Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk. [...]

A campaign by APT37 used a sophisticated malware to steal information about sources, which appears to be a successor to Bluelight. [...]

No government and customer data was accessed. [...]

How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures. [...]

Nate Warfield, CTO at Prevailion, discusses the dangers of focusing on zero-day security vulnerabilities, and how security teams are being distracted from the day-to-day work that prevents most breaches. [...]

A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs. [...]

Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes. [...]

Exploring what's next for public-cloud security, including top risks and how to implement better risk management. [...]

Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia. [...]

In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the company’s risk of direct or collateral damage. [...]

Fortinet's Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams. [...]

Connections that show the cybercriminal teams are working together signal shifts in their respective tactics and an expansion of opportunities to target victims. [...]

Threat actors have developed custom modules to compromise various ICS devices as well as Windows workstations that pose an imminent threat, particularly to energy providers. [...]

The DoJ is charging its founder, 21-year-old Portuguese citizen Diogo Santos Coelho, on six criminal counts, including conspiracy, access device fraud and aggravated identity theft. [...]

For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits. [...]

Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay. [...]

The APT28 (Advanced persistence threat) is operating since 2009, this group has worked under different names such as Sofacy, Sednit, Strontium Storm, Fancy Bear, Iron Twilight, and Pawn. [...]

Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times. [...]

Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. [...]

Huntress Labs R&D Director Jamie Levy busts the old “Macs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it. [...]

Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages. [...]

The popular underground market traded in drugs, stolen data, forged documents and more -- raking in billions in Bitcoin. [...]

This fresh malware strain extends the functionality of typical trojans with advanced functionality and a series of modules for launching various types of threat activity. [...]

The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit. [...]

Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia. [...]