Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. A recently surfaced 84-page ...

The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more. Cyberattackers are targeting uninterruptible power supply (UPS) devices, which ...

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. After a recent dip, ransomware attacks are back on the rise. According to data released by ...

The living-off-the-land binary (LOLBin) is anchoring a rash of cyberattacks bent on evading security detection to drop Qbot and Lokibot. A Windows living-off-the-land binary (LOLBin) known as Regsvr32 ...

Malicious emails warning Microsoft users of “unusual sign-on activity” from Russia are looking to capitalizing on the Ukrainian crisis. While legitimate concerns abound about the Russian-Ukrainian ...

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks. On April 23rd, 2022, a Discord user with the handle “Portu” began advertising a ...

Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al.

Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods. Threat actors once again are using the node ...

Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access. Remote Desktop Protocol (RDP) pipes have ...

Researchers uncovers “ultimate man-in-the-middle attack” that used an elaborate spoofing campaign to fool a Chinese VC firm and rip off an emerging business. Hackers pulled off an elaborate man-in-the ...

SEGA’s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets. Gaming giant SEGA Europe recently discovered that its sensitive data was ...

The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play. Nearly 500 malicious apps lurking on the Google ...