The Costa Rican government has experienced another ransomware attack just months after many of its departments were disrupted by hackers deploying the Conti ransomware in a widespread attack. Costa Rica's Ministry of Public Works and Transport (MOPT)…

Drupal recently announced software updates that resolve four vulnerabilities in Drupal core and three plugins, which could lead to unauthorized access to data.  The company noted that the Drupal core issue exists because the Media Library module…

Researchers have uncovered a new, massive attack on the Internet advertising ecosystem that has affected millions of users, robbed hundreds of companies, and may have garnered substantial money for its perpetrators. The attack, called Vastflux, was…

FBI chief Christopher Wray has recently expressed concerns about China’s artificial intelligence program, which he says is “not constrained by the rule of law.” Wray noted that he is “deeply concerned” that Beijing could use its advancements in AI to…

Security researchers at Sec Consult have discovered several vulnerabilities described as having a critical and high impact, including ones allowing unauthenticated remote code execution, in OpenText's enterprise content management (ECM) product.  …

T-Mobile has revealed that it experienced a new data breach after a threat actor exploited one of its Application Programming Interfaces (APIs) and stole the personal information of 37 million active postpaid and prepaid customer accounts. T-Mobile did…

Researchers from Mandiant reported that Chinese threat actors exploited the recently patched FortiOS SSL-VPN flaw, CVE-2022-42475, as a zero-day. According to the security company, the vulnerability was used in attacks against multiple targets, including…

The Computer Emergency Response Team of Ukraine (CERT-UA) has attributed the wiper attack on Ukrinform that occurred on January 17 to Russia's Main Directorate of the General Staff of the Armed Forces (GRU). According to CERT-UA, the malicious actors…

Gamaredon, a Russian state-sponsored cyber espionage group, has maintained its digital aggression against Ukraine, with new operations involving the popular messaging app Telegram to target the country's military and law enforcement. The BlackBerry…

Nearly 35,000 PayPal user accounts were compromised in a recent credential stuffing attack, exposing personal information that could be used to fuel future attacks. PayPal's breach disclosed that the attack began on December 6, 2022, and continued until…

The best paper award at the 2022 IEEE International Conference on Trust, Privacy, and Security in Intelligent Systems and Applications went to a Machine Learning (ML) framework that detects security flaws without the computational overhead of traditional…

Researchers at Avanan report that attackers have found a means to circumvent antivirus services such as VirusTotal by embedding malware in "blank images" in emails. According to the researchers, hackers can use this method to target nearly anyone. As…