The European Commission has recently publicized new liability rules on digital products and artificial intelligence (AI) in order to protect consumers from harm, including in cases where cybersecurity vulnerabilities fail to be addressed.  The two…

Mandiant has released a report detailing novel malware that attacks VMware hypervisors, stating that the state-sponsored hackers behind it may be shifting their targets from workstations to virtual environments where Endpoint Detection and Response (EDR…

GoSecure researchers have found that a person's country of residence influences the strength of their password selection. They discovered four primary macro-social factors that strongly correlate with positive password performance, which is measured by…

The Matrix decentralized communication platform has issued a security alert regarding two critical-severity vulnerabilities in the Software Development Kit's (SDK) end-to-end encryption. The exploitation of these flaws could allow a threat actor to…

In its attacks against Middle Eastern governments, an espionage-focused threat actor has been observed using a steganographic tactic to hide a previously unknown backdoor in a Windows logo. Broadcom's Symantec Threat Hunter Team attributed the updated…

The GSMA has announced the formation of the GSMA Post-Quantum Telco Network Taskforce, with IBM and Vodafone as initial members, to help in the definition of policy, regulation, and operator business processes for enhanced telecommunications protection…

Phishing remains the most common type of cyberattack. The Anti-Phishing Working Group observed the most phishing attacks in history in the first quarter of 2022, as the quarterly volume of attacks surpassed 1 million for the first time. Organizations…

A long-desired holy grail in cryptography is about to change the way sensitive data is protected. Existing standard encryption schemes are all-or-nothing as data is inaccessible to anyone who does not have the secret key once it is scrambled. This has…

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.

The author of node-ipc, a software library with over a million downloads weekly, deliberately broke their code in March 2022. If the code detects that it is being executed within Russia or Belarus, it attempts to replace the contents of every file on the…

The US Treasury Department's Federal Insurance Office (FIO) wants to know if a national cyber insurance program should enforce that policyholders implement basic cybersecurity measures. In a request for comment set to be published in the Federal Register…

Security researchers at Cisco Talos discovered a malicious campaign in August 2022 that relied on modularized attack techniques to deliver Cobalt Strike beacons and used them in follow–on attacks.  The researchers stated that the threat actors…