Sophisticated threat groups are increasingly compromising Managed Service Providers (MSPs) and launching supply chain attacks against their small and medium-sized downstream customers. The analysis of data from more than 200,000 small and medium-sized…

In 2022, the cybersecurity firm Group-IB identified nearly 3,700 different phishing kits, a 25 percent increase from 2021. A phishing kit is a collection of tools used to execute widespread phishing campaigns. Typically, threat actors manage stolen data…

Delaware's transportation department, which controls more than 90% of roads in a state with the lowest average elevation in the country, is tasked with implementing evacuation plans during high water, which is a bureaucratic nightmare considering how…

A critical Application Programming Interface (API) vulnerability in the Expo open source framework enabled the harvesting of auth credentials via the Open Authorization (OAuth) protocol. According to researchers at Salt Labs, the vulnerability, while…

DevOps platform GitLab recently resolved a critical-severity vulnerability impacting both GitLab Community Edition (CE) and Enterprise Edition (EE).  An open source end-to-end software development platform, GitLab helps developers and organizations…

During the 44th Symposium on Security and Privacy, the Institute of Electrical and Electronics Engineers (IEEE) gave two "Test of Time" awards to papers co-authored by faculty members at Carnegie Mellon University's (CMU) CyLab Security and Privacy…

Google has announced the 0.1 Beta version of GUAC, which stands for Graph for Understanding Artifact Composition. It will help organizations secure their software supply chains. The search giant is making the open source framework available as an…

A new ransomware operation, "Buhti," targets Windows and Linux systems using leaked code from the LockBit and Babuk ransomware families. Although the threat actors behind Buhti, now tracked as "Blacktail," have not developed their own ransomware strain,…

Researchers at Inky have discovered a phishing campaign designed to steal business email account credentials by impersonating OpenAI, the company behind the ChatGPT Artificial Intelligence (AI)-driven chatbot. ChatGPT has rapidly gained popularity and is…

An investigation conducted by Microsoft reveals that China-backed threat actors have established persistent access to telecommunications networks and other critical infrastructure targets in the US for espionage and, potentially, to disrupt…

As part of a new national center, UC Santa Cruz (UCSC) researchers will play an important role in protecting US transportation systems from cyber threats. Researchers at UCSC will focus on enhancing the Artificial Intelligence (AI) systems powering…

AT&T recently patched a vulnerability that would have allowed anyone to hijack someone's account on the telecommunications company's official website by using the account holder's phone number and ZIP code. Joseph Harris, a cybersecurity researcher,…