Google recommends that organizations use the Supply Chain Levels for Software Artifacts (SLSA) framework when developing software to improve software security and integrity, following an exploration of best practices for securing the software supply…

Checkmarx and Phylum detailed a typosquatting campaign aimed at the NPM and PyPI package managers. This campaign includes embedded ransomware and targets the popular "requests" package on PyPI and the "discord.js" package on NPM. When the…

Deep Instinct's Threat Research team discovered a new campaign carried out by the MuddyWater Advanced Persistent Threat (APT) group, also known as SeedWorm, TEMP.Zagros, and Static Kitten. The APT's campaign has targeted Armenia, Azerbaijan, Egypt, Iraq…

Dimensional Research surveyed 1,175 security professionals and executives from five continents to get a global perspective of the capabilities of security solutions, deployment strategies, gaps, and the value of tool consolidation. According to the…

As part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe, a hack-for-hire group called Evilnum has targeted travel agencies. The attacks, which occurred in 2020 and 2021 and most likely began in…

Research by Dr. Joel Reardon, a University of Calgary Internet security and privacy expert, and his colleague, Dr. Serge Egelman, at the University of California Berkeley, has led to the web browser firm Mozilla removing an offshore company as a trusted…

To deter and defeat agile adversaries, people and assets deployed by the US Department of Defense (DOD) in ground, sea, air, and space must maintain operational wireless network connectivity. Researchers from Florida Atlantic University's (FAU) College…

The Science and Technology Directorate (S&T) is working with the Cybersecurity and Infrastructure Security Agency (CISA) to develop and test new technologies and tools to combat both online and physical threats. According to the S&T program…

Security researchers at Cisco Talos have discovered that threat group Silence has been infecting an increasing number of devices using Truebot malware.  The researchers suggest that there is a connection between Silence and the infamous hacking…

The Hive Ransomware-as-a-Service (RaaS) group claims to have published customer data obtained during an attack on French sports retailer Intersport in November. The notorious RaaS group leaked some Intersport data to its dark web leak site and threatened…

CommonSpirit Health, based in Chicago, has confirmed that an October ransomware attack exposed the personal information of over 620,000 patients. On October 5, CommonSpirit Health, which operates over 700 care sites and 142 hospitals across 21 states,…

Secretary of Homeland Security Alejandro Mayorkas recently stated that national security and homeland security are now more interconnected than ever before, largely driven by the fact that U.S. adversaries can execute attacks “with a keystroke.”  …