Lazarus Group Striking Vulnerable Windows IIS Web Servers
The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers.
CosmicEnergy Malware Emerges Capable of Electric Grid Shutdown
Russian code that could tamper with industrial machines and toggle RTUs on and off was
Volt Typhoon Breaks Fresh Ground for ChinaBacked Cyber Campaigns
This is the first incident where a threat actor from the country appears to be
Google Cloud Bug Allows Server Takeover From CloudSQL Service
Researchers could access sensitive data and steal secrets by exploiting a vulnerability in GCPs security
Operation Magalenha Attacks Gives Window Into Brazils Cybercrime Ecosystem
A campaign against customers of Portuguese banks uses a capable financial malware strain dubbed PeepingTitle,
Dangerous Regions Isolating Branch Offices in HighRisk Countries
Organizations must be cautious about how they interact with other regions around the world in
Volt Typhoon ChinaBacked APT Infiltrates US Critical Infrastructure Orgs
According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up
Threat Actors Compromise Barracuda Email Security Appliances
The companys ESG appliances were breached, but their other services remain unaffected by the compromise.
Googles zip mov Domains Give Social Engineers a Shiny New Tool
Security professionals warn that Googles new top-level domains, .zip and .mov, pose social engineering risks
OAuth Flaw in Expo Platform Affects Hundreds of ThirdParty Sites Apps
A cybersecurity vulnerability found in an implementation of the social login functionality opens the door