A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions...

The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement...

A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation. "The...

Explore the key insights on code and cloud security risks shaping 2025.

Fake job ads target freelance developers, spreading malware via GitHub

Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. [...]

The California agency said National Public Data failed to register in the state as a data broker. © 2024 TechCrunch. All rights reserved. For personal use only.

An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. [...]

Businesses can expect to pay a premium for Windows 10 Extended Security Updates. Educators will fare better. And for the first time, consumers can sign up. You also have free options, but they're risky.

A Dallas, Texas-based clinical research firm had its database exposed, containing sensitive personal healthcare records of over 1.6…

For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in...

The Department of Government Efficiency (DOGE) may already have access to sensitive tax and medical data stored at the IRS and Social Security Administration (SSA), which jointly retain disability...

A survey by IANS and Artico found significant regional variation in cybersecurity salary levels across North America

A recently patched firewall flaw in Palo Alto Networks PAN-OS, tracked as CVE-2025-0108, lets cybercriminals with network access to the management web interface bypass authentication and execute...

ASEC Blog publishes “Android Malware & Security Issue 3st Week of February, 2025”

Executive Summary Why We Care about Sandbox Emulation As a discipline, information security involves a vast web of entry vectors, mitigations, and counter-mitigations. Among these, one of the most...

Mobile phishing attacks surged in 2024, with 16% of all incidents occurring in the US, according to a new Zimperium report

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers

The prolific Medusa ransomware group claims to have stolen troves of data from HCRG, including patients’ sensitive health data © 2024 TechCrunch. All rights reserved. For personal use only.

Kela researchers 330 million compromised credentials to infostealer activity on over four million machines in 2024

Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to settle allegations that HNFS falsely certified compliance with cybersecurity...

Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog...

Empowerment and speed for security teams without losing unified cloud context.

Palo Alto Networks has observed exploit attempts chaining three vulnerabilities in its PAN-OS firewall appliances

Increasing ransomware volumes, expanding hacker collectives, and record-breaking damage costs are redefining the cyber risk arena. The FBI, CISA, and partners have recently issued a joint...

Google enables marketers to target people with serious illnesses and crushing debt—against its policies—as well as the makers of classified defense technology, a WIRED investigation has found.

FBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elseta Equipment: Vinci Protocol Analyzer Vulnerability: Improper Neutralization of Special...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on...