Following the discovery that thousands of US Congress staffers could be vulnerable to account hijacking and phishing, security experts have repeatedly warned against using work email addresses to sign up for third-party sites.

According to the Cybersecurity and Infrastructure Security Agency (CISA), a critical authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM) has now been exploited by threat actors in the wild.

The US House Homeland Security Committee Republicans have recently unveiled a new bill aimed at addressing the growing cyber threats posed by state-sponsored Chinese actors targeting US critical infrastructure.

A security researcher recently launched a project with the goal of showing that physical access control vulnerabilities still impact many organizations.

HP intercepted an email campaign involving a standard malware payload delivered via an Artificial Intelligence (AI)-generated dropper.

Mobile banking users worldwide are at risk from "Octo2," a new, advanced "Octo" malware variant. ThreatFabric analysts say Octo malware is one of the most widespread mobile threats in recent years.

The cyber espionage malware called "RomCom," which targeted the Ukraine military and its supporters last year, has returned with a new variant. It uses valid code-signing certificates to evade detection.

CyberDanube, an Austrian industrial cybersecurity company, says hackers can take control of Riello Uninterruptible Power Supply (UPS) devices by exploiting unpatched vulnerabilities.

North Korea-linked threat actors are using poisoned Python packages to spread "PondRAT" malware as part of an ongoing campaign.

An infostealer malware operation spanning 30 campaigns targeting different demographics and system platforms has been attributed to "Marko Polo," a cybercriminal group.

The cybersecurity community started warning about remote hacker attacks on Automatic Tank Gauge (ATG) systems nearly a decade ago, but critical vulnerabilities remain.

SentinelLabs presented research at LABScon 2024 that brought attention to the resurfacing of "Kryptina," a Ransomware-as-a-Service (RaaS) tool, in enterprise attacks.