CoffeeLoader Malware Is Stacked With Viscous Evasion Tricks

Next-level malware represents a new era of malicious code developed specifically to get around modern security software like digital forensics tools and EDR, new research warns.

DoJ Seizes Over $8M from Sprawling Pig Butchering Scheme

The department was able to trace the stolen funds to three main cryptocurrency accounts after being routed through a series of other platforms.

CISA Warns of Resurge Malware Connected to Ivanti Vuln

Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January.

Qakbot Resurfaces in Fresh Wave of ClickFix Attacks

Attackers post links to fake websites on LinkedIn to ask people to complete malicious CAPTCHA challenges that install malware.

GSA Plans FedRAMP Revamp

The General Services Administration is planning to use automation to speed up the process to determine which cloud services federal agencies are allowed to buy.

Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations

SecurityScorecard 2025 Global Third-Party Breach Report Reveals Surge in Vendor-Driven Attacks

Malaysia PM Refuses to Pay $10M Ransomware Demand

The attack hit the Kuala Lumpur airport over the weekend, and it remains unclear who the threat actors are and what kind of information they may have stolen.

Concord Orthopaedic Notifies Individuals of Security Incident

OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update

The artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward.

Security Tech That Can Make a Difference During an Attack

The recent report of how Volt Typhoon compromised systems at a water utility highlights security technologies and processes that helped detect the compromise and clean up the network.

DoJ Recovers $5M Lost in BEC Fraud Against Workers' Union

The union received a spoofed email that led to the loss of $6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange.

Security Tech That Can Make a Difference During an Attack

The recent report of how Volt Typhoon compromised systems at a water utility highlight security technologies and processes that helped detect the compromise and clean up the network.

High-Severity Cloud Security Alerts Tripled in 2024

Attackers aren't just spending more time targeting the cloud — they're ruthlessly stealing more sensitive data and accessing more critical systems than ever before.

Security Expert Troy Hunt Lured in by Mailchimp Phish

Hunt quickly took to his blog to notify the public of the breach and provide further details on how this could have happened.

Cybersecurity Gaps Leave Doors Wide Open

Attackers don't always need to resort to sophisticated gambits to break and enter; organizations often make it easy for them to walk right in.

Public-Private Ops Net Big Wins Against African Cybercrime

Three cybersecurity firms worked with Interpol and authorities in Nigeria, South Africa, Rwanda, and four other African nations to arrest more than 300 cybercriminals.

South African Poultry Company Reports $1M Loss After Cyber Intrusion

The company reports that no sensitive information was breached or stolen in the cyber intrusion and that its operations are running normally again.

Accused Snowflake Attacker 'Judische' Agrees to US Extradition

Though there is no confirmation as to when this extradition will occur, Alexander Moucka agreed to be transferred in writing before a judge.

Critical 'IngressNightmare' Vulns Imperil Kubernetes Environments

More than 40% of all Internet-facing container orchestration clusters are at risk.

China-Nexus APT 'Weaver Ant' Caught in Yearslong Web Shell Attack

The persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia.

FCC Investigates China-Backed Tech Suppliers for Evading US Operations Ban

FCC chairman warns these companies may still be operating in the US because they don't believe that being added to its "Covered List" poses any serious risk.

Oracle Denies Claim of Oracle Cloud Breach of 6M Records

A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.

Is the Middle East's Race to Digitize a Threat to Infrastructure?

As the region continues with its ambitious road map, cybersecurity must be woven into every step of the process.

What CISA's Red Team Disarray Means for US Cyber Defenses

DOGE is making wild moves at CISA, including bringing back fired probationary employees only to put them on paid leave, and reportedly gutting the agency's red teams.

Attackers Pivot to SEMrush Spoof to Steal Google Credentials

The attackers are taking an indirect approach to targeting SEO professionals and their Google credentials, using a fake digital marketing website.

Nation-State 'Paragon' Spyware Infections Target Civil Society

Law enforcement entities in democratic states have been deploying top-of-the-line messaging app spyware against journalists and aid workers.

Why Cyber Quality Is the Key to Security

The time to secure foundations, empower teams, and make cyber resilience the standard is now — because the cost of waiting is far greater than the investment in proactive security.

University Competition Focuses on Solving Generative AI Challenges

The Amazon Nova AI Challenge puts student research to the test and aims to bring a new perspective to challenges arising from the increase in AI-assisted software development.

VexTrio Using 20,000 Hacked WordPress Sites in Traffic Redirect Scheme

A massive cybercrime network known as "VexTrio" is using thousands of compromised WordPress sites to funnel traffic through a complex redirection scheme.

Why It's So Hard to Stop Rising Malicious TDS Traffic

Cybersecurity vendors say threat actors' abuse of traffic distribution systems (TDS) is becoming more complex and sophisticated — and much harder to detect and block.

Enterprises Gain Control Over LLM Oversharing With Prompt Security's GenAI Authorization

Infosys Settles $17.5M Class Action Lawsuit After Sprawling Third-Party Breach

Several major companies in the finance sector were impacted by the third-party breach, prompting them to notify thousands of customers of their compromised data.

Women in CyberSecurity and ISC2 Announce the WiCyS + ISC2 Certified in CybersecuritySM Certification Spring Camp

AI Cloud Adoption Is Rife With Cyber Mistakes

Research finds that organizations are granting root access by default and making other big missteps, including a Jenga-like building concept, in deploying and configuring AI services in cloud deployments.

Google to Acquire Wiz for $32B in Multicloud Security Play

The all-cash deal offers a path for Google to better support cloud customers who have assets spread across public environments, including Azure and others.

Black Basta Leader in League With Russian Officials, Chat Logs Show

Though the chat logs were leaked a month ago, analysts are now seeing that Russian officials may have assisted Black Basta members according, to the shared messages.

Extortion Reboot: Ransomware Crew Threatens Leak to Snowden

Though the group initially stuck to classic ransomware TTPs before demanding the ransom, it went off script when it began threatening the group and detailing potential consequences the victim would face.

Denmark Warns of Increased Cyber Espionage Against Telecom Sector

A new threat assessment from the Danish Civil Protection Authority (SAMSIK) warned of cyberattacks targeting the telecommunications sector after citing a wave of incidents hitting European organizations the past few years.

Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit

The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.

RansomHub Taps FakeUpdates to Target US Government Sector

A ransomware activity wave using the SocGholish MaaS framework for initial access also has affected banking and consulting firms in the US, Taiwan, and Japan since the beginning of the year.

How 'Open Innovation' Can Help Solve Problems Faster, Better & Cheaper

Cybersecurity is not just a technical challenge but also a very human one. The more humans that organizations can get involved, the more diverse perspectives and experiences that can be tapped into.

How Economic Headwinds Influence the Ransomware Ecosystem

Inflation, cryptocurrency market volatility, and the ability to invest in defenses all influence the impact and severity of a ransomware attack, according to incident response efforts and ransomware negotiators.

Intel’s Secure Data Tunnel Moves AI Training Models to Data Sources

The chip maker's Tiber Secure Federated AI service creates a secure tunnel between AI models on remote servers and data sources on origin systems.

Man-in-the-Middle Vulns Provide New Research Opportunities for Car Security

A pair of researchers plan on detailing effective tools to dig into the effectiveness of vehicle cybersecurity without breaking the bank.

Ransomware Developer Extradited, Admits Working for LockBit

Law enforcement discovered admin credentials on the suspect's computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder.

Threat Actor Tied to LockBit Ransomware Targets Fortinet Users

The Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit.

Remote Access Infra Remains Riskiest Corp. Attack Surface

Exposed login panels for VPNs and remote access systems leave companies open to attack, sometimes tripling the risk of ransomware and making it harder to get cyber insurance.

Consumer Groups Push IoT Security Bill to Address EoL Concerns

Consumer Reports, Secure Resilient Future Foundation (SRFF) and US Public Interest Research Group (PIRG) introduced a model bill to increase transparency around Internet of Things that have reached end-of-life status.

FBI, CISA Raise Alarms As Medusa Ransomware Attacks Grow

Medusa developers have been targeting a wide variety of critical infrastructure sectors, from healthcare and technology to manufacturing and insurance, racking up its victim count as it seemingly adds to its numbers of affiliates.

NIST Finalizes Differential Privacy Rules to Protect Data

The National Institute of Standards and Technology (NIST) released updated differential privacy guidelines for organizations to follow to protect personally identifiable information when sharing data.

Apple Drops Another WebKit Zero-Day Bug

A threat actor leveraged the vulnerability in an "extremely sophisticated" attack on targeted iOS users, the company says.

Volt Typhoon Strikes Massachusetts Power Utility

The prolonged attack, which lasted 300+ days, is the first known compromise of the US electric grid by the Voltzite subgroup of the Chinese APT; during it, the APT attempted to exfiltrate critical OT infrastructure data.

The CISO as Business Resilience Architect

To truly become indispensable in the boardroom, CISOs need to meet the dual demands of defending against sophisticated adversaries while leading resilience strategies.

Whopping Number of Microsoft Zero-Days Under Attack

The number of zero-day vulnerabilities getting patched in Microsoft's March update is the company's second-largest ever.

'Desert Dexter' Hot Button Facebook Ads Tag Mideast Victims

A Libya-linked threat actor has resurfaced attacking the Middle East and North Africa, using the same old political phishing tricks to deliver AsyncRAT that have worked for years.

'SideWinder' Intensifies Attacks on Maritime Sector

The likely India-based threat group is also targeting logistics companies in a continued expansion of its activities.

Google Pays Out Nearly $12M in 2024 Bug Bounty Program

The program underwent a series of changes in the past year, including richer maximum rewards in a variety of bug categories.

APT 'Blind Eagle' Targets Colombian Government

The South American-based advanced persistent threat group is using an exploit with a "high infection rate," according to research from Check Point.

Ex-Employee Found Guilty in Revenge Kill-Switch Scheme

Clandestine kill switch was designed to lock out other users if the developer's account in the company's Windows Active Directory was ever disabled.

GitHub-Hosted Malware Infects 1M Windows Users

Microsoft has identified a complex, malvertising-based attack chain that delivered Lumma and other infostealers to enterprise and consumer PC users; the campaign is unlikely the last of its kind.

Cybercrime's Cobalt Strike Use Plummets 80% Worldwide

Fortra, Microsoft, and Health-ISAC have combined forces to claw back one of hackers' most prized attack tools, with massive takedowns.

Zero-Days Put Tens of 1,000s of Orgs at Risk for VM Escape Attacks

More than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week.

Taylor Swift Ticket Thieves Charged in Court for Resale Operation

The pair found a loophole through StubHub's services, allowing them to steal tickets and resell them for personal profit, amassing hundreds of thousands of dollars.

'EncryptHub' OPSEC Failures Reveal TTPs & Big Plans

Is EncryptHub the most prolific cybercriminal in recent history? Or, as new information suggests, a bumbling amateur?

Under Pressure: US Charges China's APT-for-Hire Hackers

The US Justice Department on Wednesday announced charges against members of the Chinese-backed i-Soon "secret" APT and APT27, the latter implicated in January's Treasury breach.

Enterprise AI Through a Data Security Lens: Balancing Productivity With Safety

Recently, 57 countries signed an agreement pledging an "open" and "inclusive" approach to AI's development. The US and UK were not among them, with the US vice president implying productivity should be the priority over safety. Should the opportunity for AI to drive innovation and productivity be prioritized over safety and security?

China's Silk Typhoon APT Shifts to IT Supply Chain Attacks

The nation-state threat group has been breaching providers of remote management tools, identity management providers, and other IT companies to access networks of targeted entities, according to Microsoft.

'Crafty Camel' APT Targets Aviation, OT With Polygot Files

The Iran-linked nation-state group made its debut with a stealthy, sophisticated, and laser-focused cyber-espionage attack on targets in UAE.

Bogus 'BianLian' Gang Sends Snail-Mail Extortion Letters

The letters mimic typical ransom notes and threaten to delete or leak compromised data if payments aren't made, though none of the organizations that received them had active ransomware attacks.

Serbian Police Hack Protester's Phone With Cellebrite Exploit Chain

Amnesty International said Serbian police used an exploit chain in tandem with legitimate mobile extraction dongle from vendor Cellebrite in an attack that brings up questions around ethical technology development.

North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds

Fraudulent IT workers are looking for engineering and developer positions in the US and Japan, and this time it's not about espionage.

Pentagon, CISA Deny Change in US Cyber Policy on Russia

Media reports over the weekend suggested the Trump Administration ordered US Cyber Command and CISA to draw down cyber activities targeting Russia.

Qilin Cybercrime Ring Claims Credit for Lee Newspaper Breach

The ransomware-as-a-service (RaaS) cybercrime group intends to leak the stolen information in just two days, it claims; but oddly, it doesn't seek a ransom payment from its victim.

Phishers Wreak 'Havoc,' Disguising Attack Inside SharePoint

A complex campaign allows cyberattackers to take over Windows systems by a combining a ClickFix-style attack and sophisticated obfuscation that abuses legitimate Microsoft services.

EU's New Product Liability Directive & Its Cybersecurity Impact

By proactively addressing liabilities tied to software updates, data loss, and AI technologies, businesses can mitigate risks and achieve compliance.

Latin American Orgs Face 40% More Attacks Than Global Average

Technological adoption, demographics, politics, and uniquely Latin American law enforcement challenges have combined to make the region uniquely fertile for cyberattacks.

Cisco's SnapAttack Deal Expands Splunk's Capabilities

The addition of SnapAttack, a startup incubated by Booz Allen Hamilton’s Darklabs, will enhance Splunk with accelerated SIEM migration and proactive threat hunting.

Third-Party Risk Top Cybersecurity Claims

Data collected by cyber-insurers show that ransomware accounts for the majority of insurance claims, but that much of the losses stem from third-party breaches affecting policyholders.