Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed...
From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability...
State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. [...]
Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to...
Experts say outages like the one that Amazon experienced this week are almost inevitable given the complexity and scale of cloud technology—but the duration serves as a warning.
From NY DFS: New York State Department of Financial Services (DFS) Acting Superintendent Kaitlin Asrow today issued new cybersecurity guidance addressing the risks associated with entities...
Here are five ways tenfold's free IGA solution helps you streamline identity governance and access control. Partner Content In a world where one wrong click can set off a catastrophic breach,...
The advice didn't change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods. But...
Security researchers collected $792,750 in cash after exploiting 56 unique zero-day vulnerabilities during the second day of the Pwn2Own Ireland 2025 hacking competition. [...]
Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. [...]
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky. The...
Rachel Means reports on what sounds like a cyberattack with encryption: Kaufman County officials have confirmed that the county experienced a “security incident” on October 20, disrupting access...
Linsey Lewis reports: OYO Hotel & Casino Las Vegas was hit by a cyberattack sometime in early January, allegedly exposing the personal information of more than 4,700 people, according to documents...
In 2025, 36 years after the first ransomware attack was recorded, actors continue to zero in on the public sector, and there is no evidence they will slow down any time soon. In fact, our numbers...
In 2025, 36 years after the first ransomware attack was recorded, actors continue to zero in on the public sector, and there is no evidence they will slow down any time soon. In fact, our numbers...
A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. [...]
Forks of forks of forks, but which ones are patched? A vulnerability in the popular Rust crate async-tar has affected the fast uv Python package manager, which uses a forked version that's now...
If the court continues issuing such injunctions, the Department of Telecommunications may need an entire department and staff just to respond to these situations. Should the responsibility be on...
Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution...
Meta has announced new tools to help WhatsApp and Messenger users protect themselves from potential scams and secure their accounts. [...]
The FinWise breach shows that when insider threats strike, encryption is the last line of defense. Penta Security's D.AMO platform unites encryption, key management, and access control to keep...
Interesting article on people with nonstandard faces and how facial recognition systems fail for them. Some of those living with facial differences tell WIRED they have undergone multiple...
Tenable has been named a Continuous Threat Exposure Management (CTEM) Leader in Latio’s 2025 Cloud Security Market Report. This recognition is based on rigorous product testing conducted by Latio...
Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.
That's a lot of extended warranties The Jaguar Land Rover (JLR) cyberattack could end up being the costliest such incident in UK history, billed at an estimated £1.9 billion and affecting over...
TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution. The vulnerabilities...
Kaspersky experts break down the recent BetterBank incident involving ESTEEM token bonus minting due to the lack of liquidity pool validation.
The China-based actor behind the Warlock ransomware may not be a new player and has links to malicious activity dating as far back as 2019.
China-based threat actors also compromised networks of government agencies in countries in Africa and South America.
SentinelLABS uncovers a coordinated spearphishing campaign targeting organizations critical to Ukraine's war relief efforts.