Let's blame the victim. IT decision makers' confidence about security doesn't jibe with their concession that repeated incidents are their own fault, says ExtraHop's Jamie Moles. [...]

The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things. [...]

The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks. [...]

Customers aren't locking down access correctly, leading to ~70 percent of ServiceNow implementations tested by AppOmni being vulnerable to malicious data extraction. [...]

Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China's Mustang Panda targeting Europe. [...]

The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug. [...]

While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks. [...]

NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. [...]

Both vulnerabilities are use-after-free issues in Mozilla's popular web browser. [...]

Notes threatening to tank targeted companies' stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL. [...]

Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists. [...]

A military email address was used to distribute malicious email macros among EU personnel helping Ukrainians. [...]

Stock the liquor cabinet and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.” [...]

The decryptor spilled by ContiLeaks won’t work with recent victims. Conti couldn't care less: It's still operating just fine. Still, the dump is a bouquet’s worth of intel. [...]

The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations. [...]

The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations. [...]

Microsoft detected cyberattacks launched against Ukraine hours before Russia’s tanks and missiles began to pummel the country last week. [...]

Malicious emails warning Microsoft users of "unusual sign-on activity" from Russia are looking to capitalizing on the Ukrainian crisis. [...]

A pro-Ukraine Conti member spilled 13 months of the ransomware group's chats, while cyber actors are rushing to align with both sides. [...]

The plants will shut down on Tuesday, halting about a third of the company’s global production. Toyota doesn’t know how long the 14 plants will be unplugged. [...]

The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs – including crooks' favorites, ProxyShell and ProxyLogon – as initial infection vectors. [...]

The options reportedly included tampering with trains, electric service and internet connectivity, hampering Russia's military operations in Ukraine. [...]

The SEO poisoning bot, capable of full system takeover, is actively taking over social media accounts, masquerading as popular games like Temple Run. [...]

Demand for public Wi-Fi is on the rise. Usually free of charge, but there is a risk of expensive losses. Learn ways to protect yourself from cyber-threats. [...]

A targeted phishing attack takes aim at a major U.S. payments company. [...]