Following reports of unauthorized access to a legacy Oracle cloud environment, CISA warns of potential credential compromise leading…
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting...
Security researchers report CVE-2025-32433, a CVSS 10.0 RCE vulnerability in Erlang/OTP SSH, allowing unauthenticated code execution on exposed…
In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the...
According to a complaint filed by a former employee, cybercriminals exfiltrated records that held personal information like names and Social Security numbers belonging to 76,000 current and former...
A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. [...]
In a presentation delivered this month by the European Commission, a meeting etiquette slide stated “No AI Agents are allowed.”
Qrator Labs reports it mitigated a massive record 965 Gbps DDoS attack in April 2025, the largest incident…
A digital rights group blasted the Florida bill, but lawmakers voted to advanced the draft law.
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a...
Talking about AI: Definitions Artificial Intelligence (AI) — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human...
A new report fleshes out the resources that went into building DeepSeek’s R1 reasoning model and potential risks to U.S. economic and national security. The post House investigation into DeepSeek...
Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management. [...]
The INC ransomware gang claimed it was behind the cyberattack, which limited operations last November at some of the company's 2,000 stores across the U.S.
APIs are the backbone of modern software architecture, enabling seamless integration and innovation. However, a successful API doesn't just appear overnight.
Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace...
We’ve got the beats for the biggest security conference of the year
Find out the specifics of these iOS and macOS vulnerabilities, as well as which Apple devices were impacted.
An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild
Researchers from Trend Micro revealed this week that a controller linked to the BPFDoor backdoor can open a... The post Trend Micro details BPFDoor controller used in stealthy reverse shell...
Exposure management company Tenable announced on Wednesday that its Board of Directors has unanimously appointed Steve Vintz and... The post Tenable names Steve Vintz and Mark Thurmond as...
A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. [...]
Frenos, an autonomous OT security assessment platform company, announced the appointment of Colin Murphy as its chief hacking... The post Frenos appoints Colin Murphy as chief hacking officer to...
The former CISA director departed the cybersecurity company in response to the order, which directs DOJ to investigate him. The post Chris Krebs resigns from SentinelOne to focus on fighting...
Bipartisan support grows in Congress to extend Cybersecurity Information Sharing Act for 10 years
The New Jersey attorney general claims Discord's features to keep children under 13 safe from sexual predators and harmful content are inadequate.
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of April, 2025”
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication...
Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first...
Researchers reveal a large-scale ransomware campaign leveraging over 1,200 stolen AWS access keys to encrypt S3 buckets. Learn…