The problem of scammers exploiting social media platforms continues to persist. Meta has yet to fulfill all the recommendations made last year by experts from the CERT Polska team at NASK, which...
Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. [...]
Atlantis AIO is a cybercrime-as-a-service platform that accelerates credential stuffing and account takeover attacks. This blog explores the platform and the dangers of its advanced capabilities.
The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance...
In this podcast, Joe, Hazel, Bill and Dave break down Talos' Year in Review 2024 and discuss how and why cybercriminals have been leaning so heavily on attacks that are routed in stealth in simplicity.
From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news
The funding will go to several projects within the Digital Europe Programme (DIGITAL) work program for 2025 to 2027
An unsecured database used by a generative AI app revealed prompts and tens of thousands of explicit images—some of which are likely illegal. The company deleted its websites after WIRED reached out.
Download Talos' 2024 Year in Review now, and access key insights on the top targeted vulnerabilities of the year, network-based attacks, email threats, adversary toolsets, identity attacks,...
U.S. President Donald Trump announced in a Presidential document that he has extended the national emergency concerning ongoing... The post President Trump extends national emergency over cyber...
The UK’s National Cyber Security Agency has called on Next.js users to patch CVE-2025-29927
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this blog, we share...
Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage
The DoJ has managed to recoup over $8m from scammers, stolen in romance baiting schemes
Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat...
This is a weekly threat intelligence report review from RST Cloud. This week, we analysed 57 threat intelligence reports and compiled a brief summary of each, along with the relevant extracted...
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented...
Key Takeaways Case Summary This case from May 2024 started with a malicious download from a website mimicking the teleconferencing application Zoom. When visiting the website and downloading a...
Learn about CVE-2025-24813 affecting Apache Tomcat products. Patch now to prevent remote code execution.
Last weekend, Jeffrey Goldberg, editor-in-chief of The Atlantic, found himself at the center of a digital fiasco when he was unexpectedly added to a Signal group chat with 17 U.S. government...
AhnLab SEcurity intelligence Center (ASEC) has recently discovered the Remcos malware disguised as a waybill from a major shipping company. This article details the distribution distribution flow...
Microsoft has begun testing a new Windows 11 tool called Quick Machine Recovery, which is designed to remotely deploy fixes for buggy drivers and configurations that prevent the operating system...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched...
A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. [...]
Microsoft has removed the 'BypassNRO.cmd' script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system. [...]
As the digital transformation shapes the industrial cybersecurity sector, organizations must increasingly be prepared to adopt cyber risk... The post Industrial Cybersecurity Market Outlook 2025:...
Kingston's IronKey is one of the most secure USBs you can buy, from a military-standardized build to a complex passphrase mode.
Massive Twitter (X) data breach exposes details of 2.8 billion users; alleged insider leak surfaces with no official response from the company.
Massive Twitter (X) data breach exposes details of 2.8 billion users; alleged insider leak surfaces with no official response from the company.
Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a...