In attacks against corporate networks, a new ransomware operation encrypts both Windows and Linux VMware ESXi servers. Researchers at MalwareHunterTeam, who tweeted various images of the gang's data leak site, discovered the new operation. Based on a…

HackerOne fired one of its employees for collecting bug bounties from customers after alerting them to vulnerabilities in their products. These vulnerabilities were discovered by other researchers and privately disclosed to HackerOne through its…

An NPM supply-chain attack that began in December 2021 to hack hundreds of websites and desktop applications used numerous malicious NPM modules with JavaScript code obfuscation. ReversingLabs researchers discovered that the threat actors behind this…

When enterprises migrate to the cloud, they become more reliant on Application Programming Interfaces (APIs) for core business operations. Most organizations have experienced at least one API-related attack in the last year, according to the findings of…

Iran's steel industry is being targeted by ongoing cyberattacks that have previously disrupted the country's rail system. Malware used in last week's crippling cyberattacks on Iranian steel plants is linked to an attack that shut down the country's rail…

Google recently announced the release of an emergency chrome update that patches an actively exploited zero-day vulnerability.  The flaw tracked as CVE-2022-2294 has been described as a heap buffer overflow in WebRTC.  An Avast Threat…

Recently accounts receivable management firm Professional Finance Company (PFC USA) started sending out data breach notification letters to patients of over 650 healthcare providers across the country.  The Northern Colorado-based company has…

Human error continues to be the most effective vector for network infiltrations and data breaches. The SANS Institute security center recently released its annual security awareness report based on data from 1,000 information security professionals,…

Microsoft recently released a private threat intelligence advisory informing organizations that a worm called Raspberry Robin is infecting hundreds of Windows networks.  The worm is spreading via infected USB devices.  The researchers noted…

Recently the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) selected the first-ever group of encryption tools that could potentially withstand the attack of a quantum computer.  The four selected encryption…

According to a survey conducted by Imprivata conducted by WBR Insights, healthcare cybersecurity leaders reported using multi-factor authentication (MFA), identity and access management (IAM), and privileged access management (PAM) solutions to reduce…

The German Federal Office for Information Security (BSI) has released an IT baseline protection profile for space infrastructure in response to concerns that attackers may turn their attention to the sky. The document resulted from work by Airbus Defence…