Startups at Infosecurity Europe focus on attack surface management and improving security data, even as some new vendors avoid AI-led marketing
Rapid7 found that 56% of all compromises in Q1 2025 resulted from the theft of valid account credentials with no MFA in place
2025-05-29 • Fortinet • John Simmons, Xiaopeng Zhang Open article on Malpedia
2025-05-23 • Shadow Banker • Shadow Banker • elf.conti, win.conti Open article on Malpedia
A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to...
A new study by NordPass and NordStellar reveals the automotive industry is plagued by weak, reused, and common…
Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the...
This blog is part of a blog series detailing best practices for operational technology (OT) cybersecurity for under-resourced organizations by... The post OT Cybersecurity Best Practices for SMBs:...
The most serious flaw in the monthly security update affects the Android system and could be exploited to achieve local escalation of privilege, the company said. The post Google addresses 34...
Google's Threat Analysis Group, which investigates government-backed hacks, was credited with the discovery of the zero-days.
Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible...
OpenAI's next big foundational model is GPT-5, and the AI startup is hoping that the model will compete a little more with rivals. [...]
Compliance automation provider Vanta confirms a software bug exposed private customer data to other users, impacting hundreds of…
Attacks on local governments in the last week caused disruptions in the capital of the Choctaw Nation and Puerto Rico, as well as others.
Dark fiber is an optical cable that is installed underground but is not being used. Also called unlit fiber, dark fiber is an alternative to the subscription model of network services. It is...
ChatGPT's memory feature is now better and capable of referencing past conversations for free accounts. [...]
Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. [...]
SafePay’s journey to the top of the ransomware leaderboard was a quick one. The SafePay ransomware group first emerged in the fall of 2024, and last month took the top spot among ransomware groups...
Modern software development demands rapid delivery of high-quality applications that can adapt to changing business requirements and user…
Dive into the novel security challenges AI introduces with the open source game that over 10,000 developers have used to sharpen their skills. The post Hack the model: Build AI security skills...
The U.S. Federal Trade Commission has directed GoDaddy to adopt specific cybersecurity practices and submit to ongoing assessments of its security posture. This move is one of the first big steps...
In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the...
Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution. The post...
Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution. The post...
For years, a powerful farm industry group served up information on activists to the FBI. Records reveal a decade-long effort to see the animal rights movement labeled a legitimate terrorism threat.
Network on demand is an umbrella term that describes a customizable network access and management model designed to be used on a scalable, as-needed basis. In practical terms, it allows businesses...
DNS rebinding attack without CORS against local network web applications. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world. The post DNS rebinding...
The letter to Senate Homeland Security and Governmental Affairs Committee leaders comes shortly before they consider his nomination. The post Experts endorse Sean Cairncross for national cyber...
The company said the cyberattack destroyed its servers and customer data.
North Face, Cartier, and Next Step Healthcare are the latest victims in a string of cyberattacks compromising customer…