More victims of the MOVEit hack have recently come to light, with a total of over 130 organizations and millions of individuals believed to be impacted.  Brett Callow, a threat analyst at cybersecurity firm Emisoft, stated that he is aware of 138…

The "Akira" ransomware operation now uses a Linux encryptor to encrypt VMware ESXi Virtual Machines (VMs) in double extortion attacks against companies globally. Akira first appeared in March 2023, targeting Windows systems in different industries,…

"Andariel," a threat actor aligned with North Korea, used "EarlyRat," a previously undocumented malware, in attacks exploiting the Log4j Log4Shell vulnerability. According to researchers, Andariel infects machines by executing a Log4j exploit, which then…

According to Rezilion, many popular generative Artificial Intelligence (AI) projects pose an increased security risk. Open source projects that use insecure generative AI and Large Language Models (LLMs) also have a poor security posture, resulting in a…

A former GitHub employee claims that a vulnerability in Node Package Manager (npm) could enable anyone to hide malicious dependencies and scripts within their packages. Npm, owned by GitHub, is used for sharing JavaScript code among over 17 million…

The Center for Cyber Law, Policy, and Security (Pitt Cyber), together with Pitt Information Technology (Pitt IT), recently held the sixth annual Air Force Associate (AFA) CyberCamp. The EQT Foundation and Grable Foundation, along with the Pitt Community…

The National Science Foundation (NSF) has awarded a $1.2 million grant to a team of researchers from Purdue University and Michigan State University to continue enhancing the security of cellular 911 calls. In the US, the Federal Communications…

In recent years, ransomware attacks have evolved into a persistent security risk. The inability to effectively respond to this challenge has normalized what should be intolerable: organized cybercriminals harbored by hostile states disrupting and…

The Cybersecurity and Infrastructure Security Agency (CISA) has released the first series of final security guidance resources under its Secure Cloud Business Applications (SCuBA) project: the Extensible Visibility Reference Framework (eVRF) Guidebook…

Cybercriminals frequently target software development and delivery supply chains. These environments can be used to compromise cloud deployments throughout the automated software development and delivery lifecycle. The National Security Agency (NSA) and…

Bitcoin is the most well-known cryptocurrency in the world today, but there are numerous others, each implementing a different set of technical features. To exchange one cryptocurrency for another, so-called "bridges" are used, which are typically…

New research conducted by Group-IB reveals that threat actors are increasingly compromising ChatGPT accounts. They may use this access to collect sensitive data and launch additional targeted attacks. According to Group-IB, ChatGPT credentials have…