The largest school district in Iowa canceled a day of classes in January due to a cyberattack on their network. The same month, Tucson Unified School District, the largest pre-K-12 school district in southern Arizona, experienced a ransomware attack,…

Google recently announced significantly higher bug bounty rewards for vulnerability reports containing full chain exploits leading to a sandbox escape in Chrome.  Until December 1, 2023, the first report to contain a full chain exploit leading to a…

San Francisco uses an automated solution to train its 30,000 employees to recognize and report phishing attacks. According to Michael Makstman, the city and county's CISO, all employees receive at least one simulation per month. If the platform detects…

Splunk recently announced Splunk Enterprise security updates that resolve multiple high-severity vulnerabilities, including some impacting third-party packages used by the product.  The most severe of these is CVE-2023-32707, a privilege escalation…

Two eastern Idaho hospitals and their clinics are working to resume full operations after a cyberattack on their computer systems.  Officials with Idaho Falls Community Hospital stated that the cyberattack happened Monday, causing some clinics to…

The National Security Agency (NSA) is collaborating with several organizations to draw attention to the Democratic People's Republic of Korea's (DPRK) use of social engineering and malware to target think tanks, academic institutions, and the news media…

Camaro Dragon, a Chinese nation-state group, has been linked to another backdoor designed for its intelligence-gathering. Check Point researchers named the Go-based malware "TinyNote," stating that it is a first-stage payload capable of "basic machine…

Since at least November 2020, a previously unknown campaign involving the Horabot botnet malware has been targeting Spanish-speaking users in Latin America, infecting them with a banking Trojan and spam tool. The malware allows the operators to seize…

A sustained phishing campaign impersonating Israel's postal service has targeted Israeli engineering and telecommunications companies. According to research conducted by Perception Point, the phishing emails typically appear to be delivery notices…

Jiaming Xu, an associate professor at Duke University's Fuqua School of Business, and his coauthors explored how to keep data safe and private when using a new decentralized, collaborative way of training Artificial Intelligence (AI) models. Xu says…

The Python Package Index (PyPI), the official repository of third-party open source Python projects, will require two-factor authentication (2FA) for all project maintainers by the end of 2023. Supply chain attacks against the Python software repository…

The US Department of Energy (DOE) has announced the seventh selection for the Office of Cybersecurity, Energy Security, and Emergency Response's (CESER) University-Based Scalable Cyber-Physical Solutions Funding Opportunity Announcement (FOA). The…