Security researchers at ExtraHop have found that most global organizations are exposing sensitive and insecure protocols to the public internet, potentially increasing their attack surface.  The researchers analyzed a range of enterprise IT…

Unidentified attackers have specifically targeted Russian businesses with malware that allows remote control and data theft from infected machines. According to Malwarebytes, one of the Russian enterprises targeted by this spyware is a government-…

In a typosquatting effort to impersonate legitimate projects, a hacker using the handle "Pl0xP" cloned a large number of GitHub repositories and slightly changed the cloned repository names, potentially infecting any software that imported the code.…

As cybercriminals, state-backed hackers, and scammers continue to flood the zone with digital attacks and aggressive campaigns around the world, Microsoft, the maker of the ubiquitous Windows operating system, is focusing on security defense. Microsoft's…

NC State University is the lead institution on a $9 million National Science Foundation (NSF) grant to conduct research on technical challenges in software supply chain security and to assist in the development of a diverse workforce for the software…

A Danish ethical hacker gained unauthorized access to a closed Cloudflare beta and discovered a vulnerability that a cybercriminal could have exploited to hijack and steal someone else's email. Albert Pedersen, the student who reported the critical…

As scientists push the boundaries of machine learning, the amount of money, energy, and time required to train increasingly complex neural network models are skyrocketing.  A new area of artificial intelligence called analog deep learning promises…

Researchers from Aqua Nautilus discovered a new type of cryptomining attack in the wild that is designed to hijack network bandwidth. They pointed out that until now, cryptominers attempted to generate cryptocurrency by performing extensive, complicated…

Cybersecurity-focussed non-profit CREST has recently partnered with the Open Web Application Security Project (OWASP) to release the OWASP Verification Standard (OVS).  The OVS aims to provide mobile and web app developers with enhanced security…

Malwarebytes discovered a malvertising campaign that uses Google Ads to redirect users to Windows support scam sites. After searching specific popular keywords, the attackers display fake Windows Defender alerts requesting visitors to contact Microsoft…

NVIDIA, which manufactures Graphics Processing Units (GPUs) for gaming systems, high-end PCs, and handheld devices, has released patches for several high-severity vulnerabilities in its graphics drivers for Windows and Linux that could result in…

Soccer and football fans have been warned to exercise caution online after news emerged that fraudsters are increasingly taking to social media to sell non-existent tickets.  Researchers at Lloyds Bank discovered that incidents surged by 68% between…