A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to…
In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer. – Read More
Analyzing binary code helps vendors and organizations detect security threats and zero-day vulnerabilities in the software supply chain, but it doesn’t come without challenges. It looks like AI has come…
A Russian APT known as “Gamaredon” is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine. – Read More
A new threat vector exploits how modern browsers save HTML files, bypassing Mark of the Web and giving attackers another social-engineering attack for delivering malware. – Read More
Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.…
Incidents of ClickFix — the social engineering attack technique that tricks users into executing malicious code — are skyrocketing. ClickFix attacks typically involve displaying a fake error or counterfeit CAPTCHA…
The ever-growing volume of vulnerabilities and threats requires organizations to remain resilient and anti-fragile — that is, to be able to proactively respond to issues and continuously improve. – Read…
Sollte das CVE-Programm eingestellt werden, wäre die Bewertung und Behebung von Sicherheitslücken schwieriger. Dave Hoeek – shutterstock.com Der jüngste kurze Panikausbruch wegen der möglichen Einstellung des Common Vulnerabilities and Exposures…
By using social engineering tactics, threat actors are able to manipulate their victims into saving and renaming files that will backfire against them. – Read More
The International Criminal Court (ICC) has fallen victim to another sophisticated cyberattack, the second major cyber espionage attempt targeting the war crimes tribunal in just two years. The latest incident…
A critical remote code execution (RCE) bug in Anthropic’s Model Context Protocol (MCP) inspector tool could allow attackers to run arbitrary commands on developer machines when they visit a malicious…
It was a moment of realization for our mid-size law team. As we were constructing a new cloud-native analytics pipeline that spanned our private data center and public clouds, we…
Next steps and critical considerations for the road ahead (sponsored content). – Read More
With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous? Where do you turn when firewalls…