Cybersecurity

Adversary-in-the-middle attacks can strip out the passkey option from login pages that users see, leaving targets with only authentication choices that force them to give up credentials.

Google ships an Android security update with fixes for 15 vulnerabilities, including a critical-severity flaw in Framework.

Splunk has patched multiple vulnerabilities in Splunk Enterprise, including high-severity remote code execution bugs.

Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU.

Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach.

In this video I discuss the regreSSHion vulnerability CVE-2024-6387, how to mitigate it, and how vulnerabilities like this can be prevented in the future. Learn more about the bug below.

Apps that used code libraries hosted on CocoaPods were vulnerable for about 10 years.

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.

If security researchers can execute a guest-to-host attack using a zero-day vuln in the KVM open source hypervisor, Google will make it worth their while.

Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.

The remote access giant linked the cyberattack to government-backed hackers working for Russian intelligence, known as APT29.

Fasten your seat belts, secure your tray table, and try not to give away your passwords

The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their pr...

Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.

The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.

The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them dra...

Move comes weeks after Mozilla blasted certificate authority for failings

A competitor of the infamous Atomic Stealer targeting Mac users, has just launched a new campaign to lure in more victims.

A critical vulnerability in GitLab, CVE-2024-5655, has been disclosed, enabling attackers to run pipeline jobs under any user account. This vulnerability,

CISA on Wednesday warned that three older flaws in GeoServer, Linux kernel, and Roundcube webmail are exploited in the wild.

A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files.

Software company TeamViewer said it is investigating a possible intrusion of its internal corporate IT environment after discovering irregularities on Wednesday.

A data security officer from the Philippines admitted to hacking 93 websites, such as government and private company sites, as well as servers abroad.

The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.

LockBit claimed to have breached Federal Reserve but in fact the data came from Evolve Bank & Trust

Researchers with Google’s security arm say they have been dealing with a particularly nasty Chinese disinformation group running thousands of accounts.

A new report warns that Chinese APT groups are using ransomware to conceal cyber-espionage activity

Microsoft, OpenAI, Google, Meta genAI models could be convinced to ditch their guardrails, opening the door to chatbots giving unfettered answers on building bombs, creating malware, and much more.

A similar flaw last year left 1,800 networks breached. Will the latest one be as potent?

The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database.

Threat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday.

A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data.

List of websites and whether or not they support One Time Passwords (OTP) or Universal 2nd Factor (U2F).

Indonesia’s national data center has been compromised by a hacking group asking for a $8 million ransom that the government won’t pay.

<p>Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the pr...

Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites.

The vulnerability could leave AI inference servers open to remote code execution that would allow them to be taken over.