Cybersecurity

Canonical has released Ubuntu security updates to address several Ghostscript vulnerabilities identified by security researchers. These vulnerabilities could potentially allow attackers to bypass security restrictions or even execute malicious code on your system. Ghostscript is a widely used tool f...

An international law enforcement operation code-named Operation Morpheus led to the takedown of 593 Cobalt Strike servers used by crooks.

Attackers clear logs before exploitation and use "no caller ID" numbers to negotiate ransoms, complicating detection and forensics efforts.

OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps).

Never risk it when it comes to brisket – make sure those updates are applied

Brazil’s national data protection authority has determined that Meta cannot use data originating in the country to train its artificial intelligence.

The Polish government is investigating a potential connection between Russia and a cyberattack on the country’s state news agency.

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.

FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack.

Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact.

Adversary-in-the-middle attacks can strip out the passkey option from login pages that users see, leaving targets with only authentication choices that force them to give up credentials.

Google ships an Android security update with fixes for 15 vulnerabilities, including a critical-severity flaw in Framework.

Splunk has patched multiple vulnerabilities in Splunk Enterprise, including high-severity remote code execution bugs.

Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU.

Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach.

In this video I discuss the regreSSHion vulnerability CVE-2024-6387, how to mitigate it, and how vulnerabilities like this can be prevented in the future. Learn more about the bug below.

Apps that used code libraries hosted on CocoaPods were vulnerable for about 10 years.

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.

If security researchers can execute a guest-to-host attack using a zero-day vuln in the KVM open source hypervisor, Google will make it worth their while.

Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.

The remote access giant linked the cyberattack to government-backed hackers working for Russian intelligence, known as APT29.

Fasten your seat belts, secure your tray table, and try not to give away your passwords

The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their pr...

Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.

The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.

The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them dra...

Move comes weeks after Mozilla blasted certificate authority for failings

A competitor of the infamous Atomic Stealer targeting Mac users, has just launched a new campaign to lure in more victims.

A critical vulnerability in GitLab, CVE-2024-5655, has been disclosed, enabling attackers to run pipeline jobs under any user account. This vulnerability,

CISA on Wednesday warned that three older flaws in GeoServer, Linux kernel, and Roundcube webmail are exploited in the wild.

A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files.

Software company TeamViewer said it is investigating a possible intrusion of its internal corporate IT environment after discovering irregularities on Wednesday.

A data security officer from the Philippines admitted to hacking 93 websites, such as government and private company sites, as well as servers abroad.

The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.

LockBit claimed to have breached Federal Reserve but in fact the data came from Evolve Bank & Trust

Researchers with Google’s security arm say they have been dealing with a particularly nasty Chinese disinformation group running thousands of accounts.

A new report warns that Chinese APT groups are using ransomware to conceal cyber-espionage activity