Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call...
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace...
We’re gearing up for an exciting week in Las Vegas as Kaseya Connect 2025 brings together managed service providers and IT professionals from across the globe.
In this edition, Bill explores how intellectual curiosity drives success in cybersecurity, shares insights on the IAB ToyMaker’s tactics, and covers the top security headlines you need to know.
ELENOR-corp ransomware, a new version of Mimic, is targeting healthcare organizations using advanced capabilities
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This...
Blue Shield of California exposed the health data of 4.7 million members to Google for years due to…
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. [...]
The Evolving Healthcare Cybersecurity Landscape Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted...
Google is rolling out an end-to-end encrypted email feature for business customers, but it could spawn phishing attacks, particularly in non-Gmail inboxes.
A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028,...
How It Works Threat reports often contain valuable Indicators of Compromise (IOCs) — hashes, IP addresses, domain names — that security teams need to operationalize quickly. But manually copying...
How It Works Writing detection rules often starts with a question: What am I trying to find, and under what conditions? But even the best threat intel reports don’t come prepackaged in...
How It Works Turning threat reports into detection logic is often the most time-intensive part of the detection engineering lifecycle. Reports are written for humans, not machines — and...
In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. [...]
Following last week’s last-minute move to prevent a disruption to the Common Vulnerabilities and Exposures (CVE) and Common... The post CISA’s Hartman reaffirms MITRE CVE Program’s vital role amid...
Microsoft says it mitigated a known issue in one of its machine learning (ML) models that mistakenly flagged Adobe emails in Exchange Online as spam. [...]
TechCrunch Disrupt returns October 27–29 to Moscone West in San Francisco — and we’re inviting thought leaders, founders, VCs, and tech experts to apply for a chance to take the stage at one of...
A misconfigured tracking tool has exposed protected health information of 4.7 million Blue Shield members to Google Ads
AhnLab Security Intelligence Center (ASEC) publishes the information of phishing emails to AhnLab TIP monthly under the title “Trends Report on Phishing Emails.” There are various keywords/topics...
In this article we describe a basic deobfuscation technique by leveraging a code snippet substitution.
A critical path traversal vulnerability in Commvault’s backup and replication solutions has been reported
Blockchain infrastructure provider dRPC has announced the launch of a NodeHaus platform that enables chain foundations unprecedented control…
Check out the hottest tracks in security before you get to the party
Following the CVE-2025-30406 disclosure, an RCE flaw in the widely used Gladinet CentreStack and Triofox platforms, another highly critical vulnerability that could also allow remote execution of...
Verizon researchers found that 64% of ransomware victims did not pay the ransoms — which was up from 50% two years ago.
The Federal Bureau of Investigation (FBI) released its Internet Crime Report 2024, highlighting US$16.6 billion in losses reported... The post FBI’s Internet Crime Report 2024 records $16.6...
Learn how to avoid potential risks in AWS SageMaker by implementing proper network controls and establishing security guardrails.
SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake…
Verizon Business published its 2025 Data Breach Investigations Report (DBIR), revealing a sharp rise in cyberattacks and an... The post Verizon’s 2025 DBIR report finds spike in cyberattacks,...