The FBI on Wednesday said it recorded a “staggering” $16.6 billion in cybercrime losses to businesses and individuals, the highest for both figures since the hub’s establishment in 2000.
The 2025 Verizon Data Breach Investigations Report (DBIR) reveals that vulnerability exploitation was present in 20% of breaches — a 34% increase year-over-year. To support the report, Tenable...
In the past year Microsoft observed AzureChecker(Storm-1977) launching password spray attacks, against cloud tenants in the education sector. The actor used AzureChecker.exe (CLI tool that is...
During an investigation, Mandiant identified evidence that a threat actor had discovered cloud access keys stored in plain text on a compromised on-premises network. The threat actor was able to...
ARMO’s research team uncovered two cryptojacking campaigns targeting a deliberately exposed Kubernetes honeypot running Apache Druid, leveraging the known CVE-2021-25646 vulnerability for...
Independent testing by SplxAI found GPT-4.1 was three times more likely than its predecessor to bypass security safeguards and allow intentional misuse The post Outside experts pick up the slack...
Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace...
Fake Alpine Quest app laced with spyware was used to target Russian military Android devices, stealing location data,…
Do passcodes really protect you more from warrantless phone searches than biometrics? It's complicated.
Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow...
Russia-linked phishing attacks targeting NGOs with ties to Ukraine ask victims to join a video call, and result in them gaining access to Microsoft 365 accounts,
Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations, including its Click and Collect service. [...]
The UK communications regulator Ofcom has banned leasing of "Global Titles," a special phone number type used in mobile network signaling, in a landmark decision to counter growing threats from...
An SSL.com vulnerability allowed attackers to issue valid SSL certificates for major domains by exploiting a bug in…
U.S. government agencies are required to bring their Microsoft 365 cloud services into compliance with a recent Binding Operational Directive. Here’s how Tenable can help.OverviewMalicious threat...
An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. [...]
KEY TAKEAWAYS Since early March 2025, Volexity has observed multiple Russian threat actors aggressively targeting individuals and organizations with ties to Ukraine and human rights. These recent...
As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for...
The tech giant has released its second Secure Future Initiative (SFI) progress report, showcasing its ongoing efforts to improve cybersecurity
In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and...
A hands-on walkthrough of how to use Wiz to find sensitive data and uncover who can access it.
A new malware campaign utilizing NFC-relay techniques has been identified carrying out unauthorized transactions through POS systems and ATMs
A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their...
Microsoft has released the optional KB5055612 preview cumulative update for Windows 10 22H2 with two changes, including a fix for a GPU paravirtualization bug in Windows Subsystem for Linux 2 (WSL2). [...]
The Sensitive Content Warnings feature shields you from images in Google Messages that may contain nudity and lets you easily block numbers - but you'll need to enable it.
Until Google rolls out a fix, you'll have to be on the lookout for this particularly convincing phishing scam.
In a statement filed to London’s stock exchange on Tuesday afternoon, the company said it made “some minor, temporary changes to our store operations” as soon as it became aware of the incident.
Cloud Range and Cyviz announced on Tuesday their initiative to enhance cybersecurity training within higher education institutions as... The post Cloud Range, Cyviz join to boost cybersecurity...
Billbug, a China-linked espionage group, has been observed targeting critical sectors in Southeast Asia with new tools
Infostealers fueled the staying power of identity-based attacks, increasing 84% on a weekly average last year, according to IBM X-Force. The post Attackers stick with effective intrusion points,...