A Moscow legal battle strongly indicates that phone forensics tools used by both the FBI and FSB are exploiting security loopholes in Apple’s operating system.

Genetic testing company 23andMe revealed that its data breach was much worse than previously reported, hitting about half of its total customers.

Cado Security Labs has been monitoring on the rapid growth of a cross-platform botnet, named “P2Pinfect”. Here's the latest updates.

Credit union technology firm Trellance own Ongoing Operations LLC, and provide a platform called Fedcomp — used by double digit number of other credit unions across the United States. This Fedcomp…

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors.

It's said that a good magician never reveals their secrets. Computer hacking is a particularly good type of magic trick, and for the most part, hackers don't reveal their secrets either. It's sometimes hard to reconcile this, because we read about hacking all the time -- in newspapers, at conferences,

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN.

The Binarly REsearch team investigates vulnerable image parsing components across the entire UEFI firmware ecosystem and finds all major device manufacturers are impacted on both x86 and ARM-based devices.

Some hallucinations could ‘potentially induce cardiac incidents in Legal,’ according to internal documents

Learn how a threat actor used spearphishing emails and social engineering tactics to obtain a hotel’s credentials and solicit customers’ payment information.

In the heart of International Geneva, a diverse ecosystem thrives, housing 38 international organizations (IOs), 432 non-governmental organizations (NGOs), and several hundred associations active at an international level, all united by a shared mission: to make the world a place of peace and justice. NGOs are the unsung heroes, addressing armed conflicts, natural disasters, and humanitarian crises, championing human rights, and advancing the Sustainable Development Goals (SDGs). Like many other organizations, NGOs heavily rely on technology, which is critical for projecting their activities globally in real time. Yet, in today’s digital landscape, this reality brings its own set of challenges.

Deep technical details of how we combined HTTP request tunneling and path traversal vulnerabilities to permit unauthorized RCE in Qlik Sense.

In the hidden corners of the internet, a parallel economy thrives—one that operates beyond the reach of conventional search engines and law enforcement agencies. Dark Web Forums have become the breeding grounds for cybercriminals.

In the world of cybersecurity, Exploit in is a well-known private Russian hacker forum. Since it began in 2012, the forum has developed into a well-known exchange and sales platform for various cybercrime tools and stolen data. A wide range of cybercrime-related topics are covered by Exploit, such as credit card information, email spamming tools, social engineering, security & vulnerabilities, social network hacking, cryptography, cracked tools, buying and selling of hacked databases, info-stealer & Malware as a service (Maas). The creators of Exploit, a well-known cybercrime forum where ransomware gangs recruit affiliates and promote their Ransomware-as-a-Service (RaaS) offerings, have declared that ransomware advertisements are no longer permitted and will be taken down.

Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle (MitM) attacks.

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach.

Play ransomware has turned into Ransomware-as-a-Service (RaaS), allowing other cybercriminals to use it.

Microsoft has uncovered a supply chain attack by the threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, decrypts, and loads a second-stage payload. The file, which was signed using a valid certificate issued to CyberLink Corp., is hosted on legitimate update infrastructure owned by the organization.

Northwell Health and Cook County Health both notified patients of a third-party data breach that originated at Perry Johnson & Associates, a medical transcription vendor.
The HHS data breach portal now shows that the Perry Johnson & Associates data breach impacted nearly 9 million individuals, making it one of the largest reported healthcare data breaches this year.

Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.

Japan's space agency was hit with a cyberattack but the information the hackers accessed did not include anything important for rocket and satellite operations, a spokesperson said on Wednesday.