What makes a password strong in 2025? How long should it be, and how often should you update it? Here's the latest recommendations from top cybersecurity experts.
Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts. [...]
Haugh’s firing has seemingly caught caught senior lawmakers by surprise
Two U.S. senators reintroduced legislation on Thursday that would address limits on the ability of the Secret Service to investigate efforts to launder money made through cybercrime.
Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. The vulnerability, tracked as...
NSA and global cybersecurity agencies warn fast flux DNS tactic is a growing national security threat used in phishing, botnets, and ransomware.
A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations. The findings come from...
The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo Alto Networks
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure...
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information...
Mandiant warned that Chinese espionage actor UNC5221 is actively exploiting a critical Ivanti vulnerability, which can lead to remote code execution
Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface.
We found three key attack vectors in OpenID Connect (OIDC) implementation and usage. Bad actors could exploit these to access restricted resources. The post OH-MY-DC: OIDC Misconfigurations in...
Following last year’s release of an initial public draft for public comment, the U.S. National Institute of Standards... The post NIST publishes SP 800-61 Rev. 3, overhauling incident response...
ChatGPT Plus subscription is now free, but only if you're a student based out of the United States of America and Canada. [...]
A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on...
The Cybersecurity Working Group (CWG) within the U.S. Healthcare and Public Health Sector Coordinating Council (HSCC) recommended in... The post HSCC CWG urges halting NPRM, calls for joint...
Check out the security controls that SANS Institute recommends for protecting your AI systems. Plus, the U.K. NCSC urges organizations to adopt newer API security techniques. In addition, CISA and...
While the latest iteration of Qwen2.5-Max outperforms DeepSeek-V3 on security, the AI model lags behind its competition in several other areas.
Microsoft is killing the Windows 11 bypass trick — soon, all setups will require internet and a Microsoft Account, leaving privacy-conscious users with fewer options.
The attackers pose as legitimate remote IT workers, looking to both generate revenue and access sensitive company data through employment. "Europe needs to wake up fast,” according to Google’s...
A series of cyberattack have impacted some of Australia’s largest superannuation funds, likely compromising over 20,000 member accounts. The authorities down under have sprung in action to limit...
A hacker breached the GitLab repositories of Europcar Mobility Group and stole source code for Android and iOS apps, along with SQL backups and configuration files that included personal data. The...
At least 12,000 people in Texas had sensitive financial information stolen by hackers who secretly implanted malicious code into the utility payment website of the City of Lubbock.
Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL...
UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant. The post...
UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant. The post...
A secure container company listens to several top Linux maintainers on how to build the most secure Linux distro possible. The result: Chainguard OS.
OpenAI just co-led a $43 million Series A into deepfake defense startup Adaptive Security.
While we often focus on the security of active, well-maintained APIs, a silent threat lurks in the shadows: zombie APIs.