Since at least May 2020, an unknown threat actor has been observed using a malicious Windows kernel driver in attacks likely targeting the Middle East. Fortinet Fortiguard Labs, which labeled the artifact WINTAPIX (WinTapix.sys), links the malware, with…

Rapid7 researchers have warned that a recently patched command injection vulnerability, tracked as CVE-2023-28771, affecting various Zyxel firewalls may soon be exploited in the wild. This warning comes after publishing a technical analysis and proof-of-…

Meta, the owner of Facebook and Instagram, was fined $1.3 billion by the Irish Data Protection Commission for violating the European Union's (EU) General Data Protection Regulation (GDPR). Meta violated the GDPR by transferring the personal data of EU…

Cybercriminals are launching "industrial-scale" email attacks against businesses at an increasing rate, using a malicious platform that has been around for years. Microsoft has brought further attention to the rapid adoption of platforms such as…

The Picus Red Report 2023, based on the analysis of over 550,000 active malware strains, uncovered more than 5 million malicious activities. In the report, researchers identified the top cybercriminal tactics used in 2022. The findings also highlighted…

The global market for commercial spyware is estimated to be worth about $12 billion, with 80 countries having purchased the technology over the last decade. Spyware is used for various purposes, enabling remote access to devices from anywhere in the…

The cybercrime group FIN7, which has previously used ransomware strains created by groups such as REvil and Maze, has added a new strain to its arsenal. Researchers from Microsoft's security team observed the group deploying the Clop ransomware in April…

Black Basta, a cybercrime group with ties to Russia, allegedly infiltrated the systems of the German automotive and weapons manufacturer Rheinmetall. The cybercriminals have added Rheinmetall, one of the world's leading weapons manufacturers, to a blog…

A man has recently been sentenced to 13 years and four months for running a multi-million-dollar fraud website that led to at least $124.2m being stolen globally.  Of this, $53.4m was taken from UK victims.  Law enforcement believes the actual…

The US Cybersecurity and Infrastructure Security Agency (CISA) recently warned Samsung smartphone users about a recently patched vulnerability being exploited in attacks.  The flaw is CVE-2023-21492, described as a kernel pointer exposure issue…

Researchers at Coventry University are helping people protect their privacy after finding excessive data collection by websites and apps. Citizen Scientists Investigating Cookies and App General Data Protection Regulation (GDPR) compliance (CSI-COP) is…

The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have disabled, until further notice, the ability for users to register and upload new packages. The volume of malicious…