The U.S. House Committee on Homeland Security held on Wednesday a hearing to examine cybersecurity threats to the... The post US House Committee calls for offensive cyber strategies in response to...

Following the release of an EU action plan by the European Commission last week, aimed at enhancing the... The post ENISA addresses proposed role to safeguard cybersecurity of health sector in EU...

2025-01-20 • JPCERT/CC • Hayato Sasaki Open article on Malpedia

Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. "When you...

2025-01-23 • ThreatMon • Aziz Kaplan, ThreatMon, ThreatMon Malware Research Team • elf.helldown Open article on Malpedia

Security researchers have discovered an arbitrary account takeover flaw in Subaru's Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and...

A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions. [...]

Crazy Evil, a group of crypto scammers, exploit NFTs and cryptocurrencies with malware targeting influencers and tech professionals

XSS (Cross-site Scripting) vulnerability has been found in Eura7 CMSmanager software (CVE-2024-11348).

A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited...

A new FBI advisory warned that North Korean IT worker schemes have escalated their activities in recent months to include data extortion

Microsoft says outdated Exchange servers cannot receive new emergency mitigation definitions because an Office Configuration Service certificate type is being deprecated. [...]

The multi-year scheme saw the defendants generate hundreds of thousands in revenue. © 2024 TechCrunch. All rights reserved. For personal use only.

SentinelOne researchers highlighted similarities in the approaches used by the HellCat and Morpheus ransomware groups, suggesting shared infrastructure

Security Information and Event Management (SIEM) systems are now a critical component of enterprise security. Learn more from Smarttech247 about how its VisionX + Splunk solution can help secure...

Check out tips for adopting AI securely from the World Economic Forum. Plus, the EU’s DORA cyber rules for banks go into effect. Meanwhile, a report warns about overprivileged cloud accounts. And...

​The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days. [...]

Operation LongFang is a cyber-espionage campaign, attributed to a Chinese threat actor, targeting Latin American government entities. First detected in December 2024, it has been active for at...

The flaw has a severity rating of 9.8 out of 10, and a patch has been made available. The post SonicWall pushes urgent patch for its SMA appliance appeared first on CyberScoop.

OpenAI says that it might store chats and associated screenshots from customers who use Operator, the company’s AI “agent” tool, for up to 90 days — even after a user manually deletes them. OpenAI...

The department alleges that a North Carolina-based laptop farm enabled access for two North Korean nationals over the course of the scheme. The post DOJ indicts five in North Korean fake IT worker...

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features....

Dragos CEO and co-founder Robert M. Lee returned as a speaker at the World Economic Forum (WEF) Annual Meeting in Davos,... The post Dragos CEO Addresses Global Audience on Cybersecurity...

Cybersecurity firm ESET uncovers PlushDaemon, a previously unknown APT group targeting South Korea, deploying a SlowStepper backdoor. This…

Barracuda channel leaders Greg Saenz and Alli Oneal talk MSP growth in interviews with The ChannelPro Network. Read now for more insights!

Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is...

Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the...

Security researcher Jane Wong found a hidden feature that let her change the top display of a Waymo robotaxi. © 2024 TechCrunch. All rights reserved. For personal use only.

An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads....