Massive increase in policy claims… and data doesn’t even cover the major attacks of 2025 The number of successful cyber insurance claims made by UK organizations shot up last year, according to...
SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical...
GlobalLogic, a provider of digital engineering services part of the Hitachi group, is notifying over 10,000 current and former employees that their data was stolen in an Oracle E-Business Suite...
Continuous track of long awaited AFV hits the ground ... and the terrain is pretty bumpy The British Army just received its first new armored fighting vehicle (AFV) for nearly three decades, but...
A sudden CPU spike turned out to be the first clue of an in-progress RansomHub ransomware attack. Varonis breaks down how their team traced the attack from fake browser updates to domain-admin...
From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company
A security vulnerability has been discovered in WatchGuard Firebox devices that could allow attackers to bypass authentication mechanisms and gain unauthorized SSH access to affected systems....
Many organizations still struggle to patch fast enough to prevent breaches. Join us December 2 at 2PM ET to learn how modern patch management strategies can reduce risk and close the remediation gap. [...]
Security researchers have revealed three serious vulnerabilities in runC, the Open Container Initiative (OCI)-compliant runtime that powers platforms such as Docker and Kubernetes, which could...
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV)...
This blog post introduces an addition to the red teamers’ toolkit called “SharpParty” – a C# implementation of the injection techniques dubbed “PoolParty”.
Cybersecurity researchers from Mandiant Threat Defense have uncovered a critical zero-day vulnerability in Gladinet’s Triofox file-sharing platform that allowed attackers to bypass authentication...
Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox file-sharing and remote access platform. The critical...
The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows...
Encryption protects content, not context Mischief-makers can guess the subjects being discussed with LLMs using a side-channel attack, according to Microsoft researchers. They told The Register...
A routine asset scan for a major entertainment company uncovered a massive gambling operation hiding behind legitimate e-commerce infrastructure. The discovery began with a simple subdomain...
North Korean hackers from the KONNI activity cluster are abusing Google's Find Hub tool to track their targets' GPS positions and trigger remote factory resets of Android devices. [...]
Resolution acquiesced to by 8 Dems includes CISA Act funding, layoff reversals, and could be easily undone The US Senate voted on Sunday to advance a short-term funding bill for the federal...
One company alone was hit with more than 4,200 emails More than 5,000 businesses that use Facebook for advertising were bombarded by tens of thousands of phishing emails in a credential- and...
Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting...
According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional...
Mozilla announced a major privacy upgrade in Firefox 145 that reduces even more the number of users vulnerable to digital fingerprinting. [...]
Another member of Italian civil society has gone public about being a target of Paragon spyware. Francesco Nicodemo, a prominent Italian communications executive and political advisor, is the...
A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users' credentials. [...]
Our customers are proving what exposure management can do. Thank you for trusting us to be part of your mission.Key takeawaysTenable believes our evolution of exposure management and our strong,...
How one global IT and security firm is helping the EU do it all
Emergency blackouts lasting up to 12 hours were introduced following the attack, with Kyiv and other regions facing widespread internet and communication outages, according to internet watchdog NetBlocks.
CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. [...]
Aleksei Volkov faces years in prison, may have been working with other crews A Russian national will likely face several years in US prison after pleading guilty to a range of offenses related to...
Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by...