Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks
Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploit…
How Dealerships Can Protect Their Customers’ Financial Data
Dealerships handle sensitive information, such as credit applications and personal financial records, daily. A data breach can lead to…
Vegas, Vulnerabilities, and Voices: Black Hat and Squadcon 2025
The week of August 4th, I had the opportunity to attend two exciting conferences in the cybersecurity world: Black Hat USA 2025 and Squadcon…
How to Develop a Business Continuity Plan for Cyber Security: A Step-by-Step Guide
The figures are appalling – 60% of small businesses fail within six months of a cyber-attack. Cyber attackers are all around us, and…
Cyber Security Simulation Training Mistakes That CISOs Must Avoid
Your team’s ability to identify phishing attempts in their inboxes has the potential to make or break your entire security posture,…
Healthcare Organizations at Risk: Managing Human Vulnerability in Cybersecurity
The battle against cybercrime continues to be a significant topic for organizations across all industries, however the threat to the health…
Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing
The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating…
Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations
Security Information and Event Management (SIEM) systems act as the primary tools for detecting suspicious activity in enterprise networks,…
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based…
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active…
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are…
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked…
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. New research…
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. After a recent dip,…
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line. EdFinancial and the Oklahoma Student Loan Authority…
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Targeted attacks on Twilio and…
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s…
Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior…
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
Cybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to…
Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the…
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to…
Why Your Security Culture is Critical to Mitigating Cyber Risk
After two decades of developing increasingly mature security architectures, organizations are running up against a hard truth: tools and…
U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback
The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have…
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of…
New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code
Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access…
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and…
DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks
A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service…
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern…
From Impact to Action: Turning BIA Insights Into Resilient Recovery
Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number…
Microsoft: August Windows updates cause severe streaming issues
Microsoft has confirmed that the August 2025 security updates are causing severe lag and stuttering issues with NDI streaming software on some…
Fake Mac fixes trick users into installing new Shamos infostealer
A new infostealer malware targeting Mac devices, called ‘Shamos,’ is targeting Mac devices in ClickFix attacks that impersonate…
APT36 hackers abuse Linux .desktop files to install malware in new attacks
The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India.…
Murky Panda hackers exploit cloud trust to hack downstream customers
A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain…
Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws
Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been…
Webinar: What the Next Wave of AI Cyberattacks Will Look Like — And How to Survive
The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action…
AI SOC 101: Key Capabilities Security Leaders Need to Know
Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what…
Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The…
Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws
Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and…
New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks
Cybersecurity researchers have discovered a new malvertising campaign that’s designed to infect victims with a multi-stage malware…
CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known…
Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses
Google said it’s implementing a new policy requiring developers of cryptocurrency exchanges and wallets to obtain government licenses…
Simple Steps for Attack Surface Reduction
Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the…
New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits
Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay…