The Cyber Security Agency of Singapore (CSA) expanded last week its Cyber Essentials and Cyber Trust certification marks... The post CSA enhances cybersecurity guidance with cloud, AI, OT...

IBM released the 2025 X-Force Threat Intelligence Index, highlighting that cybercriminals continued to pivot to stealthier tactics, with... The post IBM X-Force reports evolving threat landscape...

Custom and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border.

A major security flaw has been discovered in PyTorch, the widely used open-source machine learning framework. Identified as CVE-2025-32434, this newly reported PyTorch vulnerability allows...

North Korean IT workers are reportedly using real-time deepfakes to secure remote work, raising serious security concerns. We explore the implications. The post False Face: Unit 42 Demonstrates...

This is a weekly threat intelligence report review from RST Cloud. This week, we processed 55 threat intelligence reports and have compiled a brief summary of the findings, along with the...

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CSO...

A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests. [...]

Attackers are increasingly sending phishing emails with SVG attachments that contain embedded HTML pages or JavaScript code.

Ahold Delhaize USA, the parent company of several well-known American supermarket brands, has confirmed that data was stolen during a cyberattack that took place in the fall of 2024. The company...

A high-severity vulnerability has been discovered in a range of industrial recorder and data acquisition systems produced by Yokogawa Electric Corporation, a Japan-based automation and measurement...

One of the founders of startup accelerator Y Combinator offered unsparing criticism this weekend of the controversial data analytics company Palantir, leading a company executive to offer an...

AhnLab SEcurity intelligence Center (ASEC) recently identified cases of attacks installing Ammyy Admin on poorly managed MS-SQL servers. Ammyy Admin is a remote control tool used to control...

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent...

The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a...

ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia...

As the industrial cybersecurity landscape adopts AI and ML technologies, helping enhance anomaly detection across OT (operational technology)... The post Integrating AI and ML technologies across...

Kaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and…

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities....

Midnight Blizzard (APT29/Cozy Bear) targets European embassies and Ministries of Foreign Affairs with sophisticated phishing emails disguised as…

Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app...

ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The...

A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment...

Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]

Plus: A US judge rules against police cell phone “tower dumps,” China names alleged NSA agents it says were involved in cyberattacks, and Customs and Border Protection reveals its social media...

Google Gemini is testing a ChatGPT-like scheduled tasks feature called "Scheduled Actions," which will allow you to create tasks that Gemini will execute later. [...]

Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024....

It is hard to believe that we are now over three months into 2025. This is a good time to pause and survey stakeholders and cybersecurity experts about the emerging trends observed so far this year.

Check out the top OSINT tools of 2025, an updated list featuring the best free and paid open-source…

A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade...