Many of the talks at KubeCon Europe, Europe’s largest open source community conference, were related to security. Let's discuss some of our favorites.

Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. [...]

Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector...

Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector...

Read how security teams are adopting agentic and generative AI to reshape operations and accelerate the journey toward an autonomous SOC.

A new exploit, traced to a MorphoBlue vulnerability, has resulted in the theft of $2.6 million. The breach, which occurred on April 11, 2025, was first reported by PeckShieldAlert, highlighting a...

2025-04-10 • Symantec • Threat Hunter Team Open article on Malpedia

Experts at the Google Cloud Next event set out how security teams need to adapt their focuses in the wake of trends such as rising cyber-attacks and advances in AI

Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty "inetpub" folder and warned users not to delete it. [...]

Some misconfigured AI chatbots are pushing people’s chats to the open web—revealing sexual prompts and conversations that include descriptions of child sexual abuse.

A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as...

Google's AI video generator tool Veo 2, which is the company's take on OpenAI's Sora, is now rolling out to some users in the United States. [...]

TL;DRWe did some interesting research focused on the AWS cloud platform that offers highly-permissive tools for security operations, such as incident response, auditing, inventorying, etc. These...

2025-04-10 • Medium TRAC Labs • TRAC Labs • win.stealc Open article on Malpedia

Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems. [...]

2025-04-03 • Mandiant • Jacob Thompson, John Wolfram, Josh Murchie, Matt Lin, Michael Edie Open article on Malpedia

The Chromium-based Microsoft Edge has seen up to 9% performance improvements following the release of version 134. [...]

The Chromium-based Microsoft Edge has seen up to 9% performance improvements following the release of version 134. [...]

Check out why a global geopolitical spyware campaign could ensnare mobile users outside of its target groups. Plus, the U.K.’s cyber agency offers cyber governance resources to boards of...

Fourlis Group, the operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, has informed that the ransomware attack it suffered just before Black Friday on November 27, 2024, caused...

Claroty, a cyber-physical systems (CPS) protection company, announced on Thursday the appointment of Jen Sovada as General Manager... The post Claroty appoints Jen Sovada as GM of public sector,...

Ron Wyden, a Democratic Senator from Oregon, has placed a hold on the nomination of Sean Plankey to... The post Senate standoff: Wyden demands transparency on China-linked hacks, holds back...

Industrial technology company Sensata Technologies disclosed that the company experienced a ransomware attack that encrypted parts of its... The post Ransomware surge: Sensata Technologies, US...

Rockwell Automation, Hitachi Energy and Inaba Denki Sangyo have products affected by critical vulnerabilities carrying severity ratings as high as 9.9

A recently uncovered SureTriggers vulnerability has put more than 100,000 websites at risk, highlighting once again how critical plugin security is for WordPress site administrators. The...

To address the growing challenges posed by cyber threats and digital fraud, the Bank of Thailand (BOT) and Bank Negara Malaysia (BNM) have officially signed a Memorandum of Understanding (MoU) to...

Explore how Huione Marketplace empowers global fraud networks with AI tools, deepfakes, and money laundering services—reshaping cybercrime at scale.

Learn how a minor DNS misconfiguration can quickly become a major supply chain threat and how to protect your organization from such threats.

Nakasone said he didn’t know “what really occurred” and has not spoken to either Haugh or Noble since the presidential decisions were made, but he lauded both of them as “extraordinary leaders."

The U.S. plans to sign an international agreement designed to govern the use of commercial spyware, the State Department said Thursday.