The post Hackers release files stolen in cyberattack on Rhode Island benefits system appeared first on CyberScoop.

The Brain Cipher ransomware gang has begun to leak documents stolen in an attack on Rhode Island's "RIBridges" social services platform. [...]

VPNs are handy internet privacy tools, but with so many options on the market, here's what you should look for in a good VPN.

Sekoia’s innovative PlugX malware disinfection campaign removed active threats across ten countries

DoubleClickjacking bypasses X-Frame-Options and SameSite cookies in double-click sequences, exposing UI authentication flaws

In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity...

A new variation of clickjacking attacks called "DoubleClickjacking" lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against...

ASEC Blog publishes “Android Malware & Security Issue 1st Week of January, 2025”

The US government has set out proposals to increase security obligations on healthcare providers to protect patient data amid surging cyber-attacks in the sector

From ransomware repurposed for espionage to increased exploitation of cloud platforms, learn about the key trends from SentinelLABS research in 2024.

Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality,...

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat...

​Chinese state-backed hackers have reportedly breached the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs. [...]

The Dangerous websites Warning List will soon be five years old. Over this time it stopped millions of attempts to connect to malicious domains and has become our most effective tool in the fight...

German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., and Alex D., have been accused of...

XSS (Cross-site Scripting) vulnerability has been found in Kentico CMS software (CVE-2024-12907).

The State of Rhode Island has confirmed that cybercriminals have begun publishing data stolen from its social services portal, the RIBridges system

CERT Polska has received a report about 2 vulnerabilities (CVE-2024-11716 and CVE-2024-11717) found in CTFd software.

Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. [...]

Over 2.5 million end users are at risk as researchers discover 36 compromised Chrome extensions

2024-12-20 • Orange Cyberdefense • Alexandre Matousek, Marine PICHON • win.emmenhtal Open article on Malpedia

2024-12-16 • Zscaler • ThreatLabZ research team • win.riseloader Open article on Malpedia

2024-12-24 • NTT Security Holdings • NTT Security Holdings • js.beavertail, py.invisibleferret Open article on Malpedia

2024-12-12 • Elastic • Daniel Stepanic, Elastic Security Labs, Jia Yu Chan, Salim Bitam, Seth Goodwin • win.quasar_rat Open article on Malpedia

2024-12-20 • Team Cymru • Lewis Henderson Open article on Malpedia

Chinese hackers appear to have compromised Treasury machines via a trusted third party

Chinese government hackers targeted the U.S. Treasury’s highly sensitive sanctions office during a December cyberattack, according to reports. According to The Washington Post, the state-sponsored...

The U.S. government has unveiled a cybersecurity implementation plan for energy modernization, addressing the evolving energy landscape as... The post New US cybersecurity implementation plan for...

The Infrastructure Security Division (ISD) of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is set to submit... The post CISA seeks public input on new ChemLock information...

Kong Ingress Controller is a popular ingress controller for Kubernetes. The Kong Ingress Controller version 3.4 instances have been experiencing a significant performance regression causing...