The top three data exfiltration tools used by threat actors between September 2023 and July 2024 were Rclone, WinSCP, and cURL, according to ReliaQuest. Data exfiltration may involve threat actor–owned infrastructure or third-party cloud services.

NCC Group researchers discovered vulnerabilities in Sonos smart speakers, including a flaw that could have enabled attackers to eavesdrop on users.

The US Cybersecurity and Infrastructure Security Agency (CISA) warns of two vulnerabilities, including a path traversal flaw affecting Apache OFBiz.

Researchers at Menlo Security found a sophisticated phishing campaign that exploits users' trust in Google Drawings and WhatsApp.

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning organizations about threat actors targeting improperly configured Cisco devices.

The "2024 Cost of Data Breach Study" by IBM and the Ponemon Institute details the financial costs of cyberattacks across different industries.

With the goal of creating division, Iran is adding to Russia’s and China’s efforts to sow distrust and chaos in the upcoming US election. Iran has been using websites and social media feeds directed to both politically left and right voters.

ReasonLabs researchers discovered a malware campaign that forced the installation of malicious Google Chrome and Microsoft Edge browser extensions in more than 300,000 browsers, modifying the browser's executables to take over homepages and steal brows

Rapid7's "Ransomware Radar Report 2024" highlights key findings from the analysis of visible leak sites, ransomware code, and underground forum chatter.

A popular Ethereum blockchain, which was the victim of the largest ever crypto-heist back in 2022, recently suffered a $12m loss but had the stolen funds returned by ethical hackers.

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently discovered that a prolific ransomware group has demanded more than $500m from its victims in less than two years.

American building security giant ADT recently confirmed it suffered a data breach after threat actors leaked allegedly stolen customer data on a popular hacking forum.