FLASH Alert-20250912-001 TLP:Clear Summary The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber...
IntroductionThe Ransomware Tool Matrix continues to be a useful passion project that I am happy to continue maintaining. One piece of common feedback I've received for the Ransomware Tool Matrix...
On Friday, Microsoft reminded customers once again that Windows 10 will reach its end of support in 30 days, on October 14. [...]
A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. [...]
In March 2023, Conor Brian Fitzpatrick, aka “Pompompurin,” was arrested at his home in New York. As a member of the former RaidForums, and as the owner and active participant in BreachForums, he...
A recent wave of attacks targeting SonicWall customers has researchers and authorities on alert. Many victim organizations had misconfigurations in their systems. The post SonicWall firewalls...
The week of 9/11, I was in Houston along with 40,000 others for the ISA Expo. On 9/9 I was made an ISA Fellow. On 9/10, we held two sessions on CONTROL SYSTEM (there was no such term as OT at the...
SentinelOne reaffirms support for MITRE ATT&CK, skipping this year’s evals to prioritize customer-focused innovation.
A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition. [...]
Citizen Lab senior researcher John Scott-Railton confirms that FlexiSPY spyware was installed on two Kenyan filmmakers’ phones while the devices were in police custody.
FortiGuard Labs uncovered an SEO poisoning campaign targeting Chinese users with fake software sites delivering Hiddengh0st and Winos malware.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a manufacturing operations management...
Microsoft has reminded customers today that devices running Home and Pro editions of Windows 11 23H2 will stop receiving updates in November. [...]
How to address DORA compliance challenges with Wiz and Deloitte.
Table of Contents Introduction The Evolving Threat of Attack Loaders Objective of This Blog Technical Methodology and Analysis Initial Access and Social Engineering Multi-Stage Obfuscation and...
Bill Toulas reports: U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its...
When cyberattacks hit, every second counts. Survival depends on three essentials: clarity to see what's happening, control to contain it, and a lifeline to recover fast. Learn from Acronis TRU how...
UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal
Introduction: What if your Al assistant wasn’t just helping you – but quietly helping someone else too? A recent zero-click exploit known as EchoLeak revealed how Microsoft 365 Copilot could be...
A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased...
Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android devices. [...]
On September 8, the “scattered LAPSUS$ hunters 4.0” Telegram channel posted: FBI and French LE, great job for the third time arresting the wrong person in France once again. DOJ please stop...
With the right strategy and tool set, warehouse managers can segment their industrial networks in three steps.
SENTRON ECPD technology ensures maximum safety, reliability and sustainability for the vessel.
Updated FDI technology specification paves the way for single device integration for process and factory automation device management.
Those readers who aren’t A-listers (including yours truly) may never have heard of Kering, but you may have heard of their high-end fashion brands: Gucci. Yves Saint Laurent. Bottega Veneta....
Diogo Santos Coelho (aka “Omnipotent” of RaidForums) was arrested in January 2022 in the U.K. when he traveled there to visit his mother. For the past 3+ years, he has been in limbo while both the...
Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware.
Citizen Lab director Ron Deibert's new op-ed in the Globe and Mail argues that AI should be subject to more regulation, not less.
The inquiry is intended to determine whether the tech companies are taking adequate steps to limit children’s use of the chatbots — a goal that could be at odds with their desires to expand their reach.