Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. "By mapping where our knowledge...

Over 50% of Wiz customers have reduced their cloud risk by reaching Zero Critical Issues

As GenAI continues to shape modern cybersecurity with its powerful advantages for strengthening defense mechanisms, it simultaneously introduces new risks as threat actors increasingly exploit the...

Europol has identified over 2,000 extremist links exploiting minors, focusing on dismantling grooming, abuse, and online radicalization networks.

Microsoft is testing a dedicated page in Windows Settings for quick machine recovery, which will provide users with additional configuration options. [...]

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. [...]

2025-05-27 • Trend Micro • Joseph C Chen • win.cobalt_strike, win.juicy_potato, win.stowaway, win.vshell Open article on Malpedia

The domino effect of CVE disruption is something all cybersecurity practitioners must be aware of, a Morphisec executive argues. The post Future-ready cybersecurity: Lessons from the MITRE CVE...

The domino effect of CVE disruption is something all cybersecurity practitioners must be aware of, a Morphisec executive argues. The post Future-ready cybersecurity: Lessons from the MITRE CVE...

Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. [...]

Scattered Spider isn't one group — it's an identity-first threat model evolving fast. From vishing to AiTM phishing, they're exploiting MFA gaps to hijack the cloud. Watch the Push Security...

Kaspersky expert shares insights on how to determine whether an attack was first launched in a container or on the host itself when an organization’s logs lack container visibility.

We discovered an Azure OpenAI misconfiguration allowing shared domains, potentially leading to data leaks. Microsoft quickly resolved the issue. The post Lost in Resolution: Azure OpenAI's DNS...

The 20-year bureau pro wants to see what it’s like to fight ransomware from the private sector. The post Top FBI cyber official Cynthia Kaiser exits for Halcyon appeared first on CyberScoop.

Abnormal AI found that engagement rates with VEC attacks globally is “worrisomely high”, overtaking BEC in the EMEA region

CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server. [...]

Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity...

Fashion retail giant Victoria's Secret has delayed its first quarter 2025 earnings release because of ongoing corporate system restoration efforts following a May 24 security incident. [...]

Crucial for applying Active Directory Group Policy Objects, client-side extensions (CSEs) are powerful but also present a significant, often overlooked, attack vector for persistent backdoors....

Risk Ledger found that 90% of UK professionals view supply chain cyber incidents as a top concern for 2025

Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. [...]

In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their...

The latest version of the 'Crocodilus' Android malware has introduced a new mechanism that adds a fake contact on the infected device's contact list to deceive victims. [...]

These multifaceted relay modules can reliably switch a multitude of small loads, decouple systems and multiply signals.

The new SDK versions feature advanced elliptic curve cryptography (ECC) for improved data protection in industrial networks.

It is the first web-based automation system to receive the ISASecure SSA Level 1 certification for its built-in cybersecurity approach.

Software-Defined Automation blends IT agility with industrial strength–boosting flexibility, speed and efficiency at the edge. It’s the future of automation, redefined by code, not cables.

Researchers discovered an active exploitation of a misconfigured Open WebUI instance—a self-hosted interface for large language models (LLMs)—that was exposed to the internet with administrator...

We compare the effectiveness of content filtering guardrails across major GenAI platforms and identify common failure cases across different systems. The post How Good Are the LLM Guardrails on...

Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and...