The DragonForce and Anubis groups are attempting to entice hackers to come and work with them by adopting affiliate models that would increase the volume of incidents their services can be used in.

After a 180% rise in last year’s report, the exploitation of vulnerabilities continues to grow, now accounting for 20% of all breaches

ASEC Blog publishes Ransom & Dark Web Issues Week 4, April 2025 A major Dutch food distribution company has been listed as a new victim of INC Ransom ransomware. Ransomware group DevMan claims an...

In today’s hybrid environments, legitimate tools like Notepad can be silently used to view or stage sensitive data such as password files—especially by insiders or low-and-slow threat actors....

A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning. [...]

The FBI found that cybercrime losses climbed by 33% compared to 2023, driven by tactics like investment fraud and BEC

One of the ways threat actors keep up with the constantly evolving cyber defense landscape is by raising the level of sophistication of their attacks. This trend can be seen across many of our...

The health insurance giant is notifying at least 4.7 million patients of the security lapse.

WhatsApp has introduced a new Advanced Chat Privacy feature to protect sensitive information exchanged in private chats and group conversations. [...]

Lattica’s cloud-based solution uses Fully Homomorphic Encryption to query encrypted data on AI models without decrypting it, preserving privacy and bolstering security.

Mandiant’s M-Trends report found that credential theft rose significantly in 2024, driven by the growing use of infostealers

From dawn to Derby: The magic of Churchill Downs® Mike Wood, Senior IT Director for Churchill Downs Racetrack, is revolutionizing the historic venue by ushering it into the digital age. With a...

AI-generated code is no doubt changing how software is built, but it’s also introducing new security challenges. More than 50% of organizations encounter security issues with AI-produced code...

The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users'...

AOA, DaVita, and Bell Ambulance hit by ransomware in 2025. Over 245K affected as hackers steal patient data,…

Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms. [...]

The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year. [...]

Small and medium businesses are the newest targets for cybersecurity attacks, with 1 in 3 breached last year. SMBs are becoming more proactive in detecting and stopping these threats, and today a...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released on Tuesday five ICS (industrial control systems) advisories, providing... The post CISA flags critical ICS vulnerabilities...

ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. [...]

Thales, a global technology and security provider, announced on Tuesday an alliance with Deloitte to deliver advanced, tailored... The post Thales and Deloitte align to offer advanced...

Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. "We've made the decision to...

Marks & Spencer (M&S) cyberattack disrupts contactless payments and Click & Collect; investigation launched as retailer apologises and…

Phishing attacks now evade email filters, proxies, and MFA — making every attack feel like a zero-day. This article from Push Security breaks down why detection is failing and how real-time,...

Ransomware leak site data and Unit 42 case studies reveal new trends from Q1 2025, including the most active groups, targeted industries and novel extortion tactics. The post Extortion and...

Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme.

Cyber defenders say AI technologies are quickly evolving to help stop sophisticated threat groups, including Chinese adversaries, from embedding themselves inside target organizations. The post AI...

Working with Microsoft Sentinel often means dissecting complex Kusto queries, especially when tracking subtle attacker behavior. These queries can include nested logic, obscure file path checks,...

The latest ITRC data finds breach volumes remained flat in Q1 but victim numbers increased 26% annually

Detecting stealthy command-line activity that may indicate dark web access or anonymized traffic is a growing challenge for security teams. Tools like curl.exe—while entirely legitimate—can be...