TaskUs Employees Behind Coinbase Breach, US Court Filing Alleges
A court filing has identified an employee at business process outsourcing firm TaskUs as the key conspirator in a large-scale data breach…
Protecting CISOs and CSOs in an Era of Personal Liability
Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) face unprecedented pressures, not only from the evolving threat…
Microsoft Disrupts RaccoonO365 Phishing Kit, Seizes 338 Malicious Sites
Microsoft has announced the disruption of RaccoonO365, a popular subscription-based phishing kit focused on the theft of Microsoft365…
Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets
For the third time in just a few weeks, experts are warning of a significant threat to the open source npm ecosystem, after discovering a…
Expert Spotlight: Koushik Anand on IAM and PAM Excellence at Enterprise Scale
By Gary Miliefsky, Publisher With more than 80% of breaches involving stolen or misused credentials, identity is the control point that…
Fifteen Ransomware Gangs “Retire,” Future Unclear
Fifteen well-known ransomware groups, including Scattered Spider, ShinyHunters and Lapsus$, have announced that they are shutting down their…
Gucci and Alexander McQueen Hit by Customer Data Breach
Luxury fashion brands Gucci, Alexander McQueen and Balenciaga have suffered a customer data breach, in another attack linked to the…
Bridging the Cybersecurity Talent Gap
There’s no doubt about it. Cybersecurity incidents are rising. In 2024, the FBI reported a 9% increase in ransomware…
Digital Transformation Failures: A National Security Crisis in the Making
In the hyperconnected world, digital transformation has become synonymous with progress, efficiency and innovation. For governments, business…
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents
All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any…
UK: Tax Refund-Themed Phishing Slows in 2025
Phishing reports impersonating HM Revenue & Customs (HMRC), the British national tax authority, appear to be slowing, according to a new…
Apple Ends iCloud Support for Older Devices
According to Apple’s newly published support documentation, devices running iOS 10 or macOS 10.12 no longer meet the minimum system…
JLR Extends Production Halt After Cyber-Attack
Jaguar Land Rover (JLR) has confirmed it will extend its production pause until at least September 24 following a cyber-attack earlier this…
Nessus vs Metasploit Comparison: How To Exploit Vulnerabilities Using These Powerful Tools
The cybersecurity landscape demands sophisticated tools to identify and exploit vulnerabilities effectively, with Nessus vs Metasploit…
Apple Releases iOS 26: Key Updates and Vulnerability Patches
On September 15, 2025, Apple officially rolled out iOS 26 and iPadOS 26, bringing a fresh set of features and critical security fixes aimed at…
RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
Background RevengeHotels, also known as TA558, is a threat group that has been active since 2015, stealing credit card data from hotel guests…
API Threats Surge to 40,000 Incidents in 1H 2025
The financial services, telecoms and travel sectors were in the crosshairs of threat actors in the first half of the year, after Thales…
HybridPetya Mimics NotPetya, Adds UEFI Compromise
A newly identified ransomware strain called HybridPetya has appeared on the VirusTotal platform. Uploaded in February 2025, the sample showed…
Securing Linux Systems in the Age of AI: Unified Security Strategies for Modern Enterprises
Introduction In the rapidly evolving landscape of cybersecurity, the integration of Artificial Intelligence (AI) has emerged as a…
SEO Poisoning Targets Chinese Users with Fake Software Sites
A search engine optimization (SEO) poisoning attack aimed at Chinese-speaking Microsoft Windows users has been identified by security…
Preparing for the EU’s DORA amidst Technical Controls Ambiguity
The financial sector is bracing for a significant shift in its digital landscape as the EU’s Digital Operational Resilience Act (DORA)…
OpenAI’s New Grove Incubator Is Building the Next Generation of AI Startups
OpenAI recently unveiled its internal incubation initiative, OpenAI Grove. Unlike traditional startup accelerators or incubator programs,…
CISA at Risk After OIG Accuses it of Wasting Federal Funds
The US Cybersecurity and Infrastructure Security Agency (CISA) wasted taxpayers’ money and imperilled its mission to protect the nation from…
Phishing Campaigns Drop RMM Tools for Remote Access
Malicious actors are using multiple lures in new phishing campaigns designed to install remote monitoring and management (RMM) software onto…
ACR Stealer – Uncovering Attack Chains, Functionalities And IOCs
ACR Stealer represents one of the most sophisticated information-stealing malware families actively circulating in 2025, distinguished by its…
CVE-2025-9556 (CVSS 9.8):Critical Vulnerability in LangChainGo Puts LLM Apps at Risk
The rise of large language model (LLM) applications has made frameworks like LangChain and its ports foundational for developers worldwide.…
Phishing Wave Hits U.S. Energy Giants: Chevron, ConocoPhillips Targeted
The U.S. energy industry has become a prime target for large-scale phishing operations in 2025, according to new research from Hunt…
Beyond Buzzwords: The Real Impact of AI on Identity Security
Artificial intelligence (AI) has become one of the most discussed technologies in recent years, often touted as the answer to many of…
A CISO’s Guide to Managing Cyber Risk in Healthcare
Now more than ever before, our healthcare data is under attack. Of all of the sensitive information available on the dark web, medical records…
Why The Open Web Application Security Project (OWASP) Mobile Application Security (MAS) Project Is Critical
The OWASP MAS project continues to lead the way in mobile application security. This article describes the resources and tools which have…
Google Chrome Patches Critical Security Flaws in September 2025 Update
In early September 2025, Google released an important security update for its Chrome browser—version 140.0.7339.127—to patch two…
HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot
ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware,…
New HybridPetya Weaponizing UEFI Vulnerability to Bypass Secure Boot on Outdated Systems
In late July 2025, a series of ransomware samples surfaced on VirusTotal under filenames referencing the notorious Petya and NotPetya attacks.…
Microsoft Windows Defender Privilege Escalation Flaws
It was an uneventful Patch Tuesday—until the headlines hit. Security feeds and vuln catalogs started buzzing: The Microsoft Windows…
New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit
Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware,…
HybridPetya: More proof that Secure Boot bypasses are not just an urban legend
A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI)…
ICO Warns of Student-Led Data Breaches in UK Schools
Over half (57%) of insider data breaches in UK schools are caused by students, with many children being set up for “a life of cybercrime,” a…
Apple Issues New Spyware Alerts for French Officials and Journalists
Ddos September 12, 2025 Apple occasionally issues spyware attack notifications, publicly disclosing on its website which countries or regions…
PyInstaller Flaw : Are Your Python Apps Vulnerable to Hijacking?
Ddos September 12, 2025 The PyInstaller project has released fixes for a local privilege escalation vulnerability that affected applications…
Senator Urges FTC Probe Into Microsoft After Ascension Ransomware Attack
US Senator Ron Wyden urges the FTC to investigate Microsoft after its software contributed to a major ransomware attack on Ascension Hospital,…
Akira ransomware exploiting critical SonicWall SSLVPN bug again
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to…
CISA Launches Roadmap for the CVE Program
In a new document, the US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed its support for the Common Vulnerabilities and…