Available on GitHub and promoted to professional penetration testers, the tool AdaptixC2 has been used to spread loader malware associated with Russian ransomware groups, researchers said.
The UK Information Commissioner’s Office (ICO) has levied a fine of £200,000 against a sole trader who sent almost one million spam text messages to people across the country - many of whom were...
Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people's...
CISA has ordered federal agencies to patch a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools software, exploited by Chinese hackers since October 2024. [...]
Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens,...
Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as...
Canada’s Bill C-8 (formerly Bill C-26) is proposed cybersecurity legislation that would introduce broad information collection and sharing powers, including the warrantless collection of...
FortiGuard IR analysis of H1 2025 shows financially motivated actors increasingly abusing valid accounts and legitimate remote access tools to bypass detection, emphasizing the need for...
American business services giant Conduent has confirmed that a 2024 data breach has impacted over 10.5 million people, according to notifications filed with the US Attorney General's offices. [...]
On 2010-01-12, an incident was reported, involving Storm-0558, gaining initial access via Unknown, to achieve Data exfiltration.
On 2011-08-31, an incident was reported, involving an unknown actor, gaining initial access via Unknown, to achieve Supply chain attack.
On 2013-05-07, a campaign was reported, involving an unknown actor, gaining initial access via Unknown, targeting Apache HTTP Server, NGINX, Lighttpd to achieve Resource hijacking. The following...
On 2014-03-18, a campaign was reported, involving Windigo operator, gaining initial access via Supply chain vector, while using Create SSH backdoor, to achieve Resource hijacking. The following...
On November 9, 2014, BrowserStack suffered a breach when a hacker accessed an old, unpatched prototype server via the shellshock vulnerability. The server contained AWS credentials, allowing the...
The Los Angeles Times website was covertly mining cryptocurrency on visitors' devices after hackers injected CoinHive's Monero-mining code. This happened due to an unprotected Amazon S3 storage...
On 2018-04-09, a research was reported, involving , gaining initial access via 1-day vulnerability, while using SSRF, IMDS abuse, targeting Confluence Server, Jira Server to achieve Resp. disclosure.
On 2018-09-12, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, targeting Redis, Apache CouchDB, Docker, Jenkins, Drupal, MODX to achieve...
An unknown threat actor compromised the Webmin build server, and inserted a backdoor RCE vulnerability into the Webmin source code that anyone could exploit if they were aware of its existence....
On 2019-10-16, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, targeting Docker to achieve Resource hijacking. The following tools were...
The X-59 successfully completed its inaugural flight—a step toward developing quieter supersonic jets that could one day fly customers more than twice as fast as commercial airliners.
PhantomRaven slipped over a hundred credential-stealing packages into npm A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials,...
OpenAI warned the White House on Monday that China’s commitment to building new energy generation could give it an edge in the AI race. The company recommends that the U.S. prioritize “closing the...
It is a question that successive governments have struggled with: what kind of threat does China really pose to the UK? Trying to answer it may have contributed to the high-profile collapse of the...
WhatsApp is rolling out passkey-encrypted backups for iOS and Android devices, enabling users to encrypt their chat history using their fingerprint, face, or a screen lock code. [...]
Every January, an exclusive career fair in Washington, D.C. marks a pivotal moment for CyberCorps scholars. Hundreds of top students from across the country meet with dozens of federal agencies...
Whether careless or malicious, insiders can cause all manner of nightmares
A leading standards body has warned of a growing “AI governance gap” as business leaders rush to adopt the new technology without first putting the requisite controls and processes in place. The...
The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932)Categories: Threat ResearchTags: BRONZE BUTLER, china, featured, Japan, LANSCOPE, Tick, vulnerabiity
Cross-site Scripting vulnerability (CVE-2025-10348) has been found in Eveo URVE Smart Office software.
After a months-long leadership vacuum amid intense scrutiny from one of President Donald Trump’s most vocal far-right supporters, the National Security Agency is readying a number of senior...