Security Bulletin

Cybernews reports that major cybercrime forum Cracked.io has resumed operations under the new Cracked[.]sh domain over two months after it was sequestered alongside three other dark web marketplaces as part of the international law enforcement effort...

Stealthier Tycoon2FA phishing kit appears as PhaaS platforms fuel SVG exploitation Threat detection and endpoint security systems are being better evaded by a new iteration of the Tycoon2FA phishing-as-a-service kit, reports BleepingComputer.

DigitalOcean executives describe how they automated and streamlined many of the identity and access management functions that had been previously handled manually.

A threat actor has claimed responsibility for the alleged politically motivated attack and has uploaded the stolen data to a Dark Web forum.

The $40 million startup was relying on manpower in the Philippines to run the so-called "AI" tool.

A new PowerShell backdoor and persistence technique that hijacks TypeLib were discovered.

Nations continue to sign the Code of Practice for States in an effort to curb commercial spyware, yet implementation and enforcement concerns have yet to be figured out.

The threat actor, also known as Goffee, has been active since at least 2022 and has changed its tactics and techniques over the years while targeting Russian organizations.

PAN points out that to date, the brute-force attacks have not led to exploitation.

The most damaging attacks continue to be ransomware, but financial fraud claims are more numerous — and both are driven by increasing third-party breaches.

With $4.4 billion in worldwide data breach fines in 2024, the cost of not knowing who's walking into your systems is devastating.