When an attacker submits changes to an open-source repository on GitHub, downstream software projects that include the most recent version of a component may compile updates containing malicious code. According to Legit Security, a software supply chain…

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of the continued threat posed by the Cuba ransomware variant, which has made its affiliates and developers $60m as of August.  CISA revealed in a new alert that the ransomware…

This week, NATO kicked off its Cyber Coalition 22 exercise to enhance cyber resilience among its members.  NATO brought together 1000 defenders from 26 member countries plus Finland and Sweden, Georgia, Ireland, Japan, Switzerland, and the EU, as…

Small-scale renewable energy systems have the advantage of being able to be set up into networks that, when necessary, can run independently of the primary electric grid. KAUST researchers are now creating strategies to defend these networks, known as…

As power grids become more reliant on computer-based systems, they become more vulnerable to cyberattacks. Mohammadamin Moradi, an electrical engineering doctoral student at Arizona State University (ASU), used Artificial Intelligence (AI) to analyze the…

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) responded to an advanced cyberattack on a Defense Industrial Base (DIB) organization's network from November 2021 to January 2022. During that time, Advanced…

According to a new report by the Commerce Department Office of Inspector General (IG), a team of government-contracted red team hackers gained unauthorized and undetected control of critical Census Bureau systems in a simulated attack test, which…

Code Intelligence, a provider of automated testing tools, has released CI Fuzz CLI, an open-source Command-Line Interface (CLI) tool that allows Java developers to incorporate fuzz testing into their existing JUnit setups. JUnit is an open-source, Java-…

Taiwan-based Delta Electronics has recently patched potentially serious vulnerabilities in two of its industrial networking products.  Security researchers at CyberDanube discovered the flaws in Delta's DX-2100-L1-CN 3G cloud router and the DVW-…

Colombian healthcare provider Keralty recently reported a ransomware attack that affected its systems and two of its subsidiaries: EPS Sanitas and Colsanitas.  The attack disrupted the companies' IT operations, websites, and scheduling of medical…

Security researchers investigated IBM Cloud's Database-as-a-Service (DaaS) infrastructure and discovered several security flaws that gave them access to the internal server used to build database images for customer deployments. The demonstrated attack…

In mid-November, a threat actor posting on a dark web forum claimed to have stolen the personal information of almost 500 million WhatsApp users.  Recently, Check Point Research (CPR) has published a new advisory analyzing the exposed files and…