An EMA survey of 129 software development professionals revealed that only 10 percent of organizations using code scanning tools prevented a higher percentage of vulnerabilities than those not using such tools. Continuous training significantly improved…

Researchers at Bitdefender warn of a new wave of attacks exploiting known Microsoft Exchange vulnerabilities. At the end of November 2022, researchers observed an uptick in attacks involving ProxyNotShell/OWASSRF exploits targeting on-premises Microsoft…

ChatGPT has made some poor attempts to be a journalist and a therapist, but could it be a good student?  Professor Christian Terwiesch from the Wharton School of the University of Pennsylvania believes it can.  After Terwiesch proctored a final…

LastPass' parent company GoTo has revealed that attackers stole customers' encrypted backups during a recent breach. LastPass initially confirmed the breach on November 30, 2022. At the time, the LastPass chief executive Karim Toubba stated that an…

Hook is an Android banking Trojan that can take remote control of mobile devices. The Trojan, which the cybersecurity company ThreatFabric identifies as an improved variant of the existing Ermac Trojan, can carry out an entire attack chain, from…

A security researcher recently published technical details on an Arm Mali GPU vulnerability leading to arbitrary kernel code execution and root on Pixel 6 phones using a malicious app installed on the targeted device.  The vulnerability is tracked…

Apple’s product security response team recently rolled out patches to cover numerous serious security vulnerabilities affecting users of its flagship iOS and macOS platforms.  Apple warned that the most serious documented vulnerabilities affect…

Palo Alto Networks recently warned of an increase in cyberattacks targeting CVE-2021-35394, a remote code execution (RCE) vulnerability in the Realtek Jungle SDK.  The vulnerability was disclosed in August 2021, and the vulnerability impacts…

According to Russia's largest internet service provider, Russian organizations were deluged with web and DDoS attacks last year in a bid to disrupt operations, deface websites, and "sow panic." Rostelecom said in a new report that in 2022 it recorded "a…

A 15-year-old Python vulnerability has impacted hundreds of thousands of open-source projects over the course of its existence. The vulnerability, tracked as CVE-2007-4559, is a path traversal flaw in the extract and extractall functions of the Python…

Multiple organizations have been hit by the recent Mailchimp data breach, with some already notifying their customers. Mailchimp, a popular email marketing and newsletter creation platform, revealed facing a data breach that exposed the personal…

Malicious employees have been found to be responsible for 20 percent of security incidents. Attacks carried out by insiders are 10 times larger, on average, than those carried out by external actors. All organizations should monitor marketplaces,…