Even if the app is not installed or in use, threat actors can use it to spread malware through email campaigns and take over victims’ machines, new research has found. [...]

Usage is way up, but so are cyberattacks: Mobile phishing, malware, banking heists and more can come from just one wrong scan. [...]

CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs. [...]

Attacks dubbed ‘Fajan’ by researchers are specifically targeted and appear to be testing various threat techniques to find ones with the greatest impact. [...]

Enlarge (credit: Getty Images ) Hackers have compromised more than 120 ad servers over the past year in an ongoing campaign that displays malicious advertisements on tens of millions, if not hundreds of millions, of devices as they visit sites that, by all outward appearances, are benign. Malvertising is the …

The malware seems like a silly coding lark at first, but further exploration shows it can wreak serious damage in follow-on attacks. [...]

Our new eBook goes beyond the status quo to take a look at the evolution of ransomware and what to prepare for next. [...]

Two cyberattack campaigns are making the rounds using unique social-engineering techniques. [...]

Widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more. [...]

Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections. [...]

A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said. [...]

The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices. [...]

Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered. [...]

Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw. [...]

In a veritable cyber-SWAT action, the Feds remotely removed the infections without warning businesses beforehand. [...]

Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains. [...]

Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains. [...]

US justice department says bureau hacked devices to remove malware from insecure software The FBI has been hacking into the computers of US companies running insecure versions of Microsoft software in order to fix them, the US Department of Justice has announced. The operation, approved by a federal court …

Researchers measured 648 new malware threats every minute during Q4 2020. [...]

Attackers are filling out and submitting web-based "contact us" forms, thus evading email spam filters. [...]

Enlarge (credit: Getty Images) A newly discovered cryptomining worm is stepping up its targeting of Windows and Linux devices with a batch of new exploits and capabilities, a researcher said. Research company Juniper started monitoring what it’s calling the Sysrv botnet in December. One of the botnet’s …

Cybercriminals are encouraging users to send the "offers" via WhatsApp to their friends as well. [...]

A widespread email campaign using malicious Microsoft Excel attachments and Excel 4 macros is delivering IcedID at high volumes, suggesting it's filling the Emotet void. [...]

One Discord network search turned up 20,000 virus results, researchers found. [...]

Saryu Nayyar, CEO at Gurucul, discusses the new Cold War and the potential for a cyberattack to prompt military action. [...]