The Information Commissioner’s Office has fined Capita plc and Capita Pension Solutions Ltd a combined £14m following a cyber attack in April 2023 which saw hackers gain access to over 6m people’s...
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It delivered a new Maverick banker, which features code overlaps with Coyote malware.
Stephen Withers reports: Regulations such as the General Data Protection Regulation (GDPR) and the Australian Prudential Regulation Authority’s (Apra’s) CPS 230 standard have led organisations to...
The dark web serves as a refuge for threat actors to gather intel, trade illicit goods and tools, and network with other cybercriminals. Aside from allowing threat actors to connect and learn from...
The dark web serves as a refuge for threat actors to gather intel, trade illicit goods and tools, and network with other cybercriminals. Aside from allowing threat actors to connect and learn from...
Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution...
Wiz Research has uncovered 550+ secrets hiding in plain sight. We worked with Microsoft to shut the door.
Microsoft has confirmed that the September 2025 security updates are causing Active Directory issues on Windows Server 2025 systems. [...]
Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The...
Spanish fashion retailer MANGO is sending notices of a data breach to its customers, warning that its marketing vendor suffered a compromise exposing personal data. [...]
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution....
Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s...
ICO makes example of outsourcing giant over sluggish cyber response The UK's Information Commissioner's Office (ICO) has issued a £14 million ($18.6 million) penalty to outsourcing giant Capita...
Dark web activity can hide in plain sight within everyday network traffic. Corelight's NDR platform brings deep visibility, AI-driven detection, and behavioral analytics to uncover hidden threats...
Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.
Russian IT company among group’s latest targets. Attackers may have been attempting to target company’s customers in Russia with software supply chain attack.
U.S. cybersecurity company F5 disclosed that it suffered a cyberattack in early August, where suspected nation-state hackers breached its systems and stole undisclosed BIG-IP security...
An estimated 100 million people live with facial differences. As face recognition tech becomes widespread, some say they’re getting blocked from accessing essential systems and services.
Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws,...
Adobe has issued a set of security updates addressing more than 35 vulnerabilities across its product portfolio. These updates include fixes for several critical flaws affecting widely used...
The true cost of cyber risk is a human one. Siloed tools and disjointed operations aren’t just endangering your business, they’re also taking a real toll on your teams. It’s long past time to take...
Could a simple call to the helpdesk enable threat actors to bypass your security controls? Here’s how your team can close a growing security gap.
Carding is a type of cybercrime where attackers steal or illegally buy credit card information and use it to make unauthorized transactions. It often involves testing stolen card numbers with...
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with...
F5 disclosed a security incident in which a nation-state threat actor maintained persistent access to the company’s internal systems, including its BIG-IP product development and engineering...
Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the...
The malicious app required to make a “Pixnapping” attack work requires no permissions.
Microsoft has released its monthly security update for October 2025, addressing 175 Microsoft CVEs and 21 non-Microsoft CVEs. Among these, 17 vulnerabilities are considered critical and 11 are...
The tech giant addressed a record-high number of defects for the year in its latest update. The post Microsoft’s Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days...
Jay Peters reports: 5CA is a customer service support company that works with Discord. Recently, the chat platform said the vendor had been breached as part of a “security incident” where 70,000...