Security Bulletin

Purportedly exclusive data stolen from The Washington Times is being sold by Rhysida for more than $304,000 worth of Bitcoin as part of an online auction that will open in a week.

Intrusions commenced with email bomb delivery and phone calls luring targets into downloading AnyDesk to facilitate the deployment of next-stage information-stealing payloads, including the AntiSpam.exe executable and SystemBC loader.

Attacks by both hacking operations mostly involved the delivery of malicious emails seeking a review of a purportedly encrypted PDF attachment, which seeks targets' password and two-factor authentication code to facilitate email access and online...

Intrusions aimed at exfiltrating credentials from nearly a dozen former and current U.S. officials and people associated with the campaigns of former President Donald Trump and President Joe Biden were conducted by APT42 between May and June.

The CrowdStrike incident highlighted the dangers of auto-updates – here’s how to set up a test lab for a patching strategy that will keep the organization safe.

Brain Cipher made a loud entry to the ransomware scene, but it doesn't seem to be quite as sophisticated as its accomplishment would suggest.

The idea of an international standard for “cyber deception” has turned into a contentious subject, and the UK government has taken up the challenge.

2024 saw a shakeup in the top six gangs, which account for half of all claimed breaches.

The attorney general for Texas sued General Motors, claiming that the automaker is illegally collecting and selling customer data from 1.5 million Texans.

NIST has made clear that while there’s no need to panic, organizations need to start making plans to transition to post-quantum cryptography.