Hard on the heels of the disclosure of a critical zero-day RCE vulnerability in Microsoft Windows, known as CVE-2025-33053, another security issue affecting Microsoft’s product hits the headlines....
Following a review of the U.S. Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program, the Government... The post GAO finds gaps in CDM Program guidance, urges DHS...
Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID...
The U.K. government announced Wednesday its Spending Review 2025 laying out plans for a step change in investment... The post UK Spending Review 2025 backs AI, cybersecurity and intelligence...
A BitSight report reveals over 40,000 internet-connected security cameras globally are exposed, streaming live footage without protection. Learn how common devices, from home cameras to factory...
Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. [...]
The new NIST guidance sets out 19 example implementations of zero trust using commercial, off-the-shelf technologies
In an extensive campaign affecting 270k webpages, compromised websites were injected with the esoteric JavaScript programming style JSF*ck to redirect users to malicious content. The post...
Legitimate employee monitoring software and various pentesting tools deployed.
June 2025 marks the 11th anniversary of Project Galileo, Cloudflare’s effort to protect vulnerable public interest organizations from cyber threats.
Europol warns of “vicious circle” of data breaches and cybercrime
Microsoft announced that a new Edge feature allowing employees to share passwords more securely in enterprise environments has reached general availability. [...]
Microsoft announced that a new Edge feature allowing employees to share passwords more securely in enterprise environments has reached general availability. [...]
Erie Insurance reveals suspected network breach and ongoing outage
GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in...
Microsoft has released an emergency Windows 11 24H2 update to address an incompatibility issue triggering restarts with blue screen of death (BSOD) errors on systems with Easy Anti-Cheat. [...]
Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca. [...]
On March 4th 2025, Cork Protocol Beta was exploited for 3,761 wstETH. This article explains the exploit methods used in the real attack. The project had two audit contests from Sherlock and...
The organizations say a reintroduced version of the bill would “break” encryption for most Americans and make it impossible for end-to-end encrypted service providers to avoid lawsuits. The post...
Despite sanctions and global scrutiny, Predator spyware operations persist. Insikt Group reveals new infrastructure links in Mozambique, Africa, and Europe, highlighting ongoing threats to civil...
The event also served as a significant highlight of the year-long celebration of Weidmuller’s milestone 50th anniversary in Richmond.
Researchers uncovered a large-scale malvertising campaign, active primarily between March 26 and April 25, 2025, during which over 269,000 legitimate websites were compromised with highly...
Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent...
The US CISA reports critical vulnerabilities in SinoTrack GPS devices that could let attackers remotely control vehicles and track locations. Discover the vulnerabilities and essential steps to...
ChatGPT o3, which has been available via API, is now 80% cheaper for developers, and there's no visible impact on performance. [...]
Threat intelligence firm GreyNoise has warned of a "coordinated brute-force activity" targeting Apache Tomcat Manager interfaces. The company said it observed a surge in brute-force and login...
The flaw is able to skirt past your usual security protection and evade detection, but Microsoft has a patch.
Operation Secure targeted malicious IPs, domains and servers used for infostealer operations that claimed more than 216,000 victims. The post Global law enforcement action in Asia nets large...
Operation Secure targeted malicious IPs, domains and servers used for infostealer operations that claimed more than 216,000 victims. The post Global law enforcement action in Asia nets large...
Waymo driverless taxis capture troves of video footage in order to operate, but the company reveals very little about how much data is stored—and for how long.