Researchers at Elastic Security Labs have discovered design flaws in Microsoft's Windows Smart App Control and SmartScreen.

Eighty-six percent of firms say unknown organizational cyber risks are a top concern, according to the "Critical Start 2024 Cyber Risk Landscape Peer Report." The report found that 66 percent of businesses have limited insight into their cyber ri

According to researchers at Volexity, the Advanced Persistent Threat (APT) group "StormBamboo" compromised an Internet Service Provider (ISP) to poison Domain Name System (DNS) queries and deliver malware to organizations.

Researchers from the Graz University of Technology have published a paper on "SLUBStick," a new Linux kernel exploitation technique that makes heap vulnerabilities increasingly dangerous.

According to a team of researchers from the University of Tokyo and NTT Security, attackers can conceal their malicious injection activity by inserting commands into the machine code stored in memory by the software interpreters that many programming l

According to Proofpoint, threat actors have been using Cloudflare Tunnels to deliver different Remote Access Trojan (RAT) families.

The SANS Internet Storm Center reported that new Mirai botnet variants are targeting the open source Enterprise Resource Planning (ERP) framework OFBiz. The Apache Foundation supports OFBiz, a Java-based framework for creating ERP applications.

Attackers have been pushing fake ads to lure users into downloading the popular Google Authenticator Multi-Factor Authentication (MFA) app, which actually leads to downloading malware on GitHub.

According to Checkmarx researchers, threat actors uploaded malicious Python packages to the PyPI repository and promoted them on the online question-and-answer platform StackExchange.

According to Akamai, layer 7 Distributed Denial-of-Service (DDoS) attacks on the gaming industry have increased 94 percent over the past year.

According to Picus Security, 40 percent of tested environments enabled attack paths leading to domain admin access.

Over 35,000 registered domains have been hijacked in "Sitting Ducks" attacks. These attacks enable a domain to be claimed without access to the owner's account at the Domain Name System (DNS) provider or registrar.