Researchers are especially concerned about a high-severity defect in SQL Server and a critical vulnerability in SPNEGO, a foundational protocol. The post Microsoft Patch Tuesday addresses 130...
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google's...
The appellate court on Tuesday sent the case back to the lower court for further consideration, saying it had “abused its discretion” and improperly applied the law when deciding Salvadoran...
Accused hacker and Chinese national Xu Zewei was arrested in Italy at the request of U.S. prosecutors.
Microsoft has released its monthly security update for July 2025, which includes 132 vulnerabilities affecting a range of products, including 14 that Microsoft marked as “critical.”
Patch Tuesday for July 2025 was the busiest day for Microsoft fixes since January, with 130 Microsoft CVEs patched – including 17 ones at high risk for exploitation. July’s total also included 10...
The arrest came at the request of the United States, which hailed the development as a sign that patience in pursuing cybercriminals in court is rewarded. The post Italian authorities arrest...
The arrest came at the request of the United States, which hailed the development as a sign that patience in pursuing cybercriminals in court is rewarded. The post Italian authorities arrest...
A North Korean man was the focus of Tuesday’s announcement, which also included a Russian man, his companies and North Korean firms. The post Treasury slaps sanctions on people, companies tied to...
A North Korean man was the focus of Tuesday’s announcement, which also included a Russian man, his companies and North Korean firms. The post Treasury slaps sanctions on people, companies tied to...
The Justice Department confirmed the arrest in a statement, unsealing a nine-count indictment on Tuesday accusing Xu and co-defendant Zhang Yu of being involved in “computer intrusions between...
Armed and masked men leaping out of unmarked vehicles. Latino men taken from their places of work or while waiting for the bus. Street vendors roughly tackled to the ground and forcefully held...
Activision last week brought offline the Microsoft Store version of Call of Duty: WWII as the company was investigating “reports of an issue.”
Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The...
From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five retail breaches unfolded, and what they reveal...
Samsung has announced multiple data security and privacy enhancements for its upcoming Galaxy smartphones running One UI 8, its custom user interface on top of Android. [...]
M&S confirmed today that the retail outlet's network was initially breached in a "sophisticated impersonation attack" that ultimately led to a DragonForce ransomware attack. [...]
Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new...
A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment...
The Iran-linked ransomware-as-a-service group Pay2Key.I2P reportedly told affiliates that they can keep a larger cut of extortion payments if they attack entities within Iran's adversaries.
Application Attack Matrix is a community effort designed to help defenders and organizations better understand and define how attackers use and exploit weaknesses in applications. The post Oligo...
Application Attack Matrix is a community effort designed to help defenders and organizations better understand and define how attackers use and exploit weaknesses in applications. The post Oligo...
A novel tapjacking technique can exploit user interface animations to bypass Android's permission system and allow access to sensitive data or trick users into performing destructive actions, such...
A vulnerability has been discovered FortiWeb, which could allow for SQL injection. FortiWeb is a web application firewall (WAF) developed by Fortinet. It's designed to protect web applications and...
Researchers from Koi Security have detected 18 malicious Chrome and Edge extensions masquerading as benign productivity and entertainment tools
CitrixBleed 2 exploitation started mid-June — how to spot itCitrixBleed 2 — CVE-2025–5777 — has been under active exploitation to hijack Netscaler sessions, bypassing MFA, globally for a month.I...
The retail giant's chair confirmed the breach was caused by ransomware.
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the...
Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, per cybersecurity vendor Kaspersky,...
Smarter TV operating systems bring added convenience, but they also raise fresh privacy concerns - especially when it comes to automatic content recognition (ACR).