A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs. [...]

Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes. [...]

Exploring what's next for public-cloud security, including top risks and how to implement better risk management. [...]

Fortinet's Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams. [...]

For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits. [...]

Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. [...]

Wyze ignored a vulnerability in its home security cameras for three years. Bitdefender, who discovered the vulnerability, let the company get away with it. In case you’re wondering, no, that is not normal in the security community. While experts tell me that the concept of a “responsible disclosure …

The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit. [...]

A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges. [...]

QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch. [...]

The so-called 'Spring4Shell' bug has cropped up, so to speak, and could be lurking in any number of Java applications. [...]

The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more. [...]

The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine. [...]

Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing. [...]

The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques. [...]

The security vendor's appliance suffers from an authentication-bypass issue. [...]

The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant. [...]

Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February. [...]

A patch fixes exploit hidden in Elden Ring that traps PC players in a ‘death loop.’ [...]

"Evolving intelligence" shows Russia amping up for cyber-war in response to Ukraine-related sanctions, the White House said -- but researchers warn that many orgs are not prepared. [...]

The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said. [...]

My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital …

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module. [...]

Five percent of the databases are vulnerable to threat actors: It's a gold mine of exploit opportunity in thousands of mobile apps, researchers say. [...]

It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck. [...]