On an unexpected Tuesday, the collision of a container ship with the Francis Scott Key Bridge in Baltimore not only disrupted the...
Threat hunters have identified a suspicious package in the NuGet package manager that’s likely designed to target developers working with tools made...
The U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing...
The Checkmarx Research team has unearthed a sophisticated attack campaign that leveraged fake Python infrastructure to target the software supply chain, affecting...
In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium)....
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch,...
The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging...
Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that...
A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional...
A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to...
The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne...
In the evolving landscape of cybersecurity threats, a new class of Distributed Denial of Service (DDoS) attacks has emerged, exploiting the intricate...
Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that’s used to target Laravel applications and steal sensitive data....
When you read reports about cyber-attacks affecting operational technology (OT), it’s easy to get caught up in the hype and assume every...
Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to...
Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that...
Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons,...
The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from...
Continuous Threat Exposure Management (CTEM) is an evolving cybersecurity practice focused on identifying, assessing, prioritizing, and addressing security weaknesses and vulnerabilities in...
Microsoft Outlook Flaw Exploited by Russia’s APT28 to Hack Czech, German Entities
Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw
Dropbox Discloses Breach of Digital Signature Service Affecting All Users
CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability
New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials
Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers
Eternal Malware: CVE-2024-3400 Rootkits Persist Through Palo Alto Firewalls Updates and Resets
Millions of Malicious ‘Imageless’ Containers Planted on Docker Hub Over 5 Years
New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023
Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM
Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw
Bogus npm Packages Used to Trick Software Developers into Installing Malware
New ‘Brokewell’ Android Malware Spread Through Fake Browser Updates
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
Network Threats: A Step-by-Step Attack Demonstration
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage