Security Bulletin

Microsoft 365 and Gmail accounts have been increasingly targeted with attacks leveraging the new Tycoon 2FA phishing-as-a-service kit.

Top.gg GitHub organization, which is commonly leveraged for Discord servers, and other GitHub developers have been compromised in a new software supply chain attack campaign that involved browser cookie exfiltration and malicious PyPi package...

Attacks commenced with the delivery of malicious emails with PDF attachments linking to file-sharing site-hosted documents, which when opened fetches an MSI installer-containing ZIP archive that prompts Atera Agent installation.

Data memory-dependent prefetching can enable side-channel extraction of cryptographic secrets.

The Red Report shows the growing sophistication of threat actors to disable a target’s defenses.

Security pros say StrelaStealer uses control flow obfuscation — a technique that lets the threat actor better evade detection and reverse engineering.

Dark web marketplace Nemesis Market, which peddles cybercrime services in addition to illegal drugs and illicit goods, was reported by the German Federal Crime Police Office, or BKA, to have been dismantled following a more than a year-long law...

Federal organizations and other entities have been urged by the FBI, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center to proactively combat distributed denial-of-service attacks and be...

Health providers across the U.S. impacted by cyberattacks would be able to receive advanced payments from the Centers for Medicare & Medicaid Services as long as they meet minimum cybersecurity standards under new legislation introduced by Senate...

Nearly 60 cryptocurrency heists conducted by North Korean state-sponsored threat operations, including Lazarus Group, Kimsuky, and Andariel, from 2017 to 2023 that resulted in nearly $3 billion in losses have been subjected to a probe by a United...

U.S. global apparel and footwear company VF Corporation, which owns Vans, The North Face, and Supreme, emphasized that the December cyberattack that impacted data from 35.5 million customers did not include any bank information or credit card details...

TechCrunch reports that data allegedly stolen from AT&T three years ago that contained information from 73 million subscribers was confirmed to be authentic by Have I Been Pwned? administrator Troy Hunt after matching the exposed details with...