Using a malicious Chrome extension, researchers showed how an attacker could inject custom code into a victim’s Opera browser to exploit special and powerful APIs, used by developers and typically…
Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before. – Read More
A professional-grade tool set, appropriately dubbed “CloudScout,” is infiltrating cloud apps like Microsoft Outlook and Google Drive, targeting sensitive info for exfiltration. – Read More
In the latest attack against ISPs, second-largest French provider Free fell victim to unknown cyberattackers who attempted to sell the compromised data it stole from the company on an underground…
A collaboration with the FBI and law-enforcement agencies in Europe, the UK, and Australia, Operation Magnus has seized servers and source code related to the two malware families, which have…
Great CISOs are in short supply, so choose wisely. Here are five ways to make sure you’ve made the right pick. – Read More
Sophos CEO Joe Levy says $859 million deal to acquire SecureWorks from majority owner Dell Technologies will put the Taegis platform — with network detection and response, vulnerability detection and…
Windows 11 machines remain open to downgrade attacks, where attackers can abuse the Windows Update process to revive a patched driver signature enforcement (DSE) bypass. – Read More
The nation leads in the number of capture-the-flag tournaments sponsored by government and industry — a strategy from which Western nations could learn. – Read More
Delta argues that it lost hundreds of million of dollars in downtime and other costs in the aftermath of the incident, while CrowdStrike says it isn’t liable for more than…
Posing as an application used to locate Ukrainian military recruiters, a Kremlin-backed hacking initiative delivers malware, along with disinformation designed to undermine sign-ups for soldiers in the war against Russia.…
LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do…
Relying on EOL software leaves critical systems exposed — making it a problem no business can afford to ignore. – Read More
The networking company found liable for illegally gathering user data for targeted advertising by the Irish Data Protection Commission. – Read More
Kremlin intelligence carried out a wide-scale phishing campaign in contrast to its usual, more targeted operations. – Read More