The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution. The...
The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea's illicit revenue generation schemes by enabling information technology...
Microsoft has confirmed it is investigating a bug causing the Windows 10 KB5068781 extended security update to fail to install with 0x800f0922 errors on devices with corporate licensing. [...]
The decades-old "finger" command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. [...]
Plus: State-sponsored AI hacking is here, Google hosts a CBP face recognition app, and more of the week’s top security news.
Jaguar Land Rover (JLR) published its financial results for July 1 to September 30, warning that the cost of a recent cyberattack totaled £196 million ($220 million) in the quarter. [...]
The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads. "The threat actors have...
Short-finned pilot wales (Globicephala macrorhynchus) eat at lot of squid: To figure out a short-finned pilot whale’s caloric intake, Gough says, the team had to combine data from a variety of...
Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia,...
More than a month after PoC made public Fortinet finally published a security advisory on Friday for a critical FortiWeb path traversal vulnerability under active exploitation – but it appears...
A new US law enforcement initiative is aimed at crypto fraudsters targeting Americans—and now seeks to seize infrastructure it claims is crucial to notorious scam compounds.
Federal prosecutors secured five guilty pleas from people who supported overseas remote IT workers, and seized $15 million in stolen cryptocurrency tied to the North Korean regime. The post DOJ...
The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a...
Amazon spilled the TEA Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but...
Hardware accessory giant Logitech has confirmed it suffered a data breach in a cyberattack claimed by the Clop extortion gang, which conducted Oracle E-Business Suite data theft attacks in July. [...]
This is a current list of where and when I am scheduled to speak: My coauthor Nathan E. Sanders and I are speaking at the Rayburn House Office Building in Washington, DC at noon ET on November 17,...
Crooks spoof US insurers, threaten bogus extradition to pry loose personal data and cash Chinese speakers in the US are being targeted as part of an aggressive health insurance scam campaign, the...
Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. 1,590 victims disclosed across 85 leak sites, showing...
SecAlliance and Silent Push confirmed that the suspected Chinese operators of the phishing kit appear to have been affected. The post Google, researchers see signs that Lighthouse text scammers...
This week, Kyndryl’s collaboration with the Mexican government to train 1,000 cybersecurity professionals signals a push to close the nation’s critical talent gap. Meanwhile, Tenable’s findings of...
Hosted in Tokyo, Japan, the International Cybersecurity Challenge (ICC) gathered top cybersecurity talents from all around the world to compete and test their cybersecurity skills. A total of...
French President Emmanuel Macron on Wednesday announced a planned increase of €4.2 billion ($4.9 billion) in military space spending between 2026 and 2030. “We must fight to preserve this precious...
The alliance has been in dire need of an updated naval plan to tackle a fast-evolving range of threats. Now, 14 years after the last iteration, it has finally delivered. The updated strategy...
State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly sophisticated espionage...
A bill moving through the Michigan legislature would create a statewide drone registry, managed by the state’s Department of Transportation, designed to provide state agencies and law enforcement...
Russia’s Port Alliance group, which operates a network of sea cargo terminals, said on Thursday that foreign hackers had targeted its systems over three days in a distributed denial of service...
The U.S. Department of Justice announced that five individuals pleaded guilty to aiding North Korea's illicit revenue generation schemes, including remote IT worker fraud and cryptocurrency theft. [...]
A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity, per Netcraft security researcher Andrew...
Advisory updated as leading cybercrime crew opens up its target pool The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance to organizations on the Akira ransomware...
The day after Google filed a lawsuit to end text scams primarily targeting Americans, the criminal network behind the phishing scams was “disrupted,” a Google spokesperson told Ars. According to...