Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed...
Picture this: you stumble upon a concealed secret within your company’s source code. Instantly, a wave of panic hits as you grasp...
Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials...
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result...
Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar’s systems at least...
A new variant of a remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to...
Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner...
The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security...
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous...
Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by...
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an...
A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its...
The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country’s National Authority...
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to...
Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as...
Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to...
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a dual privilege escalation chain in Google Kubernetes Engine (GKE)....
Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access...
A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited...
Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoors on...
FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield
Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries
Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia
Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT
North Korean Hackers Deploy New Golang Malware ‘Durian’ Against Crypto Firms
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability
Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials
Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery
A SaaS Security Challenge: Getting Permissions All in One Place
The Fundamentals of Cloud Security Stress Testing
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion
New Case Study: The Malicious Comment