Infosec News

We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.

Mandiant collaborated with Fortinet to investigate mass zero-day exploitation of FortiManager appliances.

The lawsuit, filed by an election clerk and voter, seeks to block the state from using its online election portal due to purported cybersecurity deficiencies.

Threat actors exploit Amazon S3 in ransomware attacks, using AWS credentials for data theft.

Check out the the Cybersecurity Compass, which is an integrated cyber defense strategy framework for 2024.

The bug carries a critical severity score of 9.8 and could allow hackers to steal troves of sensitive information that would facilitate further access.

CISA alerts on active exploitation of a SharePoint flaw, urging federal agencies to apply patches quickly.

This article by Trend Micro CEO Eva Chen brings focus back to striking the cybersecurity strategies balance between business C-suite and information technology (IT) departments.

Easterseals Central Illinois filed a breach notification with regulators. A ransomware gang known for attacks on hospitals appears to be extorting the nonprofit for more than $1 million.

New variants of Grandoreiro malware emerge, using advanced tactics to evade detection and targeting banks globally.

Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell...

The Justice Department said Penn State had pledged to resolve cybersecurity shortcomings but “did not pursue plans of action to do so.”

Explore rising identity security concerns and key insights from Permiso's latest report on breaches.

This is the first blog in a series on Rogue AI. Later articles will include technical guidance, case studies and more.

Operation Overload, also referred to as Matryoshka and Storm-1679, has aimed "significant resources" at the U.S. presidential election and particularly Democrat Kamala Harris’ campaign, according to new research.

Discover how organizational culture impacts SaaS security and why proactive measures are essential for protection.

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts d...

We examine an LLM jailbreaking technique called "Deceptive Delight," a technique that mixes harmful topics with benign ones to trick AIs, with a high success rate. We examine an LLM jailbreaking technique called "Deceptive Delight," a technique that mixes harmful topics with benign ones to trick AIs...

Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain.

Discover the new "Deceptive Delight" technique for jailbreaking AI models, posing significant cybersecurity risks.

Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt.

Linux Kernel N-day Exploit/Analysis. Contribute to MaherAzzouzi/LinuxKernel-nday development by creating an account on GitHub.