LockBit is widely recognised as the world’s most prolific and harmful ransomware, causing billions of euros worth of damage.This international sweep follows a complex investigation led by the UK National Crime Agency in the framework of an international taskforce known as ‘Operation Cronos’, coordinated at European level by Europol and Eurojust.The months-long operation has resulted in the compromise of LockBit’s...

The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month.

As the damage caused by ransomware and profits flowing to attackers reaches record levels, a panel of cybersecurity and policy experts reviewed what it might take

LockBit — the most prolific ransomware group in the world — had its website seized Monday as part of an international law enforcement operation that involved the U.K.’s National Crime Agency, the FBI, Europol and several international police agencies.

Russian hackers attacked several popular Ukrainian media outlets over the weekend, posting fake news related to the war.

I began my search for opportunities and stumbled upon a list of eligible websites for bug hunting at https://gist.github.com/R0X4R/81e6c50c091a20b060afe5c259b58cfa. This list became my starting…

Law enforcement agencies from 11 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos.

Lockbit, a notorious cybercrime gang that holds its victims' data to ransom, has been disrupted in a rare international law enforcement operation by Britain’s National Crime Agency and the U.S. Federal Bureau of Investigation, according to a post on the gang’s extortion website on Monday.

The leaked documents supposedly discuss spyware developed by I-Soon, a Chinese infosec company, that’s targeting social media platforms, telecommunications companies, and other organizations worldwide. Researchers suspect the operations are orchestrated by the Chinese government.

Unknown individuals allegedly leaked a trove of Chinese government documents on GitHub. The documents reveal how China conducts offensive cyber operations with spyware developed by I-Soon, Taiwanese threat intelligence researcher Azaka Sekai claims.

he National Research Center for Applied Cybersecurity ATHENE has uncovered a critical flaw in the design of DNSSEC, the Security Extensions of DNS (Domain Name System). DNS is one of the fundamental building blocks of the Internet. The design flaw has devastating consequences for essentially all DNSSEC-validating DNS implementations and public DNS providers, such as Google and Cloudflare. The ATHENE team, led by Prof. Dr. Haya Schulmann from Goethe University Frankfurt, developed “KeyTrap”, a new class of attacks: with just a single DNS packet hackers could stall all widely used DNS implementations and public DNS providers. Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging. With KeyTrap, an attacker could completely disable large parts of the worldwide Internet. The researchers worked with all relevant vendors and major public DNS providers over several months, resulting in a number of vendor-specific patches, the last ones published on Tuesday, February 13. It is highly recommended for all providers of DNS services to apply these patches immediately to mitigate this critical vulnerability.

Cybersecurity firm ESET has addressed a high-severity elevation of privilege vulnerability in its Windows security solution.

The U.S. Government Accountability Office said Monday that CGI Federal, an IT contractor and unit of CGI Inc , notified the agency of a data breach last month affecting about 6,000 current and former GAO employees.

Poland’s new prime minister says he has documentation proving that state authorities under the previous government used the powerful Pegasus spyware illegally and targeted a “very long” list of hacking victims.

Après la cyberattaque dont a été victime le Centre Hospitalier d’Armentières dans la nuit du 10 au 11 février 2024, la direction commune CHU de Lille / CH d’Armentières a engagé des mesures d’urgence et de sécurité pour assurer la continuité des soins, garantir la sécurité des patients, et protéger les données face aux attaques des pirates informatiques.

Air Canada appears to have quietly killed its costly chatbot support.

In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!

Insikt Group has observed TAG-70 leveraging cross-site scripting (XSS) vulnerabilities against Roundcube webmail servers in Europe, targeting government, military, and national infrastructure.

Today we are open-sourcing Magika, Google’s AI-powered file-type identification system, to help others accurately detect binary and textual file types. Under the hood, Magika employs a custom, highly optimized deep-learning model, enabling precise file identification within milliseconds, even when running on a CPU.

Today, many seasoned security professionals will tell you they’ve been fighting a constant battle against cybercriminals and state-sponsored attackers. They will also tell you that any clear-eyed assessment shows that most of the patches, preventative measures and public awareness campaigns can only succeed at mitigating yesterday’s threats — not the threats waiting in the wings.

That could be changing. As the world focuses on the potential of AI — and governments and industry work on a regulatory approach to ensure AI is safe and secure — we believe that AI represents an inflection point for digital security. We’re not alone. More than 40% of people view better security as a top application for AI — and it’s a topic that will be front and center at the Munich Security Conference this weekend.

Google has confirmed a new security scheme which, it says, will help “secure, empower and advance our collective digital future” using AI. Part of this AI Cyber Defence Initiative includes open-sourcing the new, AI-powered, Magika tool that is already being used to help protect Gmail users from potentially problematic content.