According to Sophos, the energy and water infrastructure sectors' median ransomware recovery cost has quadrupled to $3 million in a year. Sophos surveyed 5,000 cybersecurity and Information Technology (IT) leaders in 15 industries and 14 countries.

ESET researchers discovered an adware module that appears to block ads and malicious websites but stealthily offloads a kernel driver component that lets attackers run arbitrary code with elevated permissions on Windows hosts.

According to researchers at Wiz, SAP AI Core, a platform for developing, training, and running Artificial Intelligence (AI) services, has several vulnerabilities.

Selections by dgoff

A cybercriminal gang, tracked by researchers as "Revolver Rabbit," has registered over 500,000 domain names for infostealer campaigns targeting Windows and macOS systems. The threat actor uses Registered Domain Generation Algorithms (RDGAs).

According to a new report from the Department of Homeland Security's (DHS) Office of Inspector General (IG), the Coast Guard lacks staffing, training, authority, and cyber expertise to secure the US maritime supply chain.

"OilAlpha," a likely pro-Houthi threat group, used Android spyware to steal data from at least three humanitarian organizations in Yemen.

Google has officially introduced the Coalition for Secure AI (CoSAI) to address Artificial Intelligence (AI) cybersecurity risks.

According to OpenSSF and the Linux Foundation, attackers are always finding and exploiting software vulnerabilities. However, many developers lack the necessary knowledge and skills to successfully implement secure software development.

A suspected technical issue at cybersecurity vendor CrowdStrike is causing mass IT outages across the world, disrupting critical sectors such as airlines, banks, media and retailing.

Mandiant researchers report a rise in attacks by the Chinese government-backed hacking group "APT41" against shipping, logistics, technology, and automotive organizations in Europe and Asia.

According to security researchers at the Identity Theft Resource Center (ITRC), the number of US data breach victims in Q2 2024 increased annually by over 1000%, despite a 12% decrease in the actual number of incidents in those three months.