ReversingLabs reveals a malicious npm package targeting Atomic and Exodus wallets, silently hijacking crypto transfers via software patching.

Ever thought an image file could be part of a cyber threat? The Trustwave SpiderLabs Email Security team has identified a major spike in SVG image-based attacks, where harmless-looking graphics...

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put...

Vehicle inspections and other services have been disrupted in Oregon after a cyberattack on the state Department of Environmental Quality (DEQ).

Dada et al v. NSO Group has been one of many cases where alleged spyware victims have run into jurisdictional hurdles. The post Judges strike skeptical note of NSO Group’s argument to dismiss case...

Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what's seen...

Martin delves into how threat actors exploit chaos, offering insights from Talos' 2024 Year in Review on how to fortify defenses against evolving email lures and frequently targeted...

Tech giant Google may soon help users find content they've previously seen, not by searching the web but by scanning their own digital history.

The agency is looking to remove some 1,300 people by cutting about half its full-time staff and another 40 percent of its contractors, a source with direct knowledge of the developing plans told...

The emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates...

Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking...

The Tycoon 2FA phishing kit has adopted several new evasion techniques aimed at slipping past endpoints and detection systems. These include using a custom CAPTCHA rendered via HTML5 canvas,...

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security....

The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated...

What do disco music, Star Wars and Saturday Night Live all have in common? The 1970s. A decade jam-packed with social and technological change, which also happened to bring us advancements in...

Authorities arrest 5 Smokeloader botnet customers after Operation Endgame; evidence from seized data links customers to malware, ransomware, and more.

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing...

Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. "In a coordinated series of actions, customers of...

Google Cloud’s Sandra Joyce said that Chinese state actors’ advanced techniques and ability to stay undetected pose huge challenges

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]

With the latest IDC and Radicati reports, analysts continue to recognize Symantec’s data protection excellence

ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of April, 2025”

Note This trend report on the deep web and dark web of March 2025 is sectioned into Ransomware, Data Breach, DarkWeb, CyberAttack, and Threat Actor. Please note that there are some parts of the...

Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America.

Google Cloud announced a number of security products designed to reduce complexity for security leaders

​Microsoft has released an out-of-band Office update to fix a known issue that caused Word, Excel, and Outlook to crash after installing the KB5002700 security update for Office 2016. [...]

A new report released by the U.K. government identified that cybersecurity breaches and attacks remain a common threat,... The post UK Cyber Security Breaches Survey 2025 reveals persistent...

The Cyber Security Breaches Survey 2025 has been released by the UK Home Office and DSIT today, reporting a slight decline in incidents compared to 2024 report

The Pall Mall Process guidelines for nations could be useful, they said, but have obvious limitations. The post Cyber experts offer lukewarm praise for voluntary code governing use of commercial...

A recent Congressional Research Service (CRS) report detailed that a decade-old federal framework that enables cybersecurity information sharing... The post Congress faces crucial decision on...