The British government accused a unit of Russia’s Federal Security Service (FSB) on Thursday of using cyberattacks in a “sustained but unsuccessful” campaign to undermine democratic institutions in the country.

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation.

Wasn't certain where to drop this but... woke up to a coworker texting me the attached photo. Luckily they renamed the PLC to "GAZA" and didn't actually do too much damage.

The company’s AirLink cellular routers are often used in critical infrastructure sectors, such as government and emergency services.

JTL security researchers discover how Lockdown Mode on iOS can be manipulated by a threat actor on compromised or jailbroken iPhones to trick users into believing that their device is protected by Lockdown Mode when in reality when in fact, it's not.

A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address.
Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a “free lunch”. They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into installing malware as well.

Unidentified governments are surveilling smartphone users by tracking push notifications that move through Google's and Apple's servers, a US...
In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from the tech giants to track smartphones. The traffic flowing from apps that send push notifications put the companies "in a unique position to facilitate government surveillance of how users are using particular apps," Wyden said. He asked the Department of Justice to "repeal or modify any policies" that hindered public discussions of push notification spying.

Unidentified governments are surveilling smartphone users via their apps' push notifications, a U.S. senator warned on Wednesday.

Windows 10's end-of-support date is October 14, 2025. That's the day that most Windows 10 PCs will receive their last security update and the date when most people should find a way to move to Windows 11 to ensure that they stay secure.

As it has done for other stubbornly popular versions of Windows, though, Microsoft is offering a reprieve for those who want or need to stay on Windows 10: three additional years of security updates, provided to those who can pay for the Extended Security Updates (ESU) program.

Atlassian has released software fixes to address four critical flaws in its software that could lead to remote code execution.

A Moscow legal battle strongly indicates that phone forensics tools used by both the FBI and FSB are exploiting security loopholes in Apple’s operating system.

Genetic testing company 23andMe revealed that its data breach was much worse than previously reported, hitting about half of its total customers.

Cado Security Labs has been monitoring on the rapid growth of a cross-platform botnet, named “P2Pinfect”. Here's the latest updates.

Credit union technology firm Trellance own Ongoing Operations LLC, and provide a platform called Fedcomp — used by double digit number of other credit unions across the United States. This Fedcomp…

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors.

It's said that a good magician never reveals their secrets. Computer hacking is a particularly good type of magic trick, and for the most part, hackers don't reveal their secrets either. It's sometimes hard to reconcile this, because we read about hacking all the time -- in newspapers, at conferences,

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN.

The Binarly REsearch team investigates vulnerable image parsing components across the entire UEFI firmware ecosystem and finds all major device manufacturers are impacted on both x86 and ARM-based devices.

Some hallucinations could ‘potentially induce cardiac incidents in Legal,’ according to internal documents

Learn how a threat actor used spearphishing emails and social engineering tactics to obtain a hotel’s credentials and solicit customers’ payment information.