The Checkmarx Research team has unearthed a sophisticated attack campaign that leveraged fake Python infrastructure to target the software supply chain, affecting...
In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium)....
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch,...
The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging...
Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that...
A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional...
A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to...
The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne...
In the evolving landscape of cybersecurity threats, a new class of Distributed Denial of Service (DDoS) attacks has emerged, exploiting the intricate...
Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that’s used to target Laravel applications and steal sensitive data....
When you read reports about cyber-attacks affecting operational technology (OT), it’s easy to get caught up in the hype and assume every...
Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to...
Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that...
Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons,...
The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from...
Continuous Threat Exposure Management (CTEM) is an evolving cybersecurity practice focused on identifying, assessing, prioritizing, and addressing security weaknesses and vulnerabilities in...
Application programming interfaces (APIs) are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of...
Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules....
In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of...
A new variant of a data wiping malware called AcidRain has been detected in the wild that’s specifically designed for targeting Linux...
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners
CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers
Apache Cordova App Harness Targeted in Dependency Confusion Attack
Russia’s APT28 Exploited Windows Print Spooler Flaw to Deploy ‘GooseEgg’ Malware
Ransomware Double-Dip: Re-Victimization in Cyber Extortion
Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage
New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack
Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
BlackTech Targets Tech, Research, and Gov Sectors New ‘Deuterbear’ Tool
Hackers Target Middle East Governments with Evasive “CR4T” Backdoor
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade
FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor
New Android Trojan ‘SoumniBot’ Evades Detection with Clever Tricks
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor
Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks
GenAI: A New Headache for SaaS Security Teams