View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: PCU400, PCULogger Vulnerabilities: Access of Resource Using...
CERT Polska has received a report about 3 vulnerabilities (from CVE-2024-13892 to CVE-2024-13894) found in Smartwares cameras.
A graph intelligence-based pipeline and WHOIS data are among the tools we used to identify this campaign, which introduced a variant of domain generation algorithms. The post The Next Level: Typo...
Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim's machines and carry out post-exploitation activities.
Attacks using this ransomware have displayed consistent TTPs and grown steadily since 2023.
Domain spoofing poses a significant threat to organizations everywhere — not just in terms of potential fraud, monetary and data loss, but in terms of damage to customer trust and brand reputation.
Starting mid-March 2025, Microsoft will start prompting users of its Microsoft 365 apps for Windows to back up their files to OneDrive. [...]
Enisa identifies six sectors that it says must improve on NIS2 compliance
Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]
The UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands © 2024 TechCrunch. All rights reserved. For personal use only.
A new malware campaign named Phantom Goblin, identified and analyzed by Cyble, uses information-stealing malware that uses social engineering techniques to deceive victims and steal sensitive...
The DoJ has charged Chinese government and i-Soon employees for a series of for-profit data theft campaigns
The vCISO Academy is a free learning platform to equip service providers with training needed to build and expand their vCISO offerings. Learn more from Cynomi on how the Academy helps you launch...
Kaspersky experts have discovered campaigns distributing stealers, malicious PowerShell scripts, and backdoors through web pages mimicking the DeepSeek and Grok websites.
H8Core is a Russian fashion brand that sells clothing items glorifying far-right ideology and the Russian mercenary group Wagner. Its products – which include t-shirts, caps and hoodies – have...
A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive...
The European Union Agency for Cybersecurity (ENISA) published on Wednesday its initial NIS360 report, which identifies areas for... The post ENISA’s NIS360 report guides NIS2 Directive...
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency...
Researchers from Cisco Talos have discovered multiple cyber espionage campaigns that target various sectors, including government, manufacturing, telecommunications,... The post Cisco Talos...
Claroty, a cyber-physical systems (CPS) protection company, has announced a partnership with SealingTech, a Parsons Corporation subsidiary renowned... The post Claroty and SealingTech partner to...
EncryptHub, a rising cybercriminal entity, has recently caught the attention of multiple threat intelligence teams, including our own (Outpost24’s KrakenLabs). While other reports have begun to...
The explosion of connected devices is creating new cybersecurity challenges. In this episode of Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, sits down with Hollie...
On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social...
Researchers identified an ongoing attack campaign targeting organizations in Japan across sectors like technology, telecommunications, education, entertainment, and e-commerce. Active since at...
Generative AI bots present unique challenges to businesses and website operators. Left unchecked, these bots will extract data, increase server load, and degrade the performance of web applications.
US Treasury Department sanctions Iranian national accused of running the Nemesis criminal marketplace. Hunters International threatens to leak data stolen from Tata Technologies. Apple challenges...
The organization also lost years of wildlife conservation research as a result of the January 2024 cyber incident.
The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT)...
Jamf to acquire Identity Automation for $215 million.