Threat actors are using a new attack method involving specially crafted Management Saved Console (MSC) files to gain full code execution through Microsoft Management Console (MMC) and dodge security defenses.

A polyfill.io supply chain attack has affected over 100,000 websites after a Chinese company bought the domain and the script was modified to redirect users to malicious websites.

Etay Maor, Chief Security Strategist at Cato Networks, provides his insights into threat actors faking data breaches. Most likely, hackers sell fake data to make more money, according to Maor.

The Shadowserver Foundation warns that botnet attacks are exploiting a recently disclosed critical-severity vulnerability in discontinued Zyxel NAS devices. The code injection flaw can be exploited remotely without authentication.

New fraud campaigns have used the "Medusa" banking Trojan, also known as "TangleBot." Cleafy researchers recently reported that this sophisticated malware family, first discovered in 2020, has returned with significant changes.

The "Thales 2024 Cloud Security Study" found that 44 percent of organizations have had a cloud data breach, with 14 percent having experienced one in the past 12 months.

Researchers at Google's Project Zero introduced "Naptime," a framework to allow Large Language Models (LLMs) to perform vulnerability research.

Researcher Harish Santhanalakshmi Ganesan demonstrated the delivery of malware to Meta's Quest 3 headset. He took on claims that it is almost impossible to install malware on Quest 3 VR, and did it without enabling developer mode.

Indonesia’s national data center has recently been compromised by a hacking group asking for a $8 million ransom that the government won’t pay.

High-end department store Neiman Marcus recently disclosed a data breach shortly before a hacker offered to sell information belonging to the company's customers.

Google recently announced a new Chrome security update that addresses four high-severity memory safety vulnerabilities reported by external researchers.

Cryptocurrency portfolio manager CoinStats recently resumed activity after hackers drained over $2 million in virtual assets from 1,590 hosted wallets.