Here's why Avast settled with the FTC and how to determine if you're eligible for a refund.

The first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods. Below is an overview...

Reports said the dairy company Sayanmoloko's plant in Semyonishna was attacked with LockBit ransomware, possibly because of its support for Russian troops in Ukraine. Company printers reportedly...

61% of hackers use new exploit code within 48 hours, ransomware remains top threat in 2024

A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware. "To...

Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub. The campaign,...

Medusa ransomware is one of the top ransomware threat actors. It uses both dark web and public internet resources to intimidate the public and other threat actors. It's part of a large...

Ghostwriter cyber-attack targets Ukrainian, Belarusian opposition using weaponized Excel documents

Mozilla has renewed its promise to continue supporting Manifest V2 extensions alongside Manifest V3, giving users the freedom to use the extensions they want in their browser. [...]

Microsoft has fixed an issue that caused Entra ID DNS authentication failures when using the company's Seamless SSO and Microsoft Entra Connect Sync. [...]

Houston-based employee screening company DISA Global Solutions says a 2024 data breach exposed the information of more than 3.3 million people.

Posted by Alex Rebert, Security Foundations, Ben Laurie, Research, Murali Vijayaraghavan, Research and Alex Richardson, SiliconFor decades, memory safety vulnerabilities have been at the center of...

In the first part of Trustwave SpiderLabs’ Russia-Ukraine war blog series, we gave a brief look at our major findings as well as the main differences between how Russia and Ukraine wage attacks in...

The following is the information on Yara and Snort rules (week 4, February 2025) collected and shared by the AhnLab TIP service. 0 YARA Rules 19 Snort Rules Detection name Source ET EXPLOIT...

A malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers, remote access trojans (RATs), and clipboard hijackers to steal crypto and...

​​Microsoft has released the optional KB5052077 preview cumulative update for Windows 10 22H2 with nine bug fixes and changes, including a fix for a longstanding known issue that breaks SSH...

Industrial cybersecurity firm Dragos reported that it has identified 1,693 industrial organizations with sensitive data exposed on various... The post Dragos finds ransomware attacks on industrial...

Learn how threat actors leverage browser extensions as an attack vector, including examples for Cyberhaven and GraphQL Network Inspector.

Google didn't tell Android users much about Android System SafetyCore before it hit their phones, and people are unhappy. Fortunately, you're not stuck with it.

Forescout observed the recently identified Chinese hacking group using medical imaging software applications to deliver malware

Chinese Silver Fox APT exploits trojanized medical imaging software to spread ValleyRAT malware, posing a serious threat to…

ReliaQuest claims 80% of ransomware attacks now focus solely on exfiltrating data as it is faster

A previously undocumented Linux backdoor dubbed 'Auto-Color' was observed in attacks between November and December 2024, targeting universities and government organizations in North America and Asia. [...]

A novel max-severity RCE vulnerability (CVE-2025-27364) in MITRE Caldera poses a serious risk of system compromise. The flaw can also be chained with another Parallels Desktop security issue,...

Industrial cybersecurity firm Dragos disclosed that the cybersecurity threat landscape in 2024 was heavily influenced by rising geopolitical... The post Ransomware, state actors, hacktivists...

SecurityScorecard revealed that the large-scale password spraying campaign can bypass MFA and security access policies by utilizing Non-interactive sign-ins

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: PowerFlex 755 Vulnerability: Cleartext Transmission of...

The UK's demand for an encryption backdoor in iCloud, and Apple's response, have repercussions that go far beyond national borders, threatening user privacy and security worldwide.

The Council of the European Union took decisive action to impose a new set of sanctions on Russia, with the aim of addressing threat to Ukraine's sovereignty. The sanctions were codified in...

DISA Global Solutions, a leading US background screening and drug and alcohol testing firm, has suffered a data breach impacting 3.3 million people. [...]