Threat actors have claimed a cyber attack on two businesses owned by US President Donald Trump, allegedly bringing down their websites.
The new algorithm will serve as a backup for the general encryption needed to protect data from quantum computers developed in the future
Discover how the ClickFix social engineering attack exploits human psychology to bypass security. Learn how hackers use this tactic and how to protect against it.
Cybersecurity firm Lookout found several samples of a North Korean spyware it calls KoSpy.
Lookout researchers have discovered a novel Android surveillance tool dubber KoSpy. It is attributed to APT 37 aka ScarCruft
Affected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning
Attacks using this ransomware have displayed consistent TTPs and grown steadily since 2023.
GreyNoise data confirms that exploitation of CVE-2024-4577 extends far beyond initial reports. Attack attempts have been observed across multiple regions, with notable spikes in the United States, Singapore, Japan, and other countries throughout January 2025.
Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024.
Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery.
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented
DPRK IT workers exploit GitHub to pose as Asian developers, securing remote jobs to fund missile and nuclear programs.
Nisos has found six personas leveraging new and existing GitHub accounts to get developer jobs in Japan and the US
Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident.
While analyzing threats targeting WordPress frameworks, we found an attack where a single 3rd party JavaScript file was used to inject four separate backdoors into 1,000 compromised websites using cdn.csyndication[.]com/.
Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat actor along with insight into their recent activity as well as their longstanding tactics, techniques, and procedures (TTPs), including a persistent interest in the exploitation of zero-day vulnerabilities in various public-facing appliances and moving from on-premises to cloud environments.
A federal judge in Washington, D.C., today, unsealed two separate indictments that allege Chinese nationals Yin Kecheng, 38, (尹 可成) a/k/a “YKC” (“YIN”) and Zhou Shuai, 45, (周帅) a/k/a “Coldface” (“ZHOU”) violated various federal statutes by participating in years-long, sophisticated computer hacking conspiracies that successfully targeted a wide variety of U.S.-based victims
This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.
Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely.
ForitGuard Lab reveals a modified Havoc deployed by a ClickFix phishing campaign. The threat actor hides each stage behind SharePoint and also uses it as a C2.
