A25-year-old Russian national pleaded guilty to multiple charges stemming from their participation in ransomware attacks and faces a maximum penalty up to 53 years in prison. Aleksei Olegovich...

The Nitrogen group is a sophisticated and financially motivated threat group that was first observed as a malware developer and operator in 2023. Since discovery, Nitrogen has transformed itself...

Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices. The malware,...

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the Middle East....

Many critical systems are still being maintained, and the cloud provides some security cover. But experts say that any lapses in protections like patching and monitoring could expose government systems.

The second season of the Netflix reality competition show Squid Game: The Challenge has dropped. (Too many links to pick a few—search for it.) As usual, you can also use this squid post to talk...

'Precision espionage campaign' began months before the flaw was fixed A previously unknown Android spyware family called LANDFALL exploited a zero-day in Samsung Galaxy devices for nearly a year,...

A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at...

A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to...

Researchers spotted a 9-month-long campaign involving previously undiscovered spyware they call LANDFALL, which leveraged a zero-day bug in Samsung Galaxy phones.

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these...

Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her...

Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. [...]

In 2024, I published Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack), which explored the notorious Meow attack campaign that had plagued unsecured databases since 2020....

In 2024, I published Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack), which explored the notorious Meow attack campaign that had plagued unsecured databases since 2020....

Multi-year wait for destruction comes to an end for mystery attackers Security experts have helped remove malicious NuGet packages planted in 2023 that were designed to destroy systems years in...

Three state attorneys general announced Thursday that the educational technology company Illuminate Education will pay a $5.1 million fine and agree to make changes to its business to settle...

Senators on both sides of the aisle on Thursday signed onto a call to keep advanced artificial intelligence chips from being sold to China. Sen. Chris Coons, D-Del., unveiled an as-yet unnumbered...

The U.S. Department of Defense’s implementation of a new cybersecurity framework, the Cybersecurity Maturity Model Certification 2.0 or CMMC, will require more than 300,000 military contracting...

Microsoft is testing a faster version of Quick Machine Recovery (QMR) and updated Smart App Control (SAC), allowing users to toggle it without requiring a Windows clean install. [...]

Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the...

The Marine Corps is rolling out new enlistment bonuses for fiscal 2026, offering its biggest payout to recruits who sign up for specialized roles in cyber and electronics maintenance. The...

Lawmakers in the European Union’s Parliament have voted to greenlight a proposal which would allow Europol to expand data sharing and biometric data collection as part of its effort to fight human...

One of the world’s most ruthless and advanced hacking groups, the Russian state-controlled Sandworm, launched a series of destructive cyberattacks in the country’s ongoing war against neighboring...

Cisco has issued an urgent security advisory detailing two critical vulnerabilities affecting its Unified Contact Center Express (Unified CCX) platform. The flaws, identified as CVE-2025-20354 and...

Authorities fight ransomware and crypto fraud, SleepyDuck exploits Ethereum for malware, and Iran-linked actors target U.S. policy experts.

Companies that supply financial organizations fare worse on cybersecurity than the organizations they’re supplying, according to a report BitSight published on Thursday. The security gap between...

Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security

Tenable researchers recently discovered seven new ChatGPT vulnerabilities and attack techniques that can be exploited for data theft and other malicious purposes. The attack methods are related to...

A suspicious package was delivered to a US military base in Maryland on Thursday which caused at least seven people to fall ill and be taken to the hospital, CNN has learned. Several people were...