Industrial cybersecurity vendor Dragos highlighted that during the third calendar quarter of 2024 transformative shifts were observed in... The post Dragos reports ransomware shifts in Q3, with...

The Federal Bureau of Investigation (FBI) published Tuesday a Private Industry Notification (PIN) to spotlight HiatusRAT scanning campaigns... The post FBI warns of HiatusRAT scanning campaigns...

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries...

The Irish Data Protection Commission has fined Meta $263m for a 2018 data breach impacting 29 million Facebook accounts

While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year

The European Commission is investigating whether TikTok allowed foreign actors to influence voters during recent Romanian elections

This article is the result of a joint investigation by Bellingcat and Lloyd’s List. Ukraine has said it is “outraged” after a Russian-flagged vessel surreptitiously exported grain from a port...

A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. The post Effective Phishing...

The Cybersecurity and Infrastructure Security Agency (CISA) issued a binding directive on Tuesday giving federal agencies a series of deadlines to identify cloud systems, implement assessment...

Editor's note: The following blog post originally appeared on Levi Gundert's Substack page.IntroductionA past conversation with an undercover federal agent who specializes in money laundering...

In June 2024, Unit 42 researchers identified a phishing campaign targeting approximately 20,000 users in European automotive, chemical, and industrial compound manufacturing sectors, particularly...

OWASP has issued a new guide specifically for addressing and mitigating deepfake security risks by applying fundamental security principles.

Using real-world examples and offering plenty of pragmatic tips, learn how to protect your directory services from LDAP-based attacks. The post LDAP Enumeration: Unveiling the Double-Edged Sword...

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams...

The cyber agency’s SCuBA guidelines were developed after pilots with 13 agencies and continue a post-SolarWinds cloud strategy. The post CISA delivers new directive to agencies on securing cloud...

This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q4 2024. It was last updated on December 17, 2024.OctoberWe terminated 11…

The 29-page filing alleges violations of Nebraska’s consumer protection and data security laws and says Change Healthcare — which is owned by UnitedHealth Group (UHG) — failed to implement proper...

Ideally, generative AI should augment, not replace, cybersecurity workers. But ROI still proves a challenge.

The guidance comes from the Office of the Director of National Cybersecurity and the Cybersecurity and Infrastructure Security Agency. The post Playbook advises federal grant managers how to build...

A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is...

In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have...

Yet another day, yet another data leak tied to Cisco!

Nvidia has shared a temporary fix for a known issue impacting systems running its recently unveiled NVIDIA App and causing gaming performance to drop by up to 15%. [...]

Even the best companies with the most advanced tools can still get hacked. It’s a frustrating reality: you’ve invested in the right solutions, trained your team, and strengthened your defenses....

Wiz Threat Research uncovered a new malware campaign targeting Linux environments attributed to the Diicot threat group.

A cyberespionage threat group known as 'Bitter' was observed targeting defense organizations in Turkey using a novel malware family named MiyaRAT. [...]

Sophisticated phishing attack targeting Turkey’s defense sector revealed TA397’s advanced tactics

A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. [...]

A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and...

In a previously unreported August memo, the Department of Homeland Security urged state and local police to conduct exercises to test their ability to respond to weaponized drones.