A new theory from the agency that brought us ‘America hacked itself to blame Beijing’ China’s National Computer Virus Emergency Response Center (CVERC) has alleged a nation-state entity, probably...
Many times, websites have subdomains that need to communicate with each other. Because of the Same Origin Policy (SOP), this isn't usually possible. Some technologies allow for this, a formerly...
Typus Finance on the Sui blockchain suffered a hack recently of about 3.44M USD. This article explains the vulnerability and the exploit itself. Typus Finance has an oracle that contained the...
When creating a React Native project looking, most developers use the package react-native-community/cli. This will create a project structure with proper dependencies and configuration files. To...
‘Elite teams’ are pondering cyber-attacks to turn off energy supply or telecoms networks The head of Australia’s Security Intelligence Organisation (ASIO) has warned that authoritarian regimes...
Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp. According to a...
Discover how 43% of security leaders now use threat intelligence for strategic planning. Explore key insights from the 2025 State of Threat Intelligence Report, including enterprise spending...
Discover how threat intelligence has moved from the SOC to the boardroom. Learn why modern enterprises use it to drive strategic decisions, manage risk, and power governance across the business.
Researchers uncovered active exploitation of an unauthenticated access vulnerability (CVE-2025-12480) in Gladinet’s Triofox remote access platform by the threat cluster UNC6485. The flaw, present...
The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed...
The Rhadamanthys infostealer operation has been disrupted, with numerous "customers" of the malware-as-a-service reporting that they no longer have access to their servers. [...]
Microsoft has released its monthly security update for November 2025, which includes 63 vulnerabilities affecting a range of products, including 5 that Microsoft marked as “critical.”
Synology has addressed a critical-severity remote code execution (RCE) vulnerability in BeeStation products that was demonstrated at the recent Pwn2Own hacking competition. [...]
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert...
Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package with the intent to target GitHub-owned...
This webinar brings together Citizen Lab researchers with policy advisors, Women, Peace and Security (WPS) experts, and human rights defenders to reflect on twenty-five years of the WPS agenda in...
Citizen Lab senior researcher John Scott-Railton speaks with TechCrunch about the proliferation of spyware use, and the effects it has on democracy. While it is ostensibly used to monitor...
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that's sold on Russian-speaking Telegram channels under a Malware-as-a-Service...
KONNI espionage crew covertly abused Google’s Find My Device feature to remotely factory-reset Android phones North Korean state-backed spies have found a new way to torch evidence of their own...
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the...
Hackers exploited a critical vulnerability and the built-in antivirus feature in Gladinet's Triofox file-sharing and remote-access platform to achieve remote code execution with SYSTEM privileges. [...]
This article originally appeared on the Stroz Freidberg, A LevelBlue Company, blog site.
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these...
Hyundai is alerting millions of customers about a data breach that exposed Social Security numbers and driver’s licenses. The breach, which occurred in February but is only now being disclosed,...
A surge in attacks exploiting iCalendar (.ics) files as a sophisticated threat vector that bypasses traditional email security defenses. These attacks leverage the trusted, plain-text nature of...
Lobbying efforts gain ground as proposals carve myriad holes into regulations Privacy advocates are condemning the European Commission's leaked plans to overhaul digital privacy legislation,...
A recent study by the renowned insurance firm Hiscox has revealed alarming trends in how cyberattacks are not only damaging businesses but are also taking a heavy toll on employees, leading to...
Meta projected last year that it would earn about 10 per cent of its overall annual revenue — $US16 billion ($24.6 billion) — from running advertising for scams and banned goods, internal company...
Microsoft has reminded customers today that systems running Home and Pro editions of Windows 11 23H2 have stopped receiving security updates. [...]
Microsoft has released the KB5068781 update, the first Windows 10 extended security update since the operating system reached end of support last month. [...]