A new malware campaign delivers "Hijack Loader" artifacts signed with legitimate code-signing certificates. Researchers at HarfangLab detected the activity, noting that the attack chains aim to deploy the "Lumma" infostealer.

Intel and AMD have responded to security researchers' discoveries of new attack methods called "TDXDown" and "CounterSEVeillance" that target Trust Domain Extensions (TDX) and Secure Encrypted Virtualization (SEV) technology.

North Korean hackers are infecting financial institutions' payment switch systems with a new Linux variant of "FASTCash" to withdraw cash.

Shawn Merdinger, a cybersecurity researcher, found that many organizations whose door access controllers he analyzed failed to protect them from hacker attacks.

The Volkswagen Group has recently made a public statement after a known ransomware group claimed to have stolen valuable information from the carmaker's systems.

Code hosting platform GitHub has recently released patches for a critical severity vulnerability in the GitHub Enterprise Server that could lead to unauthorized access to affected instances.

Automattic recently announced patches for 101 versions of the popular WordPress security plugin Jetpack to resolve a critical severity vulnerability introduced in 2016.

Splunk recently announced fixes for 11 vulnerabilities in Splunk Enterprise, two of which are high-severity bugs leading to remote code execution on Windows systems.

According to a new study by Sophos, a shortage of cybersecurity expertise and capacity in global SMBs is fueling talent burnout and creating new opportunities for threat actors.

Between June 2023 and April 2024, security researchers at Zscaler discovered over 200 malicious apps on Google Play, which is nominally a safer platform for Android downloads than third-party app stores.

Researchers at Checkmarx have discovered that threat actors could abuse entry points across PyPI, npm, Ruby Gems, and other programming ecosystems to stage software supply chain attacks.

Researchers at the Georgia Institute of Technology (Georgia Tech) have developed a new tool named "Detector of Victim-specific Accessibility" (DVa) to check for malware on Android phones.