These are the development principles of writing Cryptography in Golang. I find it cool that they take the design of Golang Cryptography seriously. There are four design principles: secure, safe,...

A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete...

The Venice.ai chatbot gained traction in hacking forums for its uncensored access to advanced models

In the spirit of constant improvement, we have released a new onboarding wizard to help customers get started with Barracuda Email Protection.

The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the...

Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec…

Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented...

A data breach at Nationwide Recovery Services compromised data of 200,000 Harbin Clinic patients

The U.S. Coast Guard Cyber Command published its fourth annual Cyber Trends and Insights in the Marine Environment... The post US Coast Guard’s 2024 CTIME report reveals growing cyber risks in...

The U.S. House Armed Services Subcommittee on Cyber, Information Technologies, and Innovation held a hearing last week to... The post Congressional panel warns US losing ground in cyber war...

Six technology companies have launched the Strategic Cybersecurity Coalition (SCC), a new initiative aimed at overhauling U.S. international... The post SCC formed to reform US foreign...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday the appointment of Madhu Gottumukkala as its... The post CISA announces appointment of Madhu Gottumukkala as...

Researchers at ESET observed strengthened cyber-offensive activity from Russian groups, especially against Ukrainian and European entities

Internet monitoring services showed ongoing disruptions to Russia's tax service, as well as services for managing secure digital keys and documents (Saby), among others.

Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that's targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by...

2025-05-15 • ESET Research • Matthieu Faou • js.spypress Open article on Malpedia

The logistics firm Peter Green Chilled, a key supplier to major UK supermarkets including Tesco, Sainsbury’s, and Aldi, fell victim to a cyberattack. The company confirmed that its computer...

Weeks after LockBit ransomware breach, leaked data reveals how affiliates generate ransomware, set ransom demands, and often walk away unpaid.

SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers. [...]

Yubico's roaming authenticators can now be provisioned and delivered in 175 countries. Here's what the service offers.

In today’s fast-evolving ransomware landscape, threat actors are accelerating their tactics to gain access and deploy payloads with alarming speed. Increasingly, attackers are leveraging known...

Peter Green Chilled, which ships refrigerated food to supermarkets, is the latest company in the U.K.'s grocery sector to announce disruption from a cyberattack.

Thales found that 73% of organizations are investing in AI-specific security tools, amid surging takeup of GenAI tools in enterprises

A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam...

RVTools installer on its official site was found delivering malware. Research shows it spread Bumblebee loader. Users urged to verify downloads.

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and...

2025-05-13 • Proofpoint • Greg Lesnewich, Mark Kelly, Saher Naumaan Open article on Malpedia

2025-05-19 • The DFIR Report • 0xtornado, pcsc0ut, Randy Pargman • win.mimic, win.mimikatz Open article on Malpedia

Seven sources tell CyberScoop that a lack of coordination and miscommunication between federal agencies and the telecommunications industry left critical networks exposed to the Chinese hacking...

The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack that distributed a trojanized installer to drop the Bumblebee malware...