According to security researchers at Guardio, threat actors have exploited a Salesforce zero-day vulnerability and abused Meta features in a sophisticated phishing campaign.  Attackers sent out legitimate-looking emails designed to lure targeted…

The Open Worldwide Application Security Project (OWASP) has released the "OWASP Top 10 for Large Language Model (LLM) Applications" list, which highlights the most critical vulnerabilities impacting LLM applications. The project aims to educate…

Researchers from the University College London (UCL) have discovered that humans cannot detect deepfake speech 27% of the time.  During the study, the researchers presented 529 individuals with genuine and deepfake audio samples and asked them to…

The National Security Agency (NSA) has issued a new Cybersecurity Technical Report (CTR) titled "Cisco Firepower Hardening Guide" to help network and system administrators configure these next generation firewalls (NGFWs). The CTR covers properly…

Tesla cars are vulnerable to a nearly irreversible jailbreak of their onboard infotainment systems, which would enable owners to gain access to a variety of paid in-car features for free. According to a team of researchers, the stolen benefits can range…

Microsoft reports that an Advanced Persistent Threat (APT) group with ties to Russia's Foreign Intelligence Service has used Microsoft Teams to launch phishing attacks against employees of dozens of global organizations. To host and execute their social…

Since June 2022, the hacktivist group Mysterious Team Bangladesh has been linked to more than 750 Distributed Denial-of-Service (DDoS) attacks and 78 website defacements. According to Group-IB, the group primarily targets logistics, government, and…

Hundreds of Citrix Netscaler ADC and Gateway servers have been compromised and backdoored in a series of attacks targeting a critical Remote Code Execution (RCE) flaw, tracked as CVE-2023-3519. The vulnerability has been exploited as a zero-day to breach…

According to security researchers at Sophos, CryptoRom, a notorious scam that combines fake cryptocurrency trading and romance scams, has taken a new twist by utilizing generative artificial intelligence (AI) chat tools to lure and interact with victims…

Call for Papers Special Collection: The Philosophy of Information Security Editors: David Pym and Jonathan Spring For this special collection, we solicit papers at the intersection of philosophy, information security, and philosophy of science. There…

Allegheny County recently released limited details on a data breach.  According to the county, they were affected by a global cybersecurity incident impacting the popular file transfer tool, MOVEit.  The county noted that the breach allowed a…

According to security researchers at Nozomi Networks, malware-related cyber threats in operational technology (OT) and Internet of Things (IoT) environments jumped tenfold year-on-year in the first six months of 2023.  The researchers noted that…