Think you could never fall for an online scam? Think again. Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead

The Russian hacker group Curly COMrades has been abusing Microsoft's Hyper-V virtualization technology in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine...

​Microsoft says the October 2025 updates trigger incorrect end-of-support warnings on Windows 10 systems with active security coverage or still under active support. [...]

South Korea’s major mobile carrier, SK Telecom, told shareholders that recovery costs and other losses tied to a data breach earlier this year led to a 90 percent drop in operating profit for the...

South Korea's president laughed, so perhaps it was funny? Unlike China's censorship and snooping Chinese president Xi Jinping has joked that smartphones from Xiaomi might include backdoors.…

Trustwave SpiderLabs team is tracking the consolidation of three well-known threat groups into a “federated alliance” that offers Extortion-as-a-Service.

The author discusses how different syntaxes by different parsers can lead to security issues. URLs, URIs, content disposition headers, Unicode, etc. are great examples of this. In Python, the...

This is a large article with trends from the HackerOne platform. Enjoy! The vulnerability classes section is interesting. Access control issues have increased by 18% (IAC) and 29% (IDOR), while...

55 cuffed last week after court ruled sting operation was legal Australian police last week made 55 arrests using evidence gathered with a backdoored messaging app that authorities distributed in...

In GitLab, you can specify a server for Sentry to generate function buttons for error tracking lists. By configuring the error information, you can modify the routing of subsequent requests to...

In a previous blog post, Doyensec detailed how to exploit CSPT to perform CSRF by using file uploads to transfer data for routing in a subsequent request. In their example, there were no...

Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions. [...]

“You can’t handle the truth!” –Col. Jessup played by Jack Nicholson in the 1992 movie “A Few Good Men“ Many think that if they could just get closer to the data that they will somehow discover...

The author of this post had read Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal. Upon reading this post, they found that many of the tricks weren't working. They mainly...

The author of this post had found a vulnerability in GitHub previously. They decided to conduct a scan for Dependency Confusion issues on GitLab and GitHub. While looking at package.json, they...

The author of this post was writing a Go implementation of ML-DSA, a post-quantum signature algorithm done by NIST last summer. After 4 days of trying to create the implementation, the code was...

A Solana extension with real-time analysis of vulnerability classes. The extension performs checks on Anchor-specific issues, which are definitely needed! They have nine detectors. Of these, I...

Confidential Virtual Machines (CVMs) are Linux-based systems that run in automated environments, handling secrets in an untrusted setting. They run on an untrusted host machine but are interacted...

Learn why timely, relevant data is crucial for effective ransomware detection and what you can do to help prevent ransomware attacks and safeguard your organization.

This investigative report reveals how German hosting provider aurologic GmbH has become a central enabler of malicious internet infrastructure, linking numerous threat activity networks while...

Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck. According to Secure Annex's John Tuckner, the...

Even AI has doubts about the claim that '80% of ransomware attacks are AI-driven' Do 80 percent of ransomware attacks really come from AI? MIT Sloan has now withdrawn a working paper that made...

This is not what people mean when they say: 'You should get a side hustle' A ransomware negotiator and an incident response manager at two separate cybersecurity firms have been indicted for...

Last year's winner scored a $65M funding round on a $300M valuation Cloud and AI security startups have two weeks to apply for a program that fast-tracks access to investors and mentors from...

Questioning how Flock Safety protects sensitive user accounts, Sen. Ron Wyden and Rep. Raja Krishnamoorthi want the FTC to investigate the police surveillance tech provider.

Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and...

CyberSlop — meet the new threat actor, MIT and Safe SecurityCybersecurity vendors peddling nonsense isn’t new, but lately we have a new dimension — Generative AI. This has allowed vendors — and...

Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being...

The Tycoon 2FA phishing kit is a sophisticated Phishing-as-a-Service (PhaaS) platform that emerged in August 2023, designed to bypass two-factor authentication (2FA) and multi-factor...

Old-school cargo heists reborn in the cyber age Cybercriminals are increasingly orchestrating lucrative cargo thefts alongside organized crime groups (OCGs) in a modern-day resurgence of attacks...