The average ransom paid by Australian companies following a cyber-attack has dropped to AUD $711,000, almost halving from its peak of AUD $1.35 million last year. The latest data reflects changing...

Google is backpedaling on its decision to introduce new identity verification rules for all developers, stating that it will also introduce accounts for limited app distribution and will allow...

LevelBlue Labs is tracking a severe vulnerability in Windows Server Update Services, that allows attackers to remotely execute code without authentication.

Palo Alto Networks has disclosed a denial-of-service vulnerability in its PAN-OS software that allows attackers to force firewalls into unexpected reboots using specially crafted network packets....

ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models. [...]

A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity, per Netcraft security researcher Andrew...

Maintenance to end next year after ‘helpful options’ became ‘serious security flaws’ Kubernetes maintainers have decided it’s not worth trying to save Ingress NGINX and will instead stop work on...

DoorDash has disclosed a data breach that hit the food delivery platform this October. Beginning yesterday evening, DoorDash, which serves millions of customers across the U.S., Canada, Australia,...

DoorDash has disclosed a data breach that hit the food delivery platform this October. Beginning yesterday evening, DoorDash, which serves millions of customers across the U.S., Canada, Australia,...

Anthropic dubs this the first AI-orchestrated cyber snooping campaign Chinese cyber spies used Anthropic's Claude Code AI tool to attempt digital break-ins at about 30 high-profile companies and...

A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication [...]

Officials shared indicators of compromise observed as recently as this month to help organizations hunt for and defend against the ransomware group, which has pocketed $244 million as of late...

Checkout.com will instead donate the amount to fund cybercrime research Ransomware is a huge business, because affected orgs keep forking over money to get their data back. However, instead of...

In this week’s newsletter, Amy recounts her journey from Halloween festivities to unraveling the story of the 2022 Viasat satellite hack, with plenty of cybersecurity surprises along the way.

Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users' seed phrases. The name of the...

The Kraken ransomware, which targets Windows, Linux/VMware ESXi systems, is testing machines to check how fast it can encrypt data without overloading them. [...]

US government agencies are warning that the Akira ransomware operation has been spotted encrypting Nutanix AHV virtual machines in attacks. [...]

A self-spreading package published on npm spams the registry by spawning new packages every every seven seconds, creating large volumes of junk. [...]

The Race for Every New CVE Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known...

Inaugural partner program reflects commitment to building an open, unified future for security.

Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust. The activity,...

Our bulletin covering coordinated influence operation campaigns terminated on our platforms in Q3 2025.

The goal of 'oxidizing' the Linux distro hits another bump Two vulnerabilities in Ubuntu 25.10's new "sudo-rs" command have been found, disclosed, and fixed in short order.…

In a November 5 meeting of the Security Council of Russia, President Vladimir Putin directed his military and political leaders to “submit coordinated proposals on the possible first steps...

Behind every click, there’s a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn...

North Korean hackers have stolen more than $3 billion in the past three years, the U.S. Treasury Department announced on November 4. The department issued sanctions on two North Korean individuals...

Our statement detailing an incident concerning a legacy system. We outline our commitment to transparency, accountability, and planned investment in cyber security research. Last week,...

The U.S. Office of Foreign Asset Control (OFAC) has sanctioned the procurement network that helps Iran’s military import rocket fuel ingredients from China, an essential logistics arrangement for...

The Arab Gulf monarchies offer a window into the policy implications of China’s rising global economic influence, driven by its substantial manufacturing capacity and growing range of high-tech...

Google has filed a lawsuit to dismantle “Lighthouse”, a phishing-as-a-service (PhaaS) platform used by cybercriminals worldwide to steal credit card information through SMS phishing (“smishing”)...