The Ragnar Locker ransomware gang exposed sensitive data from a Belgian police unit after mistaking it for the municipality of Zwijndrecht. Belgian media outlets called the data leak one of the biggest public service exposures in the country's history,…

Armorblox researchers detailed an attack in which the threat actor tricked victims with a fake invoice before bypassing Microsoft Office 365 email security, potentially compromising over 100,000 users. The researchers discovered and stopped this…

Security researchers at Fortinet have shared information on three new ransomware families named Aerst, ScareCrow, and Vohuk.  The researchers noted that the new ransomware targets Windows computers encrypts victim files, and demands a ransom payment…

Telstra, an Australian telecommunications company, has stated that an internal Information Technology (IT) error caused a data leak affecting hundreds of thousands of customers. On December 9, the company announced that it had discovered an error that…

The Google One Virtual Private Network (VPN) service is now available to Google One Premium members in over 20 countries. During the summer, NCC Group, an information assurance firm, conducted a security assessment of the Google One VPN service and…

Participants at the latest Pwn2Own competition discovered many zero-day vulnerabilities in a range of products.  The contest is run by Trend Micro’s Zero Day Initiative (ZDI).  During the competition, which lasted three days, contestants were…

Security researchers at Endor Labs have discovered that nearly all open source vulnerabilities (95%) are found in transitive or indirect dependencies.  The researchers noted that developers increasingly favor open source as a way to accelerate time…

The Senate has passed the Quantum Computing Cybersecurity Preparedness Act to bolster national security by preparing the federal government's defenses against quantum-computing-enabled data breaches. The bill aims to protect sensitive data from the…

Google recommends that organizations use the Supply Chain Levels for Software Artifacts (SLSA) framework when developing software to improve software security and integrity, following an exploration of best practices for securing the software supply…

Checkmarx and Phylum detailed a typosquatting campaign aimed at the NPM and PyPI package managers. This campaign includes embedded ransomware and targets the popular "requests" package on PyPI and the "discord.js" package on NPM. When the…

Deep Instinct's Threat Research team discovered a new campaign carried out by the MuddyWater Advanced Persistent Threat (APT) group, also known as SeedWorm, TEMP.Zagros, and Static Kitten. The APT's campaign has targeted Armenia, Azerbaijan, Egypt, Iraq…

Dimensional Research surveyed 1,175 security professionals and executives from five continents to get a global perspective of the capabilities of security solutions, deployment strategies, gaps, and the value of tool consolidation. According to the…