Security threats demand swift action, which is why AWS Security Incident Response delivers AWS-native protection that can immediately strengthen your security posture. This comprehensive solution combines automated triage and evaluation logic with your security perimeter metadata to identify critical issues, seamlessly bringing in human expertise when needed. When Security …
Ads prominently displayed on search engines are impersonating a wide range of online services in a bid to infect Macs with a potent credential stealer, security companies have warned. The latest reported target is users of the LastPass password manager. Late last week, LastPass said it detected a widespread …
A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. [...]
The Royal Canadian Mounted Police has shut down the TradeOgre cryptocurrency exchange and seized more than $40 million believed to originate from criminal activities. [...]
Two of the Kremlin’s most active hacking units recently were spotted collaborating in malware attacks that compromise high-value devices located in Ukraine, security researchers said Friday. One of the groups is Turla, which is easily one of the world’s most sophisticated advanced persistent threats (well-organized and well-funded …
The FBI warned today that cybercriminals are impersonating its Internet Crime Complaint Center (IC3) website in what the law enforcement agency described as "possible malicious activity." [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). [...]
Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks. [...]
Ransomware remains one of the most destructive threats—because defenses keep failing. Picus Blue Report 2025 shows prevention dropped to 62%, while data exfiltration prevention collapsed to just 3%. [...]
Federal prosecutors charged a UK teenager with conspiracy to commit computer fraud and other crimes in connection with the network intrusions of 47 US companies that generated more than $115 million in ransomware payments over a three-year span. A criminal complaint unsealed on Thursday (PDF) said that Thalha Jubair …
The face-palm-worthy prompt injections against AI assistants continue. Today’s installment hits OpenAI’s Deep Research agent. Researchers recently devised an attack that plucked confidential information out of a user’s Gmail inbox and sent it to an attacker-controlled web server, with no interaction required on the part of …
Two teenagers, believed to be linked to the August 2024 cyberattack on Transport for London, have been arrested in the United Kingdom. [...]
The operators of the SystemBC proxy botnet are hunting for vulnerable commercial virtual private servers (VPS) and maintain an average of 1,500 bots every day that provide a highway for malicious traffic. [...]
Last week, a prominent US senator called on the Federal Trade Commission to investigate Microsoft for cybersecurity negligence over the role it played last year in health giant Ascension's ransomware breach, which caused life-threatening disruptions at 140 hospitals and put the medical records of 5.6 million patients into …
Microsoft 365's dominance and tight integration makes it a massive target in today's cyber landscape. Its tight integration expands the attack surface and amplifies risk. Learn from Acronis TRU why backup blind spots & lateral movement risks demand stronger defenses. [...]
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish malware. [...]
WatchGuard has released security updates to address a remote code execution vulnerability impacting the company's Firebox firewalls. [...]
Google has released emergency security updates to patch a Chrome zero-day vulnerability, the sixth one tagged as exploited in attacks since the start of the year. [...]
The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. [...]
New York-based venture capital and private equity firm Insight Partners is notifying thousands of individuals whose personal information was stolen in a ransomware attack. [...]
SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that impacted MySonicWall accounts. [...]
In our previous blog post (Part 1 of our key replication series), Automatically replicate your card payment keys across AWS Regions, we explored an event-driven, serverless architecture using AWS PrivateLink to securely replicate card payment keys across AWS Regions. That solution demonstrated how to build a custom replication framework …
Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company [...]
FinWise Bank is warning on behalf of corporate customers that it suffered a data breach after a former employee accessed sensitive files after the end of their employment. [...]
Academic researchers have devised a new variant of Rowhammer attacks that bypass the latest protection mechanisms on DDR5 memory chips from SK Hynix. [...]