Security researchers from Microsoft Threat Intelligence Center (MSTIC) have discovered a new, post-compromise capability allowing a threat actor to maintain persistent access to compromised environments.  Dubbed "MagicWeb," the capability has been…

According to a new report from the cybersecurity solutions provider Fortinet, the number of new ransomware variants nearly doubled in the first half of 2022, and attackers are increasingly leveraging zero-day vulnerabilities. The company's FortiGuard…

Security researchers at NCC Group have found that ransomware cases jumped 47 percent amid a rise in attacks involving newer strains of malicious software infecting targets.  The researchers noted that reported incidents increased to 198 in July from…

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) is advising critical infrastructure organizations to prepare to protect their systems from powerful quantum decryption algorithms as public and private…

The IEEE recently published its annual ranking of the Top Programming Languages!  The top 10 trending programming languages in 2022 include Python, Java, C, JavaScript, C++, C#, SQL, PHP, HTML, and Go.  The IEEE also looked at hundreds of …

Mozilla recently patched several high-severity vulnerabilities in its Firefox and Thunderbird products.  Firefox 104, as well as Firefox ESR 91.13 and 102.2, patches a high-severity address bar spoofing issue related to XSLT error handling.  …

Gallium, a Chinese Advanced Persistent Threat (APT) group, has been observed using a previously unknown Remote Access Trojan (RAT) in espionage attacks against firms in Southeast Asia, Europe, and Africa. The "difficult-to-detect" backdoor known as…

PyPI, the official third-party software repository for Python packages, is warning its users about a phishing campaign. It was discovered that some maintainers of legitimate projects had been compromised, and malware had been published as the latest…

According to a new investigation into the phishing campaign that targeted Twilio and Cloudflare in July, more than 130 organizations have been affected since the initial attack. In the campaign, which began in March 2022, nearly 10,000 user credentials…

A security researcher with a long track record of demonstrating novel data exfiltration methods from air-gapped systems has devised yet another method that involves sending Morse code signals via LEDs on Network Interface Cards (NICs). Dr. Mordechai Guri…

The National Science Foundation (NSF) has awarded funding to a team of researchers at Virginia Commonwealth University (VCU) in support of a project aimed at improving the security of Internet-connected medical devices. The principal investigator of the…

On July 20, 2022, the American Data and Privacy Protection Act (ADPPA) was moved out of the US House of Representatives Committee on Energy and Commerce by a vote of 53-2. The bill still needs to be passed by the full House and Senate. ADPPA includes…