Application Security
Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...
Hi, what are you looking for?
SecurityWeek
Phishing
A long-running campaign phishing for credentials through scareware recently switched to targeting macOS users.
Phishing
Threat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation campaigns.
Phishing
A cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering.
Phishing
Researchers see dozens of fake DeepSeek websites used for credential phishing, cryptocurrency theft, and scams.
Cybercrime
Business resilience must be the ultimate purpose of all the security controls and processes we employ, because we will never conclusively defeat or protect...
Phishing
Noteworthy stories that might have slipped under the radar: several multi-million dollar settlements, CrowdStrike-themed phishing emails, and MITRE launches D3FEND 1.0.
Application Security
After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple...
Application Security
Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...
Application Security
Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...
Cloud Security
Apple has scrapped plans to ship a controversial child pornography protection tool for iCloud Photos, a concession to privacy rights advocates who warned it...
Application Security
Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.
Application Security
The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into...
Application Security
High-flying security compliance and automation startup Drata continues to attract major venture capital investor interest, banking $200 million in Series C funding that values...
Cybercrime
A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...
Application Security
Balance Theory, a seed-stage startup working on technology to help security teams collaborate and manage data flows securely, has closed a $3 million funding...
Application Security
Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a...
Application Security
Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to...
ICS/OT
Forescout has found dozens of vulnerabilities in solar power systems from Sungrow, Growatt and SMA.
Artificial Intelligence
Hacker Conversations
Supply Chain Security
Vulnerabilities
Splunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App.
Management & Strategy
