Researchers at Ermetic discovered and disclosed a Cross-Site Request Forgery (CSRF) flaw impacting multiple Microsoft Azure services. The flaw would allow an attacker to take control of and remotely execute code on the victim's application. The flaw…

Findings from a survey conducted by the cybersecurity and data backup company Datto suggest that small to medium-sized businesses (SMBs) are aware of growing cyber threats and are increasingly dedicating resources and investing in areas such as…

Hackers gained access to an internal customer support and account administration tool at the email marketing provider MailChimp, allowing threat actors to access the data of 133 customers. According to MailChimp, the attackers obtained employee…

New research suggests that the motive of financial and political gain, partially fueled by the ongoing conflict in Ukraine, has prompted threat actors to target Industrial Control Systems (ICS) with more disruptive cyberattacks, thereby diversifying the…

There has been an increase in cybercriminals' use of malicious LNK files as a point of entry to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts demonstrated that it is possible to identify…

Researchers at the University of Waterloo and the Rochester Institute of Technology (RIT) have developed a new authentication method to help Blind and Low-Vision (BLV) people access their devices more securely. The method called OneButtonPIN allows BLV…

The security of the RSA protocol relies on the current absence of an efficient algorithm to factorize large numbers. Cryptographic protocols require the adversary to factorize a very large number to decrypt a message, which is currently impossible. The…

According to a Non-Fungible Token (NFT) influencer known as "NFT God" on social media, a Google Ads-delivered malware attack cost them thousands of dollars in NFTs and cryptocurrency. The influencer stated that their livelihood was violated by the attack…

Application Programming Interfaces (APIs) are used in all of today's software, including the software in newer vehicles. This dependency has already resulted in critical vulnerabilities involving car owners' Personally Identifiable Information (PII), GPS…

The University of Texas at Austin blocked TikTok from its IT network on Wednesday under an earlier order by Gov. Greg Abbott banning the short-form video app from state-managed electronic resources.  This makes it impossible for users of TikTok to…

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) warns of a collection of vulnerabilities in the widely deployed CONPROSYS Human-Machine Interface (HMI) software that could allow an unauthenticated, remote…

Experts warn of the potential exploitation of two critical vulnerabilities found in Netcomm routers. The vulnerabilities, tracked as CVE-2022-4873 and CVE-2022-4874, are stack-based buffer overflow and authentication bypass flaws. Both vulnerabilities…