Cybersecurity professionals regard Single Sign-On (SSO) credentials as the keys to the kingdom. Employees gain access to numerous applications by logging in once with these credentials, which are the last thing an organization wants stolen or sold on the…

In order to protect the software supply chain, new data shows a significant increase in activities to secure open source components and integrate security into developer toolchains. The 13th edition of Synopsys' Building Security In Maturity Model (BSIMM…

It has recently been discovered that the personal information of roughly 320,000 individuals was compromised following a ransomware attack at New York-based ambulance services provider Empress EMS (Emergency Medical Services).  The organization…

The threat actors named "TeaPea," who were behind the InterContinental Hotels Group (IHG) cyberattack reported earlier this month, admitted doing it "for fun."  The threat actors talked to BBC over the weekend and stated that they are a couple from…

A new vulnerability in Oracle Cloud Infrastructure (OCI) could allow unauthorized access to cloud storage volumes of all users, hence violating cloud isolation.  Security researchers at Wiz discovered the flaw in June and dubbed it AttachMe.  …

Security researchers have issued a warning about the malware tool known as ChromeLoader. It first appeared in January as a consumer-focused, browser-hijacking credential stealer, but has since evolved into a widespread and multifaceted threat to…

The US government will provide $1 billion in grants to assist State, Local, and Territorial (SLT) governments in addressing cybersecurity risks, strengthening the cybersecurity of critical infrastructure, and ensuring cyber resilience in the face of…

Security researchers at Sonatype have discovered that the volume of malicious activity targeting upstream open source code repositories has hit triple-digit growth over the past three years. The security vendor claimed in newly released data to have…

The Hive ransomware operation claimed responsibility for an attack on the New York Racing Association (NYRA), which had previously disclosed that a cyberattack on June 30, 2022, had disrupted IT operations and website availability, as well as compromised…

Wintermute, a global cryptocurrency market maker, revealed a loss of $162.2 million in DeFi operations. According to reports, the digital asset trading firm serves over 50 cryptocurrency exchanges and trading platforms, including Binance, Coinbase,…

US video game publisher 2K recently warned players of its games not to click on links sent out by its help desk, as they are likely to be malicious.  The company which is a subsidiary of Take-Two Interactive, released a brief statement on Twitter…

The cybersecurity company Imperva announced that on June 27, 2022, it mitigated a Distributed Denial-of-Service (DDoS) attack with over 25.3 billion requests. The powerful attack, which was launched against an unnamed Chinese telecommunications company,…