Researchers recently discovered a threat group with a possible Russian connection that targets corporate email environments. The researchers initially believed the UNC3524 gang was primarily interested in money, as are many ransomware attacks. An…

Researchers have warned that WhatsApp users should watch out for a scam that lures victims with the promise of cash rewards from retail giant Costco in return for completing a short survey, all in honor of Costco’s “40th anniversary”.  The…

NPower, a US-based non-profit participating in a cybersecurity workforce development program started by the Cybersecurity and Infrastructure Agency (CISA), is currently looking for recruits for a free cybersecurity training program aimed at underserved…

According to security researchers at Palo Alto Networks' Unit 42, threat actors are evading detection by using malicious payloads associated with the Brute Ratel C4 adversarial attack simulation tool, which is legitimate software. The researchers…

In attacks against corporate networks, a new ransomware operation encrypts both Windows and Linux VMware ESXi servers. Researchers at MalwareHunterTeam, who tweeted various images of the gang's data leak site, discovered the new operation. Based on a…

HackerOne fired one of its employees for collecting bug bounties from customers after alerting them to vulnerabilities in their products. These vulnerabilities were discovered by other researchers and privately disclosed to HackerOne through its…

An NPM supply-chain attack that began in December 2021 to hack hundreds of websites and desktop applications used numerous malicious NPM modules with JavaScript code obfuscation. ReversingLabs researchers discovered that the threat actors behind this…

When enterprises migrate to the cloud, they become more reliant on Application Programming Interfaces (APIs) for core business operations. Most organizations have experienced at least one API-related attack in the last year, according to the findings of…

Iran's steel industry is being targeted by ongoing cyberattacks that have previously disrupted the country's rail system. Malware used in last week's crippling cyberattacks on Iranian steel plants is linked to an attack that shut down the country's rail…

Google recently announced the release of an emergency chrome update that patches an actively exploited zero-day vulnerability.  The flaw tracked as CVE-2022-2294 has been described as a heap buffer overflow in WebRTC.  An Avast Threat…

Recently accounts receivable management firm Professional Finance Company (PFC USA) started sending out data breach notification letters to patients of over 650 healthcare providers across the country.  The Northern Colorado-based company has…

Human error continues to be the most effective vector for network infiltrations and data breaches. The SANS Institute security center recently released its annual security awareness report based on data from 1,000 information security professionals,…