The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware...

Cybersecurity researcher Jeremiah Fowler discovered a misconfigured cloud server containing a massive 184 million login credentials, likely collected…

For many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders,...

Malware campaign exploiting TikTok’s popularity has been observed using social engineering to spread Vidar and StealC

The legislation Sens. Gary Peters and James Lankford would create an executive branch panel to align federal cyber rules. The post Senators revive bill to harmonize conflicting cybersecurity...

Kettering Health is facing significant disruptions from a cyber-attack that impacted patient care

ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of May, 2025”

AhnLab and the National Cyber Security Center (NCSC) have released a report that details the activities of the TA-ShadowCricket group from 2023 to the present. Full Report: (APT Group Tracking...

The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies

Ever tried resizing an image only to end up with a blurry, pixelated mess? Whether you’re adjusting a…

A coordinated advisory from cybersecurity and intelligence agencies across North America, Europe, and Australia confirms a two-year-long cyberespionage campaign by russian GRU Unit 26165 (APT28,...

Your best cybersecurity strategy is all about balancing risk and affordability. Keep these five solutions in mind.

The US cryptocurrency exchange claimed that the breach occurred in December 2024

A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure associated with a commodity information stealer...

Learn about the latest ClickFix tactics compromising websites and embedding fraudulent CAPTCHA images to deliver malware and malicious code.

Cloudflare patched a vulnerability (CVE-2025-4366) in the Pingora OSS framework, which exposed users of the framework and Cloudflare CDN’s free tier to potential request smuggling attacks.

Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital...

2025-05-13 • Trend Micro • Philip Chen, Pierre Lee, Vickie Su Open article on Malpedia

How Deloitte and Wiz Enable End-to-End Security Without Slowing Down Development

The unpatched vulnerabilities, with a CVSS score of 8.6 to 10.0, can lead to remote code execution via authentication bypass

Police arrested 270 suspects following an international law enforcement action codenamed 'Operation RapTor' that targeted dark web vendors and customers from ten countries. [...]

A 19-year-old college student faces charges after pleading guilty to cyber extortion targeting PowerSchool, exposing data of 60…

The EC-Council has earned official reaccreditation from the U.K.’s National Cyber Security Centre (NCSC), a validation of its... The post EC-Council earns reaccreditation from UK NCSC, reaffirms...

Immersive, a vendor of people-centric cyber resilience, launched on Wednesday its OT (operational technology) security solution to help... The post New Immersive tool aims to strengthen OT cyber...

The U.S. Department of Homeland Security’s Science and Technology Directorate (DHS S&T) released details of a new tool... The post DHS releases GNSS Test Vector Suite to boost PNT security for...

Cellcom, a regional wireless provider based in Wisconsin, is continuing efforts to restore full service following a cybersecurity incident that has disrupted customers’ ability to make phone calls...

Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. [...]

Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.

West Lothian Council confirmed that ransomware attackers have stolen personal and sensitive information held on its education network

The trove has now been taken down but included users’ logins for platforms including Apple, Google, and Meta, plus services from multiple governments.