Some users are still lamenting issues in using the encrypted email service
Cado Security Labs details the discovery of a new cross-platform information stealer malware dubbed "Meeten" targeting macOS and Windows users.
Two NHS trusts in England have been hacked in recent weeks, the latest attacks to hit the national health service.
FBI and CISA officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors.
This guide provides network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network
Anna Jaques Hospital revealed that the ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients.
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI)
Key findings from our analysis include:
Advanced Surveillance Capabilities:
Comprehensive Data Exfiltration:
Persistence Mechanisms:
Abuse of Legitimate Services:
Indicators of Compromise (IoCs):
Need for Collective Protection:
Cette décision est prise au lendemain de la déclassification de documents du renseignement national faisant état d’une opération d’envergure sur TikTok en faveur du candidat prorusse, Calin Georgescu, arrivé en tête du premier tour de l’élection présidentielle, à la surprise générale.
A recent, alleged Baltic Sea sabotage highlights the system’s fragility
Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.
VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.
Cisco on Dec. 2 updated an advisory from March 18 about a 10-year-old vulnerability in the WebVPN login page of Cisco’s Adaptive Security Appliance (ASA) software that could let an unauthenticated remote attacker conduct a cross-site scripting (XSS) attack.
In its recent update, the Cisco Product Security Incident Response Team (PSIRT) said it became aware of additional attempted exploitation of this vulnerability in the wild last month.
Afin de renforcer la solidarité et les capacités dans l'UE en matière de détection, de préparation et de réaction face aux menaces et incidents de cybersécurité, le Conseil a adopté ce jour deux nouveaux actes législatifs dans le cadre du "paquet" législatif sur la cybersécurité, à savoir le "règlement sur la cybersolidarité" et une modification ciblée du règlement sur la cybersécurité.
Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities.
BT Group (formerly British Telecom)'s Conferencing division shut down some of its servers following a Black Basta ransomware attack.
Senators briefed on the wide-ranging breaches by Chinese hackers called for action on Wednesday to protect the country's telecommunications networks.
We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed. We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed.
