CISA adds high-severity flaw to KEV list, urges swift updating Uncle Sam's cyber wardens have warned that a high-severity flaw in Microsoft's Windows SMB client is now being actively exploited –...
Gateways can do more than route traffic, they can also strengthen your entire security posture. Learn how NordLayer combines ZTNA, firewalls, and private gateways to secure hybrid teams and keep...
Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here's how to strengthen your defenses.
Common email phishing tactics in 2025 include PDF attachments with QR codes, password-protected PDF documents, calendar phishing, and advanced websites that validate email addresses.
A flaw rooted in the Server Message Block (SMB) protocol of Windows enables attackers to escalate privileges to SYSTEM level on vulnerable Windows devices, potentially granting full control over...
Security pros explore whether infection-spoofing code can immunize Windows systems against attack Feature What's better, prevention or cure? For a long time the global cybersecurity industry has...
Microsoft has fixed a major bug preventing Microsoft 365 users from launching the classic Outlook email client on Windows systems. [...]
Kaspersky GReAT experts break down a recent PassiveNeuron campaign that targets servers worldwide with custom Neursite and NeuralExecutor APT implants and Cobalt Strike.
Zero trust is the best kind of trust when it comes to securing your organization, says ZScaler Partner Content Many organizations across Europe have taken steps to implement Zero Trust principles,...
Calendar cock-up exposed recipients' details Anti-fraud nonprofit Cifas was left red-faced after sending out a calendar invite that exposed the email addresses of dozens of individuals working...
Microsoft has released an emergency update to fix the Windows Recovery Environment (WinRE), which became unusable on systems with USB mice and keyboards after installing the October 2025 security...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently...
Attackers obtain remote code execution through abuse of SQL-server environments (exploitation, SQL injection, or credential compromise) and attempt to install web shells. When detection (e.g.,...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five CVEs to its Known Exploited Vulnerabilities (KEV) catalog today, including Microsoft, Apple and Oracle vulnerabilities....
In just seven minutes, the thieves took off with crown jewels containing with thousands of diamonds along with other precious gems.
It’s easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The...
ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches. ClickFix attacks...
The NSA did not confirm nor deny the allegations made by China’s Ministry of State Security. China said the origins of the attack date back to March 2022. The post China’s spy agency accuses NSA...
The DNS0.EU non-profit public DNS service focused on European users announced its immediate shut down due to time and resource constraints. [...]
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The...
Joseph Cox reports: A hacking group that recently doxed hundreds of government officials, including from the Department of Homeland Security (DHS) and Immigration and Customs Enforcement (ICE),...
Kim Zetter reports: The investigation into former national security advisor John Bolton’s handling of classified material stemmed in part from an admission Bolton made to the FBI in July 2021 that...
Microsoft has confirmed that this month's security updates disable USB mice and keyboards in the Windows Recovery Environment (WinRE), making it unusable. [...]
Japanese retail company Muji has taken offline its store due to a logistics outage caused by a ransomware attack at its delivery partner, Askul. [...]
Amazon Web Services experienced DNS resolution issues on Monday morning, taking down wide swaths of the web—and highlighting a longstanding weakness in the internet's infrastructure.
Ransomware rages on and no organization is too small to be targeted by cyber-extortionists. How can your business protect itself against the threat?
Written by: Wesley Shields Introduction COLDRIVER, a Russian state-sponsored threat group known for targeting high profile individuals in NGOs, policy advisors and dissidents, swiftly shifted...
Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a remote attacker to execute...
CISA says threat actors are now actively exploiting a high-severity Windows SMB privilege escalation vulnerability that can let them gain SYSTEM privileges on unpatched systems. [...]
Every VPN says it’s the best, but only some of them are telling the truth.