Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia,...
More than a month after PoC made public Fortinet finally published a security advisory on Friday for a critical FortiWeb path traversal vulnerability under active exploitation – but it appears...
A new US law enforcement initiative is aimed at crypto fraudsters targeting Americans—and now seeks to seize infrastructure it claims is crucial to notorious scam compounds.
Federal prosecutors secured five guilty pleas from people who supported overseas remote IT workers, and seized $15 million in stolen cryptocurrency tied to the North Korean regime. The post DOJ...
The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a...
Amazon spilled the TEA Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but...
Hardware accessory giant Logitech has confirmed it suffered a data breach in a cyberattack claimed by the Clop extortion gang, which conducted Oracle E-Business Suite data theft attacks in July. [...]
This is a current list of where and when I am scheduled to speak: My coauthor Nathan E. Sanders and I are speaking at the Rayburn House Office Building in Washington, DC at noon ET on November 17,...
Crooks spoof US insurers, threaten bogus extradition to pry loose personal data and cash Chinese speakers in the US are being targeted as part of an aggressive health insurance scam campaign, the...
Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. 1,590 victims disclosed across 85 leak sites, showing...
SecAlliance and Silent Push confirmed that the suspected Chinese operators of the phishing kit appear to have been affected. The post Google, researchers see signs that Lighthouse text scammers...
This week, Kyndryl’s collaboration with the Mexican government to train 1,000 cybersecurity professionals signals a push to close the nation’s critical talent gap. Meanwhile, Tenable’s findings of...
Hosted in Tokyo, Japan, the International Cybersecurity Challenge (ICC) gathered top cybersecurity talents from all around the world to compete and test their cybersecurity skills. A total of...
French President Emmanuel Macron on Wednesday announced a planned increase of €4.2 billion ($4.9 billion) in military space spending between 2026 and 2030. “We must fight to preserve this precious...
The alliance has been in dire need of an updated naval plan to tackle a fast-evolving range of threats. Now, 14 years after the last iteration, it has finally delivered. The updated strategy...
State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly sophisticated espionage...
A bill moving through the Michigan legislature would create a statewide drone registry, managed by the state’s Department of Transportation, designed to provide state agencies and law enforcement...
Russia’s Port Alliance group, which operates a network of sea cargo terminals, said on Thursday that foreign hackers had targeted its systems over three days in a distributed denial of service...
The U.S. Department of Justice announced that five individuals pleaded guilty to aiding North Korea's illicit revenue generation schemes, including remote IT worker fraud and cryptocurrency theft. [...]
A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity, per Netcraft security researcher Andrew...
Advisory updated as leading cybercrime crew opens up its target pool The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance to organizations on the Akira ransomware...
The day after Google filed a lawsuit to end text scams primarily targeting Americans, the criminal network behind the phishing scams was “disrupted,” a Google spokesperson told Ars. According to...
DoorDash has disclosed a data breach that hit the food delivery platform this October. The company, which serves millions of customers across the U.S., Canada, Australia, and New Zealand, started...
The Federal Emergency Management Agency, or FEMA, plans to spend $625 million to help local and state governments boost cybersecurity, infrastructure protection, training, background checks and...
Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely...
Authorities dismantle major cybercrime networks, UNC6485 exploits Triofox for RCE, and attackers steal Washington Post data via Oracle zero-day.
A vulnerability has been discovered FortiWeb, which could allow for remote code execution. FortiWeb is a web application firewall (WAF) developed by Fortinet. It's designed to protect web...
Anthropic reports that a Chinese state-sponsored threat group, tracked as GTG-1002, carried out a cyber-espionage operation that was largely automated through the abuse of the company's Claude...
LevelBlue Labs is tracking a severe vulnerability in Windows Server Update Services (WSUS), CVE-2025-59287, that allows attackers to remotely execute code without authentication and is being...
LevelBlue Labs is tracking a severe vulnerability in Windows Server Update Services (WSUS), CVE-2025-59287, that allows attackers to remotely execute code without authentication and is being...