Protocol Vulnerability Lets Attackers Launch Powerful 2,200x DDoS Attack
Apple sends experts to India after hacker threat warning
New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3
Ubuntu 22.04 LTS is Released with Performance and Security
97% Of UK Business Leaders Expect Quantum Computing to Disrupt Their Sectors
Ransomware gang files SEC complaint over victim’s undisclosed breach
Trustwave relaunches Advanced Continual Threat Hunting with human-led methodology
Top ways businesses can manage the risk implications of the SEC cybersecurity disclosure rule
FBI: Hackers Are Extorting Plastic Surgery Patients
New Mirai malware variant infects Linux devices to build DDoS botnet
Mobile Banking Trojans Surge, Doubling in Volume
USBs Still a Major OT Infection Vector
FBI confirms access to Breached cybercrime forum database
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed.
Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
CISA adds Samsung and D-link bugs to its Known Exploited Vulnerabilities catalog
North Korean hackers exploit Chrome zero-day weeks before patch
Clop ransomware likely testing MOVEit zero-day since 2021
A Third of UK Businesses Experience Cyber-Attacks at Least Once a Week
New Money Message ransomware demands million dollar ransoms
Google Patches Critical Vulnerabilities in Pixel Phones
Okta again promises it is taking security seriously
FBI Director Warns of Increased Iranian Attacks
Spotlight on 2023 Dan Kaminsky Fellow: Dr. Gus Andrews
Researcher warns that Cisco Secure Email Gateways can easily be circumvented
Apple fixes doorLock bug that can disable iPhones and iPads
New BlackGuard password-stealing malware sold on hacker forums
DownEx cyberespionage operation targets Central Asia
Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities
SecurityWeek's 2023 ICS Cybersecurity Conference Kicks Off in Atlanta
CSA Launches First Zero Trust Certification
WhatsApp now lets you lock chats with a password or fingerprint
ChatGPT for Software Security: How it Assists Attackers & Security Analysts
Hackers Using Leaked CIA's Hive Multi-Platform Attack Kit in the Wild
Shield and Visibility Solutions Target Phishing From Inside the Browser
Study claims ChatGPT is losing capability, but some experts aren’t convinced
Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data
Researchers want more detail on industrial control system alerts
S3 Ep146: Tell us about that breach! (If you want to.)
Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes
Proofpoint unveils new features to break cyberattack chain
3CX Supply Chain Attack Tied to Financial Trading App Breach
Third Log4J Bug Can Trigger DoS; Apache Issues Patch
Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise
US Gov Rolls Out National Cyber Workforce, Education Strategy
White House launches AI cyber competition to fix software vulnerabilities
Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations
Kiwi Farms has been breached; assume passwords and emails have been leaked
Ransomed.vc gang claims to shut down after six affiliates allegedly arrested
Over $1 Million Offered at New Pwn2Own Automotive Hacking Contest
Allen & Overy law firm breached, LockBit takes credit
Emotet is Back With New Tricks to Spread Malware
Kaspersky released a new decryptor for Conti-based ransomware
Resecurity warns about cyber-attacks on data center service providers
DP World cyberattack blocks thousands of containers in ports
FBI: Bl00dy Ransomware targets education orgs in PaperCut attacks
Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability
New Microsoft Azure AD CTS feature can be abused for lateral movement
Mirai DDoS malware variant expands targets with 13 router exploits
iLeakage Attack Exploits Safari to Steal Sensitive Data From Macs, iPhones
All You Need to Know About Emotet in 2022
Rackspace scrambles to assist customers as ransomware probe continues
T-Mobile hacker gets 10 years for $25 million phone unlock scheme
Play Ransomware's Attack Playbook Unmasks it as Another Hive Affiliate like Nokoyawa
New CISO appointments 2023
Reddit admits it was hacked and data stolen, says “Don’t panic”
Conti Chats Leaked After Ransomware Gang Expresses Support for Russia
Black Basta Ransomware Received Over $100 Million From Victims
CISA Warns Against Royal Ransomware in New Advisory
10 Best Cloud VPN Providers - 2023
Meta Expunges Multiple APT, Cybercrime Groups from Facebook, Instagram
University loses 77TB of research data due to backup error
Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach
VMware warns of critical vulnerability affecting vCenter Server product
Darknet drug markets move to custom Android apps for increased privacy
Amazon Wants Businesses to Ditch ID Cards and Install Palm Scanners
Researchers Devise Attack Using IoT and IT to Deliver Ransomware Against OT
TeaBot Android Banking Trojan continues its global conquest with new upgrades | ZDNet
PlugX Malware Hides on Removable USB Devices to Infect Windows Machine
Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’
PJ&A says cyberattack exposed data of nearly 9 million patients
DroxiDat-Cobalt Strike Duo Targets Power Generator Network
France says Russian state hackers breached numerous critical networks
Google Mandates Android Apps to Offer Easy Account Deletion In-App and Online
DeFi on the ropes as digital thefts double | Cybernews
VMware addressed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment
Rhysida Ransomware Attacking Windows Machine Through VPN Devices and RDP
Microsoft Paint in Windows 11 gets a background removal tool
Android phones are vulnerable to fingerprint brute-force attacks
Privacera connects to Dremio’s data lakehouse to aid data governance
Optus confirms 2.1 million ID numbers exposed in data breach
APT Hackers Behind SysJoker Attacking Critical Industrial Sectors
Security Affairs newsletter Round 396
BBTok Banking Trojan Impersonates 40+ Banks to Hijack Victim Accounts
Lazarus hackers linked to the $35 million Atomic Wallet heist
Russian APT Hackers Used COVID-19 Lures to Target European Diplomats
China-Linked BRONZE PRESIDENT APT targets Government officials worldwide
Samsung Source Codes Stolen
Microsoft fixes bug behind Windows LSA protection warnings, again
A surveillance tower in Mexico becomes an unsettling landmark for privacy advocates
Tesla infotainment jailbreak unlocks paid features, extracts secrets
BreachForums current Admin Baphomet shuts down BreachForums
India raids tech-support fraud compounds after tip from Amazon, Microsoft
China, Huawei, and the eavesdropping threat
AI-powered grocery bot suggests recipe for toxic gas, “poison bread sandwich”
Lapsus$ gang leaks data allegedly stolen from Samsung Electronics
Huntress Scores $40M Funding, Plans International Expansion
Russian national sentenced to time served for committing money laundering for the Ryuk ransomware operation
Notorious State-Sponsored Hacker Group Stealthy Infrastructure Uncovered
Regulator Issues Privacy Ultimatum to UK’s Top Websites
Package Analysis dynamic analyzes packages in open-source repositories
Auto parts giant AutoZone warns of MOVEit data breach
(ISC)2 Urges Countries to Strengthen Collaboration on Cybersecurity Regulation
The fight to cut off the crypto funding Russia’s invasion of Ukraine
Flipper Zero: How to install third-party firmware (and why you should)
CISA: Netwrix Auditor RCE bug exploited in Truebot malware attacks
Ivanti warns of new actively exploited MobileIron zero-day bug
US bans sales of Huawei, Hikvision, ZTE, and Dahua equipment
Utah inches closer to becoming fourth state to pass privacy law | ZDNet
Fake Browser Updates Targeting Mac Systems With Infostealer
Medtech, hospitals on alert for cyberattacks after Russia's invasion of Ukraine
Capita warns customers they should assume data was stolen
Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts
Flipper Zero can now spam Android, Windows users with Bluetooth alerts
Report: China installing industrial robots at breakneck speed
Half of CISOs Now Report to CEO as Influence Grows
NYC transit worker alleges pay violations after Kronos ransomware disruption
MaliBot: A New Android Banking Trojan Spotted in the Wild
3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack
Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups
Latest attack on PyPI users shows crooks are only getting better
An Iowa school district is using ChatGPT to decide which books to ban
Ukraine intelligence takes credit for Russia’s aviation agency hack
IBM QRadar SIEM Bug Let Remote Attacker Trigger DoS
Ivanti Avalanche Flaw Let Attackers Execute Remote Code
Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams
NFL Security Chief: Generative AI Threats a Concern as New Season Kicks Off
S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?
QNAP extends critical updates for some unsupported NAS devices
Trickbot is using MikroTik routers to ply its trade. Now we know why
US and South Korea accuse North Korea of using hospital ransoms to fund more hacking
The Rising Threat of Secrets Sprawl and the Need for Action
FBI seizes BreachForums after arresting its owner Pompompurin in March
New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability
New Rust-based SysJoker backdoor linked to Hamas hackers
CSA Provides Common Vulnerability Exploited by China State-Sponsored Hackers
TransForm says ransomware data breach affects 267,000 patients
Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania
Intel Sued Over 'Downfall' CPU Vulnerability
Google to Roll Out Privacy Sandbox Beta on Android 13 by Early 2023
Russian hacking tool floods social networks with bots, researchers say
Millions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks
Inside the Code of a New XWorm Variant
OT and IT Visibility and Efficiency Barriers
Apple fixes zero-day spyware implant bug – patch now!
The 5 best VPN trials of 2023
New MOVEit Transfer zero-day mass-exploited in data theft attacks
Chinese 'Spyder Loader' Malware Spotted Targeting Organizations in Hong Kong
Russian APTs Furiously Phish Ukraine – Google
CISA adds 15 vulnerabilities to list of flaws exploited in attacks
Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs
Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover
House Intelligence panel proposes its own rewrite of surveillance powers
US data compromises hit all-time high
ICS Security Event S4 2022 Review
Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech
CISA orders govt agencies to patch bugs exploited by Russian hackers
Funky AI-generated spiraling medieval village captivates social media
Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack
Google Drive users angry over losing months of stored data
Google’s open-source security move may be pointless. In a perfect world, it should be.
Threat actors started exploiting critical ownCloud flaw
Chinese Cyberspies Used Forged Authentication Tokens to Hack Government Emails
Hacking of Netgear Routers - PoC Disclosed for 5 Vulnerabilities
Microsoft “lobotomized” AI-powered Bing Chat, and its fans aren’t happy
Windows Hello Fingerprint Tech is Hacked
Chinese hacking operation puts Microsoft in the crosshairs over security failures
Privacy watchdog chair Sharon Bradford Franklin on the fraught surveillance renewal debate
How to Prevent Callback Phishing Attacks on Your Organization
VMware Patches Code Execution Vulnerability in vCenter Server
815 Million Indians' Aadhaar Data Exposed on the Dark Web
Chinese state-sponsored hackers have become more brazen, prompting an NSA advisory
Threat hunting with MITRE ATT&CK and Wazuh
Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor
MOVEit Hackers Turn to SysAid Servers Zero-Day Vulnerability
A search bar is among the Task Manager improvements in new Windows 11 build
Dashlane: Pricing, features, and how to get started
Africa Cyber Surge II law enforcement operation has led to the arrest of 14 suspects
Thousands of Citrix Servers Exposed to Zero-Day Bug
How to boost cybersecurity defenses using your router
New Ransomware Gang RA Group Hits U.S. and South Korean Organizations
Dead or Alive? An Emotet Story
Pentagon CIO on protecting the military from high-level cyber threats
Emotet Tops List of July's Most Widely Used Malware
CISA warns of critical flaws in ICS and SCADA software from multiple vendors
New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC
WordPress Websites Hacked via Royal Elementor Plugin Zero-Day
Wireshark creator joins Sysdig to extend it to cloud security | ZDNet
STYX Marketplace emerged in Dark Web focused on Financial Fraud
Microsoft May 2023 Patch Tuesday fixes 3 zero-days, 38 flaws
Suspected LockBit ransomware affiliate arrested, charged in US
Boeing Investigating Ransomware Attack Claims
How the US government’s cyber priorities will impact businesses
Top 5 Insider Threats to Look Out For in 2023
Monitoring the dark web to identify threats to energy sector organizations
Serious Security: The Samba logon bug caused by outdated crypto
Actions to Take to Defeat Initial Access Brokers
Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack
ÆPIC Leak: Architectural Bug in Intel CPUs Exposes Protected Data
Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis
EncroChat takedown led to 6,500 arrests and $979 million seized
New Stealc malware-as-a-service targets web browsers, crypto wallets, email clients
ServiceNow to detect open source security vulnerabilities with Snyk integration
QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw
Microsoft Launches Defender Bug Bounty Program
In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues
Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs
PyPI Implements Mandatory Two-Factor Authentication for Project Owners
Russia blocks access to Facebook, Twitter, foreign news outlets
Tesla Returns as Pwn2Own Hacker Takeover Target
US Charges Russian Hackers Over Infamous Triton, Havex Cyberattacks on Energy Sector
US CISA warns of Rockwell Automation ControlLogix flaws
The top 12 tech stories of 2022
USB-based Wormable Malware Targets Windows Installer
Google Cloud positions itself as a 'standalone security brand'
CISA expects upcoming industry rules to show ‘scope and scale’ of ransomware problem
Critical ManageEngine RCE bug now exploited to open reverse shells
Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web
Ransomware empire on streak: extortion demands up by 45% | CyberNews
QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit
QR Code Phishing Campaign Targets Top US Energy Company
An international police operation dismantled the spoofing service iSpoof
CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise
Copycat and fad hackers will be the bane of supply chain security in 2022 | ZDNet
Hackers Steal Cryptocurrencies Using DoubleFinger Malware Via Weaponized PIF Attachment
Serpent backdoor targets French entities with high-evasive attack chain
Critical Zimbra RCE Vulnerability Exploited in Attacks
EU Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations
Inside Conti leaks: The Panama Papers of ransomware
Medusa botnet returns as a Mirai-based variant with ransomware sting
Android OS Tools Fuel Cybercrime Spree, Prey on Digital Users
TSA No-Fly List Snafu Highlights Risk of Keeping Sensitive Data in Dev Environments
Albania cuts diplomatic ties with Iran after July cyberattack
Ivanti Warns of Critical New Zero-Day Bug
Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub
CISA shares vulnerabilities, misconfigs used by ransomware gangs
Security Affairs newsletter Round 447 by Pierluigi Paganini
Canada: Lawmakers Targeted by China-Linked 'Spamouflage' Disinformation
Majority of US Defense Contractors Not Meeting Basic Cybersecurity Requirements
CISA warns unpatched Zimbra users to assume breach
Microsoft Reclassifies Windows Flaw After IBM Researcher Proves Remote Code Execution
Zero-Day Bug Allows Crypto Hackers to Drain $1.6M From Bitcoin ATMs
Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain
TJ Maxx, Shutterfly, TomTom latest organizations to confirm MOVEit breaches
Maine govt notifies 1.3 million people of MOVEit data breach
Twitter Addresses November Data Leak Claims
NY reaches $1M breach settlement with First American Title Insurance
Europol: Financial Crime Makes “Billions” and Impacts “Million
Lawmakers Risk Cyberattacks, Physical Harm After DC Health Link Breach
CISO Conversations: U.S. Marine Corps, SAIC Security Leaders on Organizational Differences
.US Harbors Prolific Malicious Link Shortening Service
CISA adds Fortra MFT, TerraMaster NAS, Intel driver Flaws, to its Known Exploited Vulnerabilities Catalog
Greater Paris wastewater agency dealing with cyberattack
Access broker found exploiting Log4j vulnerability in VMware
Top 3 Malware Threatening Businesses in Q2 2023
Tech bigwigs: Hit the brakes on AI rollouts
Microsoft Announced AI Bug Bounty Program that Rewards Up to $15,000
Cybersecurity firm executive pleads guilty to hacking hospitals
Cyber pros avoid smart devices: there is a good reason
DeleFriend Weakness Puts Google Workspace Security at Risk
Russian hackers exploiting Outlook bug to hijack Exchange accounts
Recent Cyberattacks Increasingly Target Open-source Web Servers
Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!
The United States has a new cyber czar — for a little while, anyway
Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities
After Log4J, White House worries about the next big open source flaw | ZDNet
Applying AI to API Security
Microsoft plans to kill malware delivery via Excel XLL add-ins
CONTInuing the Bazar Ransomware Story
Former NSA insider Coker is White House pick for national cyber director
Chinese APT ToddyCat Targets Asian Telecoms, Governments
Emotet Botnet Started Distributing Quantum and BlackCat Ransomware
Podcast: The State of the Secret Sprawl
New cyberattack tactics rise up as ransomware payouts increase
Global Lawyers Unveil Cyber Best Practices for Execs
Metaverse Version of the Dark Web Could be Nearly Impenetrable
Ransomware attack on Ohio city impacts multiple services
Ivanti MobileIron API Access Flaw let Attackers Access Sensitive Information
Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacks
Top 10 Vulnerability Assessment and Penetration Testing (VAPT) Tools
Hacking ATMs by exploiting flaws in ScrutisWeb ATM fleet software
Hackers target 1.5M WordPress sites with cookie consent plugin exploit
Proposed bill would require vulnerability disclosure policies for all federal contractors
Oracle Patches 185 Vulnerabilities With October 2023 CPU
eNom data center migration mistakenly knocks sites offline
New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities
French rugby club Stade Français leaks source code
Cyberattacks Knock Out Sites of Ukrainian Army, Major Banks
VMware patches break-and-enter hole in logging tools: update now!
Microsoft 365 admins warned of new Google anti-spam rules
Zluri Raises $20 Million for SaaS Management Platform
UK outsourcing services provider Capita suffered a cyber incident
BlueNoroff hackers steal crypto using fake MetaMask extension
Security Affairs newsletter Round 359 by Pierluigi Paganini
New malware infects business routers for data theft, surveillance
W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack
CISA Advises FCC Covered List For Risk Management
New Buhti ransomware operation uses rebranded LockBit and Babuk payloads
China Issues Ban on US Chipmaker Products
Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers
CES 2023 Day 3: HTC and Google make announcements, plus other top stories
Malicious Google ads sneak AWS phishing sites into search results
October Windows Server updates cause Hyper-V VM boot issues
Julenisserne Overvåger Brun Bjørn
Flotte Bjørn og Russiske Hackere Mislykkedes i Angreb på Julenisse-Centralen
BearShare: Revolutionens digitale hjemsted
The hack of MSP provider CTS potentially impacted hundreds of UK law firms
Ukraine suffered more data-wiping malware than anywhere, ever
A Look Into Purple Fox’s Server Infrastructure
Software industry leaders debate real costs and benefits of CISA security push
VMware fixes bug exposing CF API admin credentials in audit logs
Ransomware gang threatens Raleigh Housing Authority months after devastating attack
This Acoustic Attack Analyzes Keystrokes To Steal Data Via Deep Learning
New Cryptojacking Operation Targeting Kubernetes Clusters for Dero Mining
New BadBazaar Android malware linked to Chinese cyberspies
Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot
Ransomware accounts for 54% of cyber threats in the health sector
In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding
Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords
Crooks use HTML smuggling to spread QBot malware via SVG files
Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign
Want a Flipper Zero without paying inflated prices? Now's your chance
Over 50 OT:ICEFALL Vulnerabilities Risk Numerous Industrial Devices
Spring4Shell flaw is now being used to spread this botnet malware | ZDNet
Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin
CISO Pay Increases Are Slowing – a Look Behind the Figures
Microsoft Disables Iran-Linked Lebanese Hacking Group Polonium
Air Europa Asks Customers to Cancel Cards After Breach
Last year was the worst on record for crypto hacks, as North Korean groups cash in
ASUS Critical Router Vulnerabilities Let Attackers Execute Arbitrary Code
Ex-Ubiquiti Employee Imprisoned For $2m Crypto Extortion Scheme
Former OpenAI staffers slam CEO Sam Altman in new tell-all letter
Inside Threat Actors: Dark Web Forums vs. Illicit Telegram Communities
UK Teen Arrested Over Rockstar Games, Uber Hacks
Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry
QNAP: Patch Critical Remote Code Injection Bug
US law to compel firms to report cyber attacks
Detecting Windows AMSI Bypass Techniques
Over 75% of Network-connected Infusion Pumps are Vulnerable
Google Wins Lawsuit Against Glupteba Botnet Operators
Magecart Web Skimmer Hides in 404 Error Pages
RCE Bugs Found in WhatsApp, Other Hugely Popular VoIP Apps: Patch Now!
Cybercrime gang pre-infects millions of Android devices with malware
Dev Sabotages Popular NPM Package to Protest Russian Invasion
10 Million Likely Impacted by Data Breach at French Unemployment Agency
Microsoft shares temp fix for Outlook crashes when sending emails
How to Apply NIST Principles to SaaS in 2023
Introducing AI-guided Remediation for IaC Security / KICS
FDA pushing for medical device cybersecurity funding, regulations
Regulator Proposes $1 Million Fine for Colonial Pipeline One Year After Cyberattack
FTC settles with genetic testing firm accused of violating customer privacy
New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email
This Week in Security News - March 25, 2022
Nigerian Police Dismantle Major Cybercrime Hub
ENISA Warns of AI Manipulation Ahead of Upcoming European Elections
Rewards Platform Flaw, Let attackers Steal User’s Personal Information
Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions
Beyond Quantum: MemComputing ASICs Could Shatter 2048-bit RSA Encryption
LastPass users furious after being locked out due to MFA resets
Microsoft Patches Three Zero-Day Bugs This Month
OpenAI releases tool to detect AI-written text
Amid Military Buildup, China Deploys Mustang Panda in the Philippines
CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
What Are Your Top Cloud Security Challenges? Threatpost Poll
Coinbase CyberAttack - Employees Targeted with Fake SMS Alert
“Grab hold and give it a wiggle” – ATM card skimming is still a thing
UK calls artificial intelligence a “chronic risk” to its national security
New Jamf CEO John Strosahl on Apple in the enterprise, Jamf's future
Thousands of Social Media Takedowns Hit People Smugglers
Casio says customers in 148 countries affected by breach
Interpres Security Emerges from Stealth to Help Companies to Optimize Security Performance
Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges
Scammers Exploit Hacked Websites For Phishing
New CVE-2023-3519 scanner detects hacked Citrix ADC, Gateway devices
Hackers Exploiting High-Severity Zimbra Flaw to Steal Email Accounts
Key Learnings from “Big Game” Ransomware Campaigns
North Korea hacked into Russian missile company: Report
Hamas likely cooperates with hackers to stay online
$30 million stolen from DeFi protocol Grim Finance, audit firm apologizes for missing vulnerability | ZDNet
Microsoft to freeze license extensions for Russian companies
Arm, Qualcomm warn GPU drivers are likely being exploited by hackers
Microsoft Patch Tuesday security updates fixed 3 actively exploited flaws
Civil rights groups launch effort to stop IRS use of 'flawed' ID.me facial recognition | ZDNet
New ShellBot bot targets poorly managed Linux SSH Servers
Hacker who exposed some of soccer's dirtiest secrets charged in Portugal
Bancor Announces a $1 Million Bug Bounty Program ahead of V3 Mainnet Launch
Retailer Database Error Leaks Over One Million Customer Records
Unraveling Real-Life Attack Paths – Key Lessons Learned
CISA Committee Tackles Remote Monitoring and Management Protections
OWASP ZAP 2.14.0 Released – What’s New!
Xiaomi's MIUI now flags Telegram as dangerous in China
Critical Linux Kernel flaw affects SMB servers with ksmbd enabled
Notorious Phishing-as-a-Service Platform Shuttered
MSI CyberAttack - Intel Boot Guard Private Keys Leaked on the Dark Web
Patch now to address critical Windows zero-day flaw
US Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa
Kwik Trip finally confirms cyberattack was behind ongoing outage
Experts warn of a surge of TrueBot activity in May 2023
HTTP/2 Rapid Reset Zero-day Flaw Exploited to Launch Massive DDoS Attack
Continued MOVEit Exploitation Drives Record Ransomware Attacks
Experts question T-Mobile’s security culture as breach cycle churns
Cybersecurity Executive Pleads Guilty to Hacking Hospitals
Police Celebrate Arrest of 59 Suspected Scammers
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
Connecticut AG demands answers from 23andMe after data breach
Royal Ransomware Made Upto $11 Million USD Using Custom-Made Encryption Malware
Heap-based Buffer Overflow Flaw in cURL Library Using SOCKS5 Proxy
New WordPress Malware as Cache Plugin Creates Rogue Admin Account
Researchers call for UK, EU to heed scientific evaluation of client-side scanning proposals
SharkBot Android Trojan Mimics Legit Apps To Appear On Google Play Store
Best Unified Network Security Solutions for Small Businesses
Flipper Zero now has its own app store for iOS, Android users
RatMilad Spyware Scurries onto Enterprise Android Phones
Discord still a hotbed of malware activity — Now APTs join the fun
The Week in Ransomware - October 20th 2023 - Fighting Back
Siemens Healthineers responds to alleged data theft by LockBit ransomware gang
IBM offers integrated security management with QRadar release
2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots
Jamf CEO weighs in on Apple deployments and enterprise security
Microsoft: BlueNoroff hackers plan new crypto-theft attacks
10 Best Free Penetration Testing Tools 2022 - Cyber Security News
City of Dallas Details Ransomware Attack Impact, Costs
GitGuardian’s honeytokens in codebase to fish out DevOps intrusion
Five Takeaways From the Russian Cyber-Attack on Viasat’s Satellites
OT/IoT and OpenTitan, an Open Source Silicon Root of Trust
Behind the FTC’s plan to hire child psychologists to help regulate social media firms
Hacker stole $566 million worth of Binance Coins from Binance Bridge
Qubit Finance platform hacked for $80 million worth of cryptocurrency
AttachMe: a critical flaw affects Oracle Cloud Infrastructure (OCI)
Cactus ransomware exploiting Qlik Sense flaws to breach networks
Prosecutors charge 6 people for allegedly waging massive DDoS attacks
Stanford researchers challenge OpenAI, others on AI transparency in new report
Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws
EvilProxy used in massive cloud account takeover scheme
North Korean Hackers Compromise Russian Missile Maker
Cisco confirms that data leaked by the Yanluowang ransomware gang were stolen from its systems
Microsoft March 2022 Patch Tuesday fixes 71 flaws, 3 zero-days
Kubernetes Security Flaw Let Attackers Escalate to Admin Privileges
Apple Patches WebKit Flaws Exploited on Older iPhones
How to install Kali Linux on Apple Silicon Macs
Microsoft Added GPT-4 and GPT-35-Turbo to businesses Azure AI Infrastructure
In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack
Signal tests usernames that keep your phone number private
Samsung Engineers Feed Sensitive Data to ChatGPT, Sparking Warnings
White House Publishes Plan to Implement US National Cybersecurity Strategy
20 Best Malware Protection Solutions in 2023
Suspected China-based hackers target Middle Eastern telecom, Asian government
How and why to use FIDO Security Keys for Apple ID
The biggest data breaches, hacks of 2021 | ZDNet
U.S. sues Google for abusing dominance over online ad market
Global Russia ban may hurt ransom gangs too | Cybernews
China-based hackers target dozens of Taiwanese organizations in espionage operation, Microsoft warns
Microsoft rolls out security red carpet for competitors' cloud customers
Qbot Overtakes Emotet in December 2022's Most Wanted Malware List
Experts detected a new variant of North Korea-linked RUSTBUCKET macOS malware
F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP
Microsoft Sees Rampant Log4j Exploit Attempts, Testing
JOKERSPY used to target a cryptocurrency exchange in Japan
Microsoft investigates Outlook.com bug breaking email search
VirusTotal Data Leak Exposes User's Sensitive Details
Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware
LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order
Japan's space agency hit by cyberattack
8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks
3CX Hackers Also Compromised Critical Infrastructure Firms
Microsoft fixes Outlook Desktop bug causing slow saving issues
Apple patches zero-day holes – even in the brand new iOS 16
Cisco Duo Device Health App Flaw Allows Directory Traversal Attacks
Google Chrome's new cache change could boost performance
EPA Withdraws Water Sector Cybersecurity Rules Due to Lawsuits
U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks
An interview with initial access broker Wazawaka: 'There is no such money anywhere as there is in ransomware'
GitHub rolls out passkeys in move toward passwordless authentication
Windows 10 KB5025297 preview update released with 10 fixes
9M Dental Patients Affected by LockBit Attack on MCNA
FBI, CISA issue warning on China-backed cyber threats against the telecom industry
Google Patches High-Severity Privilege Escalation Vulnerabilities in Android
Messaging Apps Tapped as Platform for Cybercriminal Activity
Palo Alto Networks updates Prisma Cloud with integrated cloud security
New Intel CPU Vulnerability 'Reptar' Can Allow DoS Attacks, Privilege Escalation
How to Fix a Hacked Computer - Guide To Secure Your Computers - 2023
Samsung Galaxy gets new Auto Blocker anti-malware feature
Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
U.S. Government Blacklists Cytrox and Intellexa Spyware Vendors for Cyber Espionage
Watch Out For Malicious Python Packages That Can Hijack Your Computer
Microsoft: RaaS Relies on the Gig Economy
Google Bringing Privacy Sandbox to Android to Limit Sharing of User Data
Hackers steal $6 million from blockchain music platform Audius
Hackers Weaponize PDF Files to Deliver Multiple Ransomware Variants
GuLoader Targets US Financial Firms With Tax-Themed Phishing Lures
ASUS routers knocked offline worldwide by bad security update
Researchers show techniques for malware persistence on F5 and Citrix load balancers
CISA orders agencies to patch iPhone bugs abused in spyware attacks
Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware
S3 Ep145: Bugs With Impressive Names!
Convincing Microsoft phishing uses fake Office 365 spam alerts
Phishing Attacks Surge as Threat Actors Leverage New AI Tools
CISA and FBI warn of Truebot infecting US and Canada based organizations
Low-level motherboard security keys leaked in MSI breach, claim researchers
UK government fails to bring forward promised cyber laws in King’s Speech
FBI and CISA warn of opportunistic Rhysida ransomware attacks
Transparent Tribe Hackers Attack Indian Officials With New Hacking Campaigns
Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
GitHub Announces Free Secret Scanning, Mandatory 2FA
Global network of fake news sites push Chinese propaganda, researchers find
Windows 11 22H2 blocked on systems using Xbox Game Bar Capture
Critical HP Teradici PCoIP flaws impact 15 million endpoints
Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices
FBI: Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program
Russia-linked Gamaredon APT continues to target Ukraine
MSI confirms security breach following ransomware attack claims
China-linked RedAlpha behind multi-year credential theft campaign
Ukrainian cyberdefense in need of upgrades as tensions rise
Rapid7: Japan Threat Landscape Takes on Global Significance
Cyber Command's rotation 'problem' exacerbates talent shortage amid growing digital threat
Security Affairs newsletter Round 383
Deadly Secret: Electronic Warfare Shapes Russia-Ukraine War
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto
Robot dog to remove bombs in Ukraine | CyberNews
Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware
UK govt releases free tool to check for email cybersecurity risks
Apple fixes new Webkit zero-day used in attacks against iPhones
Arabic-speaking WhatsApp users targeted with spyware
Ukraine at D+683: Disinformation operations.
CISA Announces 2024-2026 Strategic Plan
New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security
QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities
North Korea's Lazarus Targets Energy Firms With Three RATs
Vevo announces investigation after YouTube accounts for Rihanna, Justin Beiber, Taylor Swift, Kanye and more hacked
SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools
Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says
Microsoft touts demand for its security services in fiscal Q1, driven by AI appetite
Red Cross: State hackers breached our network using Zoho bug
Facebook to pay hackers up to $300,000 to uncover remote code execution bugs
MITRE shares this year's list of most dangerous software bugs
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library
What can you get for $200? Several megabytes of ChatGPT training data
SaaS Application Security Firm Savvy Exits Stealth Mode With $30 Million in Funding
Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall
Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code
NSA Publishes ICS/OT Intrusion Detection Signatures and Analytics
Companies warned to boost cyber defence in wake of Ukraine crisis escalation
Telcom and BPO Companies Under Attack by SIM Swapping Hackers
Microsoft Patches Two Zero-Day Vulnerabilities
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining
The Week in Ransomware - October 7th 2022 - A 20 year sentence
CISA to Flag Vulnerabilities & Misconfigurations Exploited in Ransomware Attacks
BetMGM Confirms Breach as Hackers Offer to Sell Data of 1.5 Million Customers
CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities
European Police Take Down $9m Vishing Gang
Two Critical Flaws Found in Alibaba Cloud's PostgreSQL Databases
Nessus Plugin Flaw Let Attacker's to Escalate the Privileges
Apple just patched this 'actively exploited' flaw in older iPhones and iPads
Sophisticated DownEx Malware Campaign Targeting Central Asian Governments
FIRST Announces CVSS 4.0 - New Vulnerability Scoring System
Microsoft unveils Security Copilot built on GPT-4
Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware
Three Ways Varonis Helps You Fight Insider Threats
Criminals increasingly spoof credit unions | CyberNews
GhostTouch: how to remotely control touchscreens with EMI
Russian Hacker Pleads Guilty to Money Laundering Linked to Ryuk Ransomware
CISA to unveil secure-by-design principles this week amid push for software security
Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities
Several crypto platforms targeted in multimillion-dollar attacks
Espionage Attacks in North Africa Linked to
Canadian government discloses data breach after contractor hacks
US Treasury sanctions Iran intelligence agency following Albanian government attack
Lazarus group exploits Windows IIS servers to distribute malware
Snoop Dogg on AI risk: “Sh--, what the f---?”
CISA Outlines AI-Related Cybersecurity Efforts
CISA, FBI Warning: Truebot Hackers Exploiting Netwrix Auditor Flaw
CISA adds Stuxnet bug to its Known Exploited Vulnerabilities Catalog
New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
Don't Overlook Twitter's Trove of Threat Intel for Enterprise Cybersecurity
Industry Reactions to Qakbot Botnet Disruption: Feedback Friday
“Egypt Leaks” – Hacktivists are Leaking Financial Data
FIN8 Group spotted delivering the BlackCat Ransomware
Z-Library eBook site domains seized by U.S. Dept of Justice
S3 Ep136: Navigating a manic malware maelstrom
After the CommonSpirit ransomware attack: Why healthcare M&A is a ‘huge’ cybersecurity risk
Beware: New 'Rustbucket' Malware Variant Targeting macOS Users
Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms
AceCryptor: Cybercriminals' Powerful Weapon, Detected in 240K+ Attacks
Major Australian ports shut down following cyber incident
Royal Ransomware adds support for encrypting Linux, VMware ESXi systems
S3 Ep102: How to avoid a data breach [Audio + Transcript]
Former Twitter employee sentenced to 3.5 years in jail for spying on behalf of Saudi Arabia
Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US
AWS wants to be an enterprise security strategy advisor
The Week in Ransomware - February 11th 2022 - Maze, Egregor decryptors
New botnet Horabot targets Latin America
New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise
Triple Extortion Ransomware and the Cybercrime Supply Chain
FTC says Americans lost $547 million to romance scams in 2021
Cloudflare Observed The Peak DDOS Attack of 201 Million HTTP Requests Per Second
Mozi Botnet Likely Killed by Its Creators
Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data
Russian Cyberspies Targeting Ukraine Pose as Telecoms Providers
Researchers secretly helped decrypt Zeppelin ransomware for 2 years
WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
VMware warns of ransomware attacks on unpatched ESXi hypervisors
NCSC Calms Fears Over ChatGPT Cyber-Threat
Coinbase funds lawsuit against Tornado Cash cryptomixer sanctions
Apple CEO Tim Cook Pushes Senate For Privacy Legislation
Download the eBook: What Does it Take to be a Full-Fledged Virtual CISO?
$4.4 million stolen in attack on blockchain infrastructure Meter | ZDNet
Microsoft warns of brute-force attacks targeting MSSQL servers
‘Cyberspace has become a battleground,’ warns Australian Cyber Security Centre
PJCIS supports passage of second tranche of critical infrastructure cyber laws
Microsoft Takes on Cyber-Threats with New Secure Future Initiative
13 New Vulnerabilities in BMC Firmware Let Hackers Launch Remote Attacks on OT & IoT Networks
VMConnect: Python PyPI Threat Imitates Popular Modules
Human vs Machine Identity Risk Management
Fortanix unveils AWS integration for centralized key management
Reddit hackers threaten to leak data stolen in February breach
Microsoft: February updates break some Windows Server 2022 VMs
How 1Password lets you secure a team of 10 for a flat $19.95 per month
CASPER attack steals data using air-gapped computer's internal speaker
Pro-Russia hackers launched a massive attack against the EUROCONTROL agency
MESVision attack exposes nearly 350K individuals
BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions
Has Microsoft cut security corners once too often?
Unsophisticated ransomware campaign targeting VMware ripe for copycats
American Airlines disclosed a data breach
‘Extreme’ user abuse leads AnonFiles operators to shut down hosting service
Windows 11 KB5027303 preview update enables new Moment 3 features
University admission platform Leverage EDU exposed student passports
Top 6 Cyber Incident Response Plans - 2024
Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
China-Linked Winnti APT Group Silently Stole Trade Secrets for Years: Report
DepositFiles exposed config file, jeopardizing user security
Researchers found the first Linux variant of the RTM locker
UK Cybersecurity Center Says ‘Deepfakes’ and Other AI Tools Pose a Threat to the Next Election
New Mirai Variant Campaigns are Targeting IoT Devices
Q&A: TIAA's CIO touts top AI projects, details worker skills needed now
Criminal IP Cybersecurity Search Engine Launches First Beta Test
Half of AI Open Source Projects Reference Buggy Packages
Apple Fixes Zero-day Vulnerabilities Exploited To Attack iPhones, Macs, and iPads
US Airports in Cyberattack Crosshairs for Pro-Russian Group Killnet
MOVEit Gang Targets SysAid Customers With Zero-Day Attacks
Better Phishing, Easy Malicious Implants: How AI Could Change Cyberattacks
Microsoft Bows to Pressure to Free Up Cloud Security Logs
New Linux malware combines unusual stealth with a full suite of capabilities
U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
Police Bust €38m BEC Gang
Multinational tech firm ABB hit by Black Basta ransomware attack
Android's May 2022 Security Updates Patch 36 Vulnerabilities
DeadBolt ransomware now targets ASUSTOR devices, asks 50 BTC for master key
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya
Okta Wraps Up Lapsus$ Investigation, Pledges More Third-Party Controls
NSA chief trumpets intelligence sharing with Ukraine, American public
Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale
North Korean Attackers Exploiting Critical CI/CD Vulnerability
AMD investigates RansomHouse hack claims, theft of 450GB data
Amazon, Facebook, Twitter on EU list of companies facing DSA content rules
iPhone Users Urged to Update to Patch 2 Zero-Days Under Attack
Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks
NextGen Healthcare Data Breach: One Million Patient Records Affected
RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild
RansomExx Ransomware upgrades to Rust programming language
State-Sponsored Sidewinder Hacker Group's Covert Attack Infrastructure Uncovered
Apache Commons Vulnerability: Patch but Don't Panic
Iranian APT group launches destructive attacks in hybrid Azure AD environments
Relentless Russian Cyberattacks on Ukraine Raise Important Policy Questions
Avast releases free BianLian ransomware decryptor
Hacked home computer of engineer led to second LastPass data breach
SAP Patches Critical Vulnerability in ECC and S/4HANA Products
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
Microsoft publicly discloses details on critical ChromeOS flaw
Top 5 Marketing Tech SaaS Security Challenges
Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens
CapraRAT Impersonates YouTube to Hijack Android Devices
5 social engineering assumptions that are wrong
eFile Tax Return Software Found Serving Up Malware
Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition
Hackers claim multiple attacks on Israel and leak confidential files
Albania Cuts Diplomatic Ties With Iran Over July Cyberattack
Windows 10 KB5025221 and KB5025229 updates released
Apple fixed the eighth actively exploited zero-day this year
Sophisticated Email Attacks Target Cryptocurrency Wallets
Australian Telecoms company Optus discloses security breach
New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks
Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks
Cyberattacks on Kenya Drop in Third Quarter
Hackers email stolen student data to parents of Nevada school district
New RURansom Wiper Targets Russia
Rackspace says Exchange outage was caused by security incident
The Rise of S3 Ransomware: How to Identify and Combat It
Clop Gang Offers Data Downloads Via Torrents
What is ransomware? Everything you need to know about one of the biggest menaces on the web | ZDNet
Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries
RIG Exploit Kit still infects enterprise users via Internet Explorer
WinRAR Vulnerability Affects Traders Worldwide
YoroTrooper Stealing Credentials and Information from Government and Energy Organizations
Wireshark 3.6.8 Released - What's New !! - Cyber Security News
Signal Messenger Introduces PQXDH Quantum-Resistant Encryption
Hackers Actively Exploit F5 BIG-IP Bug
BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11
Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility
Businesses detect cyberattacks faster despite increasingly sophisticated adversaries
Google announces new algorithm that makes FIDO encryption safe from quantum computers
US Passes “Game-Changing” Cyber Incident Reporting Legislation
Emotet malware distributed as fake W-9 tax forms from the IRS
CISA Releases Cyber Attack Mitigation for Healthcare Organizations
Hackers Use New .NET Loader Malware to Deliver Wide Range of Payloads
OPNsense Firewall Flaws Let Attackers Employ XSS to Escalate Privileges
KuCoin's Twitter account hacked to promote crypto scam
A new PyPI Package was found delivering fileless Linux Malware
Conti extortion gangs behind surge of BazarCall phishing attacks
Good Friday Agreement paved way for Northern Ireland’s emergence as a global cybersecurity hub
Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released
China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks
New Chaos malware infects Windows, Linux devices for DDoS attacks
Spyware infections continue as the U.S. federal government takes notice
Tampa Bay zoo targeted in cyberattack by apparent offshoot of Royal ransomware
Crypto-driven GPU crash makes Nvidia miss Q2 projections by $1.4 billion
Microsoft disrupted APT28 attacks on Ukraine through a court order
APT “Mysterious Elephant” Emerges in Q2 2023, Kaspersky Reports
Authorities pushing for secure AI development practices
INTERPOL + Trend to Fight African Cybercrime Networks
Microsoft Fixes Zero-Day Bug This Patch Tuesday
Innocent pregnant woman jailed amid faulty facial recognition trend
Microsoft Releases Patches for 130 Vulnerabilities, Including 6 Under Active Attack
Police Shutter 13,000 Sites in Piracy Crackdown
Bored Ape Yacht Club, Otherside NFTs stolen in Discord server hack
Ukraine at D+684: A hacktivist auxiliary is actively recruiting.
'Elektra-Leak' Attackers Harvest AWS Cloud Keys in GitHub Campaign
Officials warn of asymmetric cyberattacks as Ukraine conflict simmers
US Offers $10m Reward For Alleged Prolific Ransomware Actor
Intel’s oft-delayed “Sapphire Rapids” Xeon CPUs are finally coming in early 2023
North Korea Funding Nuclear Program with Cyber Activity
Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
NATO-Member Albania Cut Ties With Iran Over Cyber-Attack
S3 Ep131: Can you really have fun with FORTRAN?
Infostealer Lumma Evolves With New Anti-Sandbox Method
Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare
Hackers hammer SpringShell vulnerability in attempt to install cryptominers
Study Reveals Ransomware as Most Popular Cybercrime Service
Attackers Crafted Custom Malware for Fortinet Zero-Day
A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day
Samsung Launches Message Guard To Prevent Zero-Click Attacks
Twitter User Exposes Nickelodeon Data Leak
National cyber director to retire this month
Cybersecurity M&A Roundup: 41 Deals Announced in August 2022
CISA updates zero trust maturity model to provide an easier launch
Shadowy hacking group targeting Israel shows outsized capabilities
Crypto Scams Soar as Domains Surge 335%
Qbot Likes to Move It, Move It
Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine
More than $15 million stolen after hackers exploit DeFi platform Inverse Finance
Qualcomm Sys Hackers Actively Exploit 3 new Zero-Days - Patch Now
Preventative medicine for securing IoT tech in healthcare organizations
200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn
Sandworm APT Group Adds New Wiper to Its Hacking Toolkit
#IMOS22: Ciaran Martin Discusses Cyber-Threats from the Russia-Ukraine Conflict
Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116
SMS delivery reports can be used to infer recipient's location
Microsoft December Patch Tuesday Out With 67 Bug Fixes
Why You Need Continuous Network Monitoring?
The Week in Ransomware - January 28th 2022 - Get NAS devices off the Internet
Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack
Hundreds of OpenAI staff threaten to resign and join Altman at Microsoft
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
Florida hospital takes IT systems offline after cyberattack
Prolific ransomware gang takes credit for Seiko data breach
Bing Chat responses infiltrated by ads pushing malware
Researchers Claim High-Risk Vulnerabilities Found in 87% of All Container Images
Apple accuses UK government of trying to become ‘global arbiter’ of encryption
Why you should patch the Windows QueueJumper vulnerability immediately
Ransomware gang coughs up decryptor after realizing they hit the police
Researchers Report Supply Chain Vulnerability in Packagist PHP Repository
Extended warranty robocallers fined $300 million after 5 billion scam calls
A Closer Look at Windows Kernel Threats
Clop ransomware claims responsibility for MOVEit extortion attacks
Malware dev claims to sell new BlackLotus Windows UEFI bootkit
Russia bans private messaging apps owned by foreign entities
US RESTRICT Act Gains Support, Empowers Biden to Ban Foreign Tech
Microsoft urges admins to patch on-premises Exchange servers
New law could allow GCHQ to monitor UK internet logs in real-time to tackle fraud
ViperSoftX uses more sophisticated encryption and anti-analysis techniques
Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks
Hackers Leak Another Set of Medibank Customer Data on the Dark Web
Update Zoom for Mac now to avoid root-access vulnerability
Lumma Stealer malware now uses trigonometry to evade detection
New Windows malware also steals data from victims’ mobile phones
Microsoft Teams & Edge Zero-Day Vulnerabilities Leads to Code Execution
Japan’s JAXA space agency admits cyberattack
Apache Superset Shipped With Unpatched RCE Vulnerability
New Vulnerabilities Disclosed in SonicWall and Fortinet Network Security Products
Bahamut Spyware Group Compromises Android Devices Via Fake VPN Apps
VNC Attacks in It's Peak - Over 8,000 Servers Exposed Online Without a Password - Cyber Security News
North Korean ransomware attacks on healthcare fund govt operations
Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service
ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection
Critical flaw in WooCommerce can be used to compromise WordPress websites
China Crackdown on Cyber Scams in Southeast Asia Nets Thousands but Leaves Networks Intact
Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives
North Korean state-sponsored hacker group Lazarus adds new RAT to its malware toolset
CISA: Multiple APT Groups Infiltrate Defense Organization
Hackers hijack Linux devices using PRoot isolated filesystems
NY college forced to invest $3.5 million in cybersecurity after breach affecting 200,000
Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack
Cloud Security Demand Drives Better Cyber-Firm Valuations — and Deals
GM plans to let you talk to your car with ChatGPT, Knight Rider-style
Hackers stoke pandemonium amid Russia’s war in Ukraine
Microsoft: Octo Tempest is one of the most dangerous financial hacking groups
Microsoft: Octo Tempest one of the most dangerous financial hacking groups
NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security
Australian Budget 2022 delivers AU$9.9 billion for spicy cyber
Economic challenges tighten CISO compensation: IANS study
Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign
10 Best Digital Forensic Investigation Tools - 2024
MGM Resorts takes systems offline as it investigates cyberattack
NCSC Announces New Standard For Indicators of Compromise
OWASP Top 10 for LLM (Large Language Model) applications is out!
BIG-IP Vulnerability Allows Attackers to Execute Remote Code
Hackers Target Colombia's Healthcare System With Ransomware
Platform Approach to Cybersecurity: The New Paradigm
Microsoft names Hamas-linked group targeting Israel
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day
Cyberattack on Belgian social service centers forces them to close
Ex-Conti members and FIN7 devs team up to push new Domino malware
MOVEit Transfer software zero-day actively exploited in the wild
Network mistakes, misconfigurations cost companies millions
Global Spyware Attacks Spotted Against Both New & Old iPhones
Supercharged Version of Amadey Infostealer & Malware Dropper Bypasses AVs
New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
Hackers exploit gaping Windows loophole to give their malware kernel access
Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months - New Survey
SAP Patches Critical Vulnerability in Business One Product
Chinese 'RedZei' Group Batters Victims With Incessant Vishing Effort
Over 15K Citrix servers vulnerable to CVE-2023-3519 RCE attacks
Citrix Patches Critical Vulnerability in Secure Access Client for Ubuntu
ChatGPT Browser Extension Hijacks Facebook Business Accounts
Crypto and the US government are headed for a decisive showdown
Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier
New Cactus ransomware encrypts itself to evade antivirus
2022 CISO Forum: All Sessions on Demand
New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware
BlackLotus bootkit bypasses UEFI Secure Boot on patched Windows 11
CVEs Surge By 25% in 2022 to Another Record High
The Week in Ransomware - January 20th 2023 - Targeting Crypto Exchanges
US teen pleads guilty to his role in credential stuffing attack on betting site
Israel-Hamas conflict extends to cyberspace
CXOs and directors are growing wary of generative AI: Report
Cloudflare debuts Friendly Bot validation service | ZDNet
Critical Infrastructure Organizations Warned of Snatch Ransomware Attacks
Stolen Microsoft key offered widespread access to Microsoft cloud services
Why and how to create corporate genAI policies
FBI warns of crooks posing as NFT developers in fraudulent schema
Amazon’s $195 thin clients are repurposed Fire TV Cubes
UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack
Microsoft announces enterprise DDoS protection for SMBs
Major Mexican airport confirms experts are working to address cyberattack
Russia Coordinating Cyberattacks With Military Strikes in Ukraine: Microsoft
EU votes to ban AI in biometric surveillance, require disclosure from AI systems
Lapsus$ ransomware gang hits SIC, Portugal's largest TV channel
Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities
Google Cloud adds agentless threat detection to virtual machine workloads
OpenAI confirms it's not killing off ChatGPT plugins for now
Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack
Arnold Clark Confirms Customer Data Compromised in Breach
NSA, CISA Explain How Threat Actors Plan and Execute Attacks on ICS/OT
Police tricks DeadBolt ransomware out of 155 decryption keys
How to upgrade cybersecurity awareness training
LastPass - Hackers Breached DevOps Engineer Laptop in the Second Attack
New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines
Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say
Thanks to AI, it’s probably time to take your photos off the Internet
NY governor wants new cybersecurity rules for hospitals after multiple attacks
U.S. DoJ Cracks Down on North Korean IT Scammers Defrauding Global Businesses
AvosLocker ransomware gives free decryptor to US police dept
Starlink is getting a lot slower as more people use it, speed tests show
Hackers exploit critical Zyxel firewall flaw in ongoing attacks
BlackCat Ransomware Strikes Ho Chi Minh City Power Corporation
Lloyd’s of London finds hypothetical cyberattack could cost world economy $3.5 trillion
China condemns US ban on telco, urges need for fair treatment | ZDNet
Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack
Beware!! King of Malware Emotet Attack Windows User Via Weaponized Excel Files
WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders
JFrog adds new DevOps capability for vetting external packages
Manufacturing services tech giant hit with cyberattack
Global Action
Anonymous hacked Russian streaming services to broadcast war footage
Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed
ChatGPT Used to Develop New Malicious Tools
Google Goes After Scammers Abusing Its Bard AI Chatbot
TeamTNT hijacking servers to run Bitcoin encryption solvers
LockBit ransomware builder leaked online by “angry developer”
Clorox Blames Damaging Cyberattack for Product Shortage
Activities in the Cybercrime Underground Require a New Approach to Cybersecurity
Downfall Intel CPU side-channel attack exposes sensitive data
QNAP warns of zero-day vulnerability in latest DeadBolt ransomware campaign
RaidForums hacking forum seized by police, owner arrested
S3 Ep135: Sysadmin by day, extortionist by night
Google accuses Spanish spyware company of ties to zero-day exploitation framework
Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw
German financial agency site disrupted by DDoS attack since Friday
Zero-Day ‘Follina’ Bug Lays Older Microsoft Office Versions Open to Attack
Russian hackers perform reconnaissance against Austria, Estonia
Zoho warns of new zero-day vulnerability exploited in attacks
Ukraine takes down cybercrime group hitting crypto fraud victims
CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks
Citrix urges immediate patching of critically vulnerable product lines
Free Decryptors Released for BianLian, MegaCortex Ransomware
Microsoft is Rolling out Support for Passkeys in Windows 11
Microsoft Paint finally gets support for layers and transparency
A critical flaw affects Fortinet FortiOS and FortiProxy, patch it now!
OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers
These are the top three high-value targets that access brokers attack | CyberNews
Healthcare Ransomware Attacks Cost US $78bn
OpenSSL Fixed Two High Severity Vulnerabilities That Can be Exploited Remotely
Is Cybersecurity Awareness Month Anything More Than PR?
Cyberattackers hit Capital Health hospitals in New Jersey
#BHEU: Time for Cyber Pros to Shape the Industry’s Future
Third Nigerian pleads guilty in BEC scams dating back nearly a decade
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module
Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability
Hackers are Creating ChatGPT Clones to Launch Malware and Phishing Attacks
AI Safety Summit: OWASP Urges Governments to Agree on AI Standards
Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable to Takeover - Hunters
FBI, DOJ defend ‘offensive’ actions against Chinese, Russian operations
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks
Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits
Recently Disclosed Vulnerability Exploited to Hack Hundreds of SugarCRM Servers
Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit
Britain and US make major move against ransomware gangs by sanctioning seven individuals
Black Hat Preview: The Business of Cyber Takes Center Stage
BleepingComputer's most popular technology stories of 2022
S3 Ep106: Facial recognition without consent – should it be banned?
Microsoft comes under blistering criticism for “grossly irresponsible” security
Predictions 2023: Big Tech's Coming Security Shopping Spree
DOJ seizes $3.6 billion in crypto from 2016 Bitfinex hack, arrests New York couple | ZDNet
Spyware was used against Catalan targets and UK prime minister and Foreign Office
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
Over Three-Quarters of UK Adults Hit by Online Scams
Little Rock School District approves $250K payment in ransomware settlement
What You Need To Know About Penetration Testing as a Service - Cyber Security News
Email marketing firm hacked to steal crypto-focused mailing lists
Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.
White House Denies Mulling Massive Cyberattacks Against Russia
Russia and Ukraine Conflicts Escalates - Telegram Becomes a Digital Forefront
BoostSecurity Exits Stealth With DevSecOps Automation Platform, $12M in Seed Funding
S3 Ep128: So you want to be a cybercriminal? [Audio + Text]
HelloXD Ransomware Variants Found Installing Backdoor on Windows and Linux Machines
Pair of Galaxy App Store Bugs Offer Cyberattackers Mobile Device Access
Iranian Hackers
Identifying a Patch Management Solution: Overview of Key Criteria
Hackers hijack smart contracts in cryptocurrency token 'rug pull' exit scams | ZDNet
Meta faces EU ban on Facebook, Instagram targeted advertising
Steam enforces SMS verification to curb malware-ridden updates
Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons
DoppelPaymer Ransomware Gang Members Busted in Germany, Ukraine
Conti ransomware targeted Intel firmware for stealthy attacks
The MOVEit hack and what it taught us about application security
Risky Business: Enterprises Can’t Shake Log4j flaw
Expensive Investigations Drive Surging Data Breach Costs
SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics
Ransomware isn’t going away – the problem is only getting worse
When Attacks Surge, Turn to Data to Strengthen Detection and Response
Palestinian Hacktivist Group GhostSec Compromises 55 Berghof PLCs Across Israel
D-Link WiFi range extender vulnerable to command injection attacks
Can we fix the weaknesses in password-based authentication?
Ransomware gang uses new Microsoft Exchange exploit to breach servers
How to Secure Web Applications in a Growing Digital Attack Surface
From ScreenConnect to Hive Ransomware in 61 hours - The DFIR Report
Continuous Security: PTaaS Bridges the Gap within Application Security
Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo
City of Long Beach declares local emergency after cyberattack
Threat Actors are Targeting Your Web Applications – Here’s How To Protect Them
7 Stages of Application Testing: How to Automate for Continuous Security
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
Ransomware is only getting faster: Six steps to a stronger defense
Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business
The OWASP Top 10: What They Are and How to Test Them
Cyberattacks Targeting E-commerce Applications
Majority of Ransomware Attacks Last Year Exploited Old Bugs
Traditional Pen Testing vs. PTaaS with Web Application Security
New 'RisePro' Infostealer Increasingly Popular Among Cybercriminals
Cisco brings generative AI to Webex and Cisco Security Cloud
Protecting Your Microsoft IIS Servers Against Malware Attacks
Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites
Key Cybersecurity Tools That Can Mitigate the Cost of a Breach
FBI: Stolen PII and deepfakes used to apply for remote tech jobs
IPStorm botnet with 23,000 proxies for malicious traffic dismantled
Critical Security Flaws Exposed in Nagios XI Network Monitoring Software
MGM Resorts' Systems Restored After 10-Days Following Ransomware Attack
Three-quarters of businesses braced for ‘serious’ email attack this year
In-House vs. External Pen Testing: Which is Right For Your Organization?
LummaC2 Employs Trigonometry to Track Mouse Movements
Apache Commons Text Library Flaw Is Worrisome, But Not Like Log4Shell
Enhancing your application security program with continuous monitoring
Is Once-Yearly Pen Testing Enough for Your Organization?
Lazarus is using a MagicLine4NX zero-day in supply chain attack
CISA orders agencies to patch Exchange bug abused by ransomware gang
A Primer on Cyber Risk Acceptance and What it Means to Your Business
Cybersecurity M&A Roundup: 23 Deals Announced in June 2023
Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps
10 Best Vulnerability Management Tools - 2023
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance
New Truebot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm
Log4j: Google and IBM call for list of critical open source projects | ZDNet
The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy
Over 40,000 admin portal accounts use 'admin' as a password
The Different Methods and Stages of Penetration Testing
How the initial access broker market leads to ransomware attacks | ZDNet
Rackspace records $5M in expenses related to 2022 ransomware attack
AWS Cloud Credential Stealing Campaign Spreads to Azure, Google Cloud
VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
Citrix fixed a critical flaw in Secure Access Client for Ubuntu
Minecraft rushes out patch for critical Log4j vulnerability
Norway issues warning after ‘important businesses’ affected by Cisco zero-days
Google Cloud Rolls Out Security AI Workbench For Threat Detection
The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
US DoD Unveils Website For Hack the Pentagon Bug Bounty Program
Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
Critical F5 BIG-IP vulnerability targeted by destructive attacks
Ransomware: Conti gang is still in business, despite its own massive data leak | ZDNet
Digital clues and the stories Ukraine’s mass graves have to tell
Proofpoint to Acquire Tessian for AI-Powered Email Security Tech
North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware