APT36, also known as Earth Karkaddan, is a politically motivated Advanced Persistent Threat (APT) group believed to be operational since at least 2013 and composed of threat actors in Pakistan. In 2016, the group was found distributing information-…

Major oil terminals in some of Western Europe's biggest ports have been targeted in a cyberattack. Belgian prosecutors are investigating the hacking of oil facilities in the country's maritime entryways, including Europe's second-biggest port, Antwerp,…

A report released by WhiteSource details malicious activity discovered in npm, a popular JavaScript package manager widely used among developers. The report is based on findings from over 1,300 malicious npm packages identified in 2021. JavaScript…

The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.  Intuit is warning customers of a phishing campaign that threatens to close user…

Security researchers at Chainalysis have found that cybercriminals are making and laundering millions through non-fungible tokens (NFTs).  NFTs are technically unique records on a blockchain that are each linked to a piece of digital content.  …

The US Department of Homeland Security (DHS) has launched the Cyber Safety Review Board (CSRB), a public-private initiative aimed at bolstering the nation's cybersecurity by bringing government and industry leaders together. The CSRB was established as…

Sophos discovered malware called SolarMarker, a backdoor and information-stealing malware being spread through Search Engine Optimization (SEO) poisoning. SEO poisoning is a technique in which threat actors create malicious websites and use SEO…

Researchers at QNAP Sytems found a new ransomware variant called DeadBolt that is actively compromising unsecured Internet-connected Network-Attached Storage (NAS) devices, encrypting users' data for Bitcoin ransom. The DeadBolt ransomware campaign has…

Yet another cryptocurrency firm is offering a multimillion-dollar bug bounty reward to those who hacked it after suffering a cyber-heist worth an estimated $322m.  Wormhole operates what is known as a cross-blockchain bridge, enabling holders of…

Security researchers at Proofpoint found that multi-factor authentication (MFA) finally appears to have reached a tipping point of user adoption.  Security researchers have found that  79% of UK and US users deployed some kind of second-factor…

A researcher at the University of Kansas School of Engineering received the Faculty Early Career Development (CAREER) Program award from the National Science Foundation (NSF) in support of investigating how to improve the effectiveness of Security…

The Open Source Security Foundation (OpenSSF) has announced the Alpha-Omega Project, which is aimed at helping maintainers of the most critical open source projects identify and fix security vulnerabilities in their code, and improve their security…