Cybersecurity

Cybercriminals exploit HTTP header refresh techniques in phishing campaigns targeting corporations, government agencies, and schools for credential th

Infection corrals devices running AOSP-based firmware into a botnet.

Fake Python job opportunities used to attack programmers

Apple patches Vision Pro vulnerability after GAZEploit attack exposes keystroke inference risk via gaze tracking.

New Linux malware 'Hadooken' targets Oracle Weblogic, deploys crypto miners and DDoS botnet. Exploits vulnerabilities for lateral movement.

The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.

Vo1d malware infects 1.3M Android TV boxes in 197 countries. Learn about this new backdoor threat and how it compromises device security.

.mobi top-level-domain managers changed the location of its WHOIS server. No one got the memo.

Two algorithms added so far, two more planned in the coming months.

With an immature codebase and a "rather chaotic encryption scheme" prone to failure, the group targets small businesses with custom malware.

New RAMBO attack exploits radio signals from RAM to steal data from air-gapped networks, posing cybersecurity risks.

Discover PIXHELL, a new side-channel attack exploiting screen-generated noise to breach air-gapped computers and exfiltrate sensitive data.

This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year.

The Quad7 botnet evolves and targets new  SOHO devices, including Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog.

Though the company reports that data was exfiltrated in the breach, it has been remained tightlipped regarding the kind of data that was exposed.

Polish security officials announced that they successfully thwarted cyberattacks that were carried out by Russia and Belarus.

DockerSpy scans Docker Hub for images and retrieves sensitive information, including authentication secrets, private keys, and other data.

SpyAgent malware targets Android users, steals crypto wallet keys using OCR. Spreads via fake apps, evolves to use WebSockets. Expands from South Kore

Chinese hackers exploit Visual Studio Code in cyberattacks on Southeast Asian governments. New technique uses reverse shell for espionage and data the

A new cluster of activity linked to Predator spyware using a new infrastructure was spotted following sanctions against Intellexa Consortium

A previously undocumented threat actor tracked TIDRONE targets organizations in military and satellite industries in Taiwan.

The funds from Germany’s Sovereign Tech Fund will be used to integrate security features such as zero trust capabilities and tools for software bill of materials.

Optical Character Recognition converts passwords shown in images to machine-readable text.

WordPress LiteSpeed Cache plugin vulnerability could allow unauthenticated account takeover. Update now to fix the issue.

In the past, the group has targeted different sectors in East and Southeast Asia, but recently has pivoted its focus to the Middle East, specifically to entities that publish human rights studies.

Most serious vulnerabilities carry severity ratings of 9.8 and 8.1 out of a possible 10.