Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively. [...]

A custom "SparrowDoor" backdoor has allowed the attackers to collect data from targets around the globe. [...]

Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid. [...]

Domain names are often brands' most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection. [...]

It's the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure. [...]

The issue lies in a parental-control function that's always enabled by default, even if users don't configure for child security. [...]

All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS. [...]

A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments. [...]

The action is the first of its kind in the U.S., as the government increases efforts to get a handle on cybercrime. [...]

"Time to find out who in your family secretly ran... [a] QAnon hellhole," said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security. [...]

Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses. [...]

“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years. [...]

Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities – some even years old. [...]

Organized crime ring thrived on violence, intimidation and $12 million in online fraud profits. [...]

Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out. [...]

APIs are immensely more complex to secure. Shadow APIs—those unknown or forgotten API endpoints that escape the attention and protection of IT¬—present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do. [...]

Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam. [...]

Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms. [...]

The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August. [...]

A spyware effort bent on stealing cookies and logins is being driven by unsophisticated attackers cashing in on the initial-access-broker boom. [...]

Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil's servers went belly-up on July 13. [...]

Imperva’s Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee, [...]

A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming. [...]

Threat actors dangled the lure of receiving funds from the $1 trillion infrastructure bill and created new domains mimicking the real federal site. [...]

On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit. [...]