Don't want to fork over $30 for a one-year subscription to Windows 10 Extended Security Updates? Microsoft is offering a couple of ways to avoid the fee. But there is a catch.

SonicWall is warning customers that threat actors are distributing a trojanized version of its NetExtender SSL VPN client used to steal VPN credentials. [...]

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn’t have asked for a better kickoff panel: three cybersecurity leaders who don’t just...

Kali Linux 2025.1c includes a new signing key to fix update errors, adds new tools, a redesigned menu with MITRE ATT&CK, and major system upgrades.

A representative of NCSC-FI shared some lessons learned from a 2024 data breach affecting the Finnish capital

A long-running malware campaign targeting WordPress via a rogue plugin has been observed skimming data, stealing credentials and user profiling

Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. "Attackers are exploiting...

Experts told CyberScoop the research 'doesn’t pass a sniff test' and detracts from needed conversations around credential abuse and information stealers. The post The ‘16 billion password breach’...

Experts told CyberScoop the research 'doesn’t pass a sniff test' and detracts from needed conversations around credential abuse and information stealers. The post The ‘16 billion password breach’...

Data breach at McLaren Health Care affecting over 743,000 individuals has been linked to a ransomware attack

Part 3: Security teams, it’s time to hedge “pure cloud” bets

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by...

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver...

CitrixBleed 2: Electric Boogaloo — CVE-2025–5777Remember CitrixBleed, the vulnerability where a simple HTTP request would dump memory, revealing session tokens? CVE-2023–4966It’s back like Kanye...

Microsoft has released the June 2025 non-security preview update for Windows 10, version 22H2, with fixes for bugs preventing the Start Menu from launching and breaking scanning features on USB...

The best part is you don't need to sign in or even create a ProtonVPN account. Here's how.

Microsoft is rolling out a configuration update designed to address a known issue causing Windows Update to fail on some Windows 11 systems. [...]

Four convicted members of the REvil cybercrime gang were released from custody after being sentenced in St. Petersburg for offenses related to payment card fraud.

2025-06-24 • Bridewell • Bridewell • win.asyncrat, win.brute_ratel_c4, win.cobalt_strike, win.fog, win.ghost_rat, win.lumma, win.meduza, win.quasar_rat, win.redline_stealer, win.sliver Open...

Organizations often assume that restoring a backup to a patched environment eliminates threats. However, backups encapsulate both data and schema objects, including triggers. A compromised backup,...

Vulnerabilities and misconfiguration are among the top factors in cyberattacks and data breaches. Barracuda Managed Vulnerability Security can help you find and remediate these risks.

Microsoft says Windows 10 home users who want to delay switching to Windows 11 can enroll in the Extended Security Updates (ESU) program using Microsoft Rewards points. [...]

Organizations often assume that restoring a backup to a patched environment eliminates threats. However, backups encapsulate both data and schema objects, including triggers. A compromised backup,...

Trezor is alerting users about a phishing campaign that abuses its automated support system to send deceptive emails from its official platform. [...]

2025-06-19 • Hunt.io • Hunt.io • win.cobalt_strike Open article on Malpedia

2025-06-23 • Rushter • Artem Golubin • win.cobalt_strike Open article on Malpedia

Once you turn on these new Android 16 security features, your information and phone will be better protected against harm.

Cobalt found that many security professionals believe a “strategic pause” in genAI deployment is necessary to recalibrate defenses

New ITRC data reveals identity crimes are down but impersonation scams now account for a third of all scams

The U.S. government has banned WhatsApp from devices used by U.S. House of Representatives staff, saying the app poses potential security risks.