Security Bulletin

Security pros say using Windows backdoor in a malvertising campaign could expose companies to other malware attacks.

The threat group is best known for its sustained campaign against Ukrainian targets and infrastructure.

The missing ingredient in NIST's newest cybersecurity framework? Recovery.

Industry leaders aim to solve the threat to both the mental health of workers and security of organizations with solutions that recognize the enormous pressures facing cybersecurity professionals.

The House has approved the bipartisan Fourth Amendment Is Not For Sale Act, which seeks to bolster data privacy protections by prohibiting the warrantless acquisition of electronic and remote computing service providers' customer information among...

Cybernews reports that U.S. health provider Cherry Health had data from 185,000 patients compromised following a ransomware attack in December.

Operations at the New York Legislative Bill Drafting Commission have been disrupted by a cyberattack against its bill drafting system on Wednesday that coincided with the ongoing finalization of state budget bills, reports The Associated Press.

BlackBerry researchers disclosed that a major U.S.-based multinational automaker had been targeted by the FIN7 hacking group in a spear-phishing attack late last year that sought to facilitate systems compromise with the Anunak malware...

The United Nations Development Programme has confirmed having its locally hosted server targeted by a ransomware attack that resulted in data exfiltration two weeks after the 8Base ransomware gang laid claim on the intrusion while exposing some of...

Reuters reports that mounting Russian online influence campaigns have been deployed to target the upcoming U.S. presidential polls during the past month and a half, with malicious activity expected to further escalate in the coming months.

Attacks exploiting a critical SQL injection vulnerability impacting Fortinet FortiClient EMS devices, tracked as CVE-2023-48788, have been launched to facilitate the deployment of the ScreenConnect software and Metasploit Powerfun script as part of a...

BleepingComputer reports that vulnerable TP-Link Archer AX21 routers impacted by the year-old high-severity unauthenticated command injection flaw, tracked as CVE-2023-1389, have been targeted by at least six botnets.