Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via...

A novel PostgreSQL flaw, CVE-2025-1094, has hit the headlines. Defenders recently revealed that attackers responsible for weaponizing a BeyondTrust zero-day RCE are also in charge of abusing...

OpenSSH has released security updates addressing two vulnerabilities, a man-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. [...]

​Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices. [...]

Proofpoint also identified two new threat actors operating components of web inject campaigns, TA2726 and TA2727

Think you're safe because you're compliant? Think again. Recent studies continue to highlight the concerning trend that compliance with major security frameworks does not necessarily prevent data...

Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image...

Industrial Defender, vendor of OT asset management and cybersecurity compliance solutions, has announced the release of its latest... The post New Industrial Defender 8.0 features redesigned risk...

Dream, an AI company providing cyber resilience for nations and critical infrastructure, today announced a $100 million Series... The post Dream secures $100 million to revolutionize national...

Kaspersky GReAT experts have discovered a new campaign distributing the XMRig cryptominer through popular games such as BeamNG.drive and Dyson Sphere Program on torrent trackers.

Researchers warn of rising macOS-targeted attacks as hackers exploit fake updates to bypass security. FrigidStealer malware highlights growing enterprise risks.

A threat actor claims to have hacked and published data on 12 million Zacks Investment Research accounts

Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff

The article begins with a hypothetical. You have a class Person with a field called age. What type should it be? The first suggestion is a String. This is obviously wrong but why is it bad? It's...

Okta had an interesting security incident. If the username was above 52 characters, then ANY password would be sufficient for logging in. If the username was 50 characters, then it would be only...

The Content Security Policy (CSP) is a browser-based protection to protection against XSS. In many ways, it does kill XSS but this post is about bypassing CSPs using forms. default-src works well...

The authors of this post are porting significant amount of networking code in EdgeDB from Python to Rust. While doing this, they have ran into a lot of interesting issues, including this post....

Apache maven is a common build tool for Java. Artifacts needed for the code are in an XML file. During the build process, the Maven console will download the deps it needs for local use. When it...

Microsoft Configuration Manager (MCM) is a systems management software by Microsoft. It manages computers with remote control, patch management, etc. If you find a bug, it's a really bad day for...

Prisma Finance is a hacked Liquidity fork that has been a ghost ever since. However, there is still some liquidity in it that they needed to get out. They discovered several other bugs in it while...

Sam Curry and friends had pwned the auto industry for fun multiple times. This time, they set their eyes on Subaru. The initial tests around the main Subaru mobile app didn't lead to anything. It...

The China-linked APT group Winnti (APT41) has been linked to a new cyber espionage campaign, RevivalStone, targeting Japanese manufacturing, materials, and energy companies in March 2024. The...

Earth Preta (Mustang Panda), a known APT group targeting government entities in the Asia-Pacific region, has been observed using a new technique to evade detection and maintain persistence....

Researchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,…

Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware...

People around the world learned about the latest advancements in the American space industry! This was made possible…

Pro-Russia hackers NoName057(16) has targeted Italian banks, airports and ports in a series of DDoS attacks

South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data...

Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity....