Security Bulletin

Attackers are using credentials stolen via phishing websites that purport to be legitimate securities company homepages, duping victims and selling their stocks before they realize they've been hacked.

Scalable, effective — and best of all, free — securing Kubernetes workload identity cuts cyber-risk without adding infrastructure, according to new research from SANS.

In a world where insider threats, nation-state adversaries, and technological evolution create new challenges, companies must prioritize transparency, ethical leadership, and a culture rooted in trust.

Ransomware prevention firm Halcyon has launched the Threat Research Incentive Program, offering up to $10,000 for verified intelligence on ransomware actors and tactics in what it calls the first bug bounty program focused exclusively on ransomware...

Security researchers have detailed the evolving tactics of the Russian-affiliated threat group Gamaredon, particularly its use of the PteroLNK variant within the Pterodo malware family, GBHackers reports.

Cyber Security News reports that a growing malware campaign is exploiting fake CAPTCHA pages to spread Lumma Stealer, a powerful information-theft tool marketed through malware-as-a-service platforms.

A fake version of the Alpine Quest app was used to discreetly spy on Russian military Android devices by harvesting personal data and geolocation details, Hack Read reports.

Industrial Cyber reports that cyberattacks against energy infrastructure are rapidly intensifying worldwide, with critical installations like nuclear facilities increasingly in the crosshairs of both cybercriminals and nation-state actors, according...

DevOps security firm Cycode has updated its application security posture management platform with agentic artificial intelligence and improvements to its CI/MON tool for improved code security, SiliconAngle reports.

Notorious cybercrime marketplace BreachForums was announced by its new owner "Anastasia" to be revived on Thursday following its disruption in a distributed denial-of-service attack by pro-Palestinian hacktivist group Dark Storm Team last week...

Officials at Baltimore City Public Schools have confirmed that over 1,150 students, as well as current and former employees, contractors, and volunteers, had their information stolen following a ransomware attack in February, according to The Record...

SecurityWeek reports that Milwaukee-based ambulance service provider Bell Ambulance and Alabama-based ophthalmology practice Alabama Ophthalmology Associates have disclosed being impacted by separate ransomware attacks that cumulatively compromised...