Deep-pocketed clients' customers & suppliers could be in the attacker's net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM. [...]

Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches. [...]

The bug could allow cyberattackers to bypass security products, tamper with data and run code in kernel mode. [...]

Advanced EASM solutions are crucial to automating the discovery of the downstream third-party (or fourth-party, or fifth-party, etc.) IT infrastructures that your organization is exposed to, and may be vulnerable to attack, posing a critical risk for your organization. [...]

The newly documented code is a full-service malware-delivery threat that's spreading indiscriminately globally through paid search ads. [...]

Podcast: Nothing, says a ransomware negotiator who has tips on staying out of the sad subset of victims left in the lurch, mid-negotiation, after REvil's servers went up in smoke. [...]

A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected. [...]

Hackers are stealing the identities of those lost in the condo-collapse tragedy. [...]

Podcast: Can a new SIM card and prepaid service from an MVNO help? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block spyware attacks. [...]

The secretive Israeli firm was allegedly storing 50,000+ mobile phone numbers for activists, journalists, business executives and politicians -- possible targets of iPhone and Android hacking. [...]

HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs. [...]

An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in. [...]

Curtis Simpson, CISO at Armis, discusses the top qualities that all CISOs need to possess to excel. [...]

Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited. [...]

Candiru, aka Sourgum, allegedly sells the DevilsTongue surveillance malware to governments around the world. [...]

Another vulnerability separate from PrintNightmare allows for local elevation of privilege and system takeover. [...]

The popular e-commerce platform for WordPress has started deploying emergency patches. [...]

First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app. [...]

SonicWall issued an urgent security alert warning customers that some of its current and legacy secure VPN appliances were under active attack. [...]

Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe. [...]

Ukrainian cops seize PlayStation 4 consoles, graphics cards, processors and more in cryptomining sting involving alleged electricity theft. [...]

The gang is using a new brute-forcer – “Diicot brute” – to crack passwords on Linux-based machines with weak passwords. [...]

Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps processes and systems to thwart cyberattacks. [...]

The attackers have spruced up the 'vncDll' module used for spying on targets and stealing data. [...]

The Joker premium billing-fraud malware is back on Google Play in a fresh onslaught, with an updated bag of tricks to evade scanners. [...]