The compliance company said the customer data exposure was caused by a product change.
If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too...
The spyware maker claims the damages it was ordered to pay are "excessive," and that the jury wanted to “bankrupt” the company.
The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated — leveraging encryption,...
The fate of the fiscal 2026 budget blueprint, which includes a $495 million reduction for the agency, is uncertain. The post Trump budget proposal would slash more than 1,000 CISA jobs appeared...
BO Team, also known as Black Owl, has been active since early 2024 and appears to operate independently, with its own arsenal of tools and tactics, researchers at Russian cybersecurity firm Kaspersky said.
The US Department of the Treasury has taken action against Funnull Technology Inc. for enabling massive pig butchering…
Two U.S. Senators have introduced legislation designed to deepen cybersecurity collaboration within the nation’s energy infrastructure. The proposed... The post US lawmakers propose legislation to...
A group of U.S. Senate Democrats is urging Kristi Noem, the Homeland Security Secretary, to bring back the... The post Senate democrats urge Homeland Security to revive CSRB amid China-linked...
Two local information disclosure flaws in Linux crash-reporting tools have been identified exposing system data to attackers
2025-05-28 • Rapid7 • Anna Širokova, Ivan Feigl • win.winos Open article on Malpedia
Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company's website in April. [...]
2025-05-28 • Darktrace • Tara Gould • elf.pumabot Open article on Malpedia
2025-05-28 • EclecticIQ • Alon Gal, Arda Büyükkaya • win.wm_rat Open article on Malpedia
2025-05-30 • Censys • Himaja Motheram Open article on Malpedia
A new malware campaign targeting Windows and Linux systems has been identified, deploying tools for evasion and credential theft
American cybersecurity company SentinelOne revealed over the weekend that a software flaw triggered a seven-hour-long outage on Thursday. [...]
2025-05-28 • Google • Patrick Whitsell • win.toughprogress Open article on Malpedia
2025-05-28 • Greynoise • GreyNoise Research Open article on Malpedia
2025-05-28 • Trustwave • Cris Tomboc, King Orande Open article on Malpedia
Wiz finds new threat group running cryptojacking campaign via exploited and misconfigured DevOps assets
The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul.
Frequently asked questions about “BadSuccessor,” a zero-day privilege escalation vulnerability in Active Directory domains with at least one Windows Server 2025 domain...
Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. [...]
Iranian Robbinhood ransomware operator pleads guilty to major US city attacks, crippling services in Baltimore, Greenville, and more since 2019.
Semperis will host an immersive ransomware simulation focused on water utilities during Infosecurity Europe 2025
The BarracudaONE AI-powered cybersecurity platform maximizes threat protection and cyber resilience by unifying layered security defenses and providing deep, intelligent threat detection and response.
Microsoft and CrowdStrike announced today that they've partnered to connect the aliases used for specific threat groups without actually using a single naming standard. [...]
2025-05-27 • DomainTools • DomainTools • win.venom Open article on Malpedia
Among all ages, Minecraft still rules the gaming scene as a preferred choice. The game provides a broad…