Adobe issued an emergency patch for one of the most severe vulnerabilities ever discovered in the Magento Open Source ecommerce platform and Adobe Commerce, its enterprise counterpart. The flaw allows…
The threats may not be malicious, but they are more than many security teams can handle. – Read More
Chinese state-backed threat actors are suspected of posing as Michigan congressman John Moolenaar in a series of spearphishing attacks. – Read More
An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously undocumented fileless malware framework called EggStreme. “This multi-stage…
Phishing 2.0 nutzt Subdomain-Rotation und Geoblocking. janews – Shutterstock.com Eine kürzlich aufgedeckte Phishing-Kampagne steht in Verbindung mit Salty2FA, einem Phishing-as-a-Service-(PhaaS-)Framework. Es soll entwickelt worden sein, um Multi-Faktor-Authentifizierung (MFA) zu umgehen.…
As Kubernetes becomes the foundation of enterprise infrastructure, the underlying operating system must evolve alongside it. – Read More
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows…
Oasis Security has uncovered a flaw in the widely used AI-powered code editor Cursor that lets malicious repositories silently execute code the moment a developer opens them. According to a…
A new threat actor, The Gentlemen, has emerged as a fast-moving ransomware group that has rapidly expanded its activity across Asia Pacific, South America, the US, and the Middle East.…
With multiple persistence mechanisms, the modular malware can brute-force passwords, drop payloads, and communicate over different protocols. – Read More
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the…
The recent SalesLoft Drift breaches revealed an uncomfortable truth that keeps me up at night, and should keep every CISO awake, too. Organizations weren’t breached through their vendor. They weren’t…
Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that’s built into its newly introduced iPhone models, including iPhone 17 and iPhone Air. MIE, per the…
The House Select Committee on China has formally issued an advisory warning of an “ongoing” series of highly targeted cyber espionage campaigns linked to the People’s Republic of China (PRC)…
Introduction Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance…