IBM Security's X-Force Threat Intelligence Index for 2023 found that education, sixth on the list of ten evaluated industries, accounted for 7.3 percent of all cybersecurity incidents in 2022, up from 2.8 percent of all incidents in 2021. IBM Security…

To address a critical vulnerability, Cisco has released security updates for its IP Phone 6800, 7800, 7900, and 8800 Series products. The flaw, tracked as CVE-2023-20078, is a web-based management interface command injection vulnerability. Insufficient…

Cryptocurrency hardware firm Trezor has recently acknowledged an ongoing multi-channel phishing campaign designed to trick customers into granting access to their wallets.  According to the firm, the attackers contact the victims via phone call, SMS…

According to a new law that went into force yesterday, Russian government officials will no longer be able to use messaging apps developed and run by foreign companies.  The new law applies to government agencies and organizations.  The law…

Consumer drones have become potential war tools since they can perform high-altitude surveillance, conduct reconnaissance, and even launch weapons, all while their operator is safely hidden as far as miles away. However, hackers have found that for…

Salt Security has revealed new threat research highlighting critical security vulnerabilities discovered on the website of Booking Holdings, a popular hotel booking service. The flaws stem from how the site's designers implemented the Open Authorization…

The White House has revealed its National Cybersecurity Strategy, outlining a comprehensive plan for enhancing digital security nationwide. The plan is based on five pillars: minimum cybersecurity requirements for critical infrastructure, offensive cyber…

British high street chain WH Smith has revealed recently that it was hit by a cyberattack that resulted in the theft of company data.  In particular, the stationery and book chain said current and former employee data was accessed by the threat…

The APT27 hacking group, also known as "Iron Tiger," has developed a new Linux version of its SysUpdate custom remote access malware, enabling the Chinese cyber espionage group to target a wider range of enterprise-level services. According to a recent…

Redis is an open-source data structure store used as a distributed in-memory database, cache, and message broker. Redis servers are intended to be accessed only by trusted clients in trusted environments. However, they are often found to be accessible…

A malicious Python package uploaded to the Python Package Index (PyPI) was discovered to have a fully-functional information stealer and Remote Access Trojan (RAT). The package named "colourfool" was found by Kroll's Cyber Threat Intelligence team, who…

As companies increasingly require more robust security for their employees and customers, attackers are getting better at bypassing multi-factor authentication (MFA), resulting in steady compromises. While there are multiple ways to circumvent the…