A pilot program launched by the Defense Advanced Research Projects Agency (DARPA) and the US Cyber Command (CYBERCOM) aims to put new cyber capabilities in the hands of cyber operators more quickly. By developing a user-directed, incremental, and…

A researcher discovered that a security flaw on the Florida Department of Revenue website exposed the bank account and Social Security numbers of at least hundreds of taxpayers. By changing the portion of the website address that contains the taxpayers'…

Vanuatu's government recently stated that it was slowly getting its communications back online following a cyberattack that knocked out emergency services, emails, and phone lines for weeks.  Chief information officer Gerard Metsan stated that 70…

Qualys' Threat Research Unit recently showed how a new Linux vulnerability could be chained with two other apparently harmless flaws to gain full root privileges on an affected system.  The researchers stated that the new vulnerability, tracked as…

Researchers have discovered a new wiper Trojan disguised as a ransomware payload in the wild. CryWiper, named after the distinctive '.cry' extension it appends to files, appears to be a new ransomware strain at first glance. The victims' devices appear…

Cyber extortion affects businesses of all sizes worldwide, with 82 percent of cases observed being small businesses, up from 78 percent last year. According to Orange Cyberdefense's latest Security Navigator report, there was a noticeable slowdown in…

Google appears to be reaping the benefits of its decision to use Rust for new code in Android in order to reduce memory-related flaws. Memory safety flaws in Android have been reduced by more than half, a significant achievement coinciding with Google's…

Group-IB found almost three dozen groups of Russian hackers using the stealer-as-a-service model to spread infostealer malware. An infostealer is a type of malware that collects browser credentials, payment card numbers, and cryptocurrency wallet…

A new Malware-as-a-Service (MaaS) operation called 'DuckLogs' is providing low-skilled attackers with easy access to multiple modules for data theft, keystroke logging, clipboard data access, and remote access to the compromised host. DuckLogs is…

A previously unknown Go-based malware is targeting Redis servers with the intent of taking control of infected systems and likely establishing a botnet network. According to cloud security firm Aqua, the attacks involve exploiting a critical security…

Security researchers at industrial cybersecurity firm Nozomi Networks have recently discovered three vulnerabilities in Mitsubishi Electric’s GX Works3 engineering workstation software that could be exploited to hack safety systems.  GX Works3 is…

Netwrix has released additional findings from its global 2022 Cloud Security Report for the financial and banking sectors. Financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure than other…