The Universe Browser is believed to have been downloaded millions of times. But researchers say it behaves like malware and has links to Asia’s booming cybercrime and illegal gambling networks.
Criminal outfits had been using Musk's broadband beacons to run cyber-slavery scams across Southeast Asia SpaceX says it has shut down thousands of Starlink terminals that were powering Myanmar's...
It seems pretty obvious: If an attacker can exploit a vulnerability before you can patch it, your organization is at risk. Yet the gaps between different phases of the vulnerability disclosure...
North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. [...]
The China-based actor behind the Warlock ransomware may not be a new player and has links to malicious activity dating as far back as 2019. The Warlock ransomware first appeared in June 2025 and...
Der Metallverarbeiter Nickelhütte Aue wurde Ziel einer Cyberattacke. Das Unternehmen kämpft aktuell mit verschlüsselten Daten und IT-Ausfällen. Wie die Nickelhütte Aue auf ihrer Webseite mitteilt,...
ESET research analyzes a recent instance of the Operation DreamJob cyberespionage campaign conducted by Lazarus, a North Korea-aligned APT group
As a loooong-time F1 fan and a breach blogger, of course I had to read this report on hacking F1. Introduction With security startups getting flooded with VC funding in the past few years, some of...
Explore how Russia’s cybercriminal ecosystem evolved under Operation Endgame—where state control, selective enforcement, and criminal alliances collide.
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various...
Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine's war relief efforts to deliver a...
WVNews reports that personal and protected health information of 462,000 Montanans was involved in a significant data breach experienced by Conduent Business Services from October 2024 to January...
Lauren Dreyer, the vice-president of Starlink’s business operations, said in a post on X Tuesday night that the company “proactively identified and disabled over 2,500 Starlink Kits in the...
A federal contracting database lists an ICE payment for $61,218 with the payment code “guided missile warheads and explosive components.” But it appears ICE simply entered the wrong code.
Many vulnerabilities, both classes of them and individual instances of them, are missed by hackers. It's easy to stay in the comfort zone and look for the standard bugs over and over again....
Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed...
From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability...
State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. [...]
Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to...
Experts say outages like the one that Amazon experienced this week are almost inevitable given the complexity and scale of cloud technology—but the duration serves as a warning.
From NY DFS: New York State Department of Financial Services (DFS) Acting Superintendent Kaitlin Asrow today issued new cybersecurity guidance addressing the risks associated with entities...
Here are five ways tenfold's free IGA solution helps you streamline identity governance and access control. Partner Content In a world where one wrong click can set off a catastrophic breach,...
The advice didn't change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods. But...
Security researchers collected $792,750 in cash after exploiting 56 unique zero-day vulnerabilities during the second day of the Pwn2Own Ireland 2025 hacking competition. [...]
Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. [...]
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky. The...
Rachel Means reports on what sounds like a cyberattack with encryption: Kaufman County officials have confirmed that the county experienced a “security incident” on October 20, disrupting access...
Linsey Lewis reports: OYO Hotel & Casino Las Vegas was hit by a cyberattack sometime in early January, allegedly exposing the personal information of more than 4,700 people, according to documents...
In 2025, 36 years after the first ransomware attack was recorded, actors continue to zero in on the public sector, and there is no evidence they will slow down any time soon. In fact, our numbers...
In 2025, 36 years after the first ransomware attack was recorded, actors continue to zero in on the public sector, and there is no evidence they will slow down any time soon. In fact, our numbers...