The US Department of Homeland Security (DHS) issued a warning that attackers could use critical security flaws in unpatched Emergency Alert System (EAS) encoder/decoder devices to send fake emergency alerts over TV and radio networks. In the event of a…

Cybersecurity experts at Deepwatch spotted activity from threat actors that "highly likely" exploited a security flaw in the Atlassian Confluence server (CVE-2022-26134) to deploy a new backdoor dubbed "Ljl" against several unnamed organizations.  …

Dark Utilities is a new service that has already attracted 3,000 users because of its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems. It is marketed as a way to enable remote access, command…

Security researchers at ExtraHop have found that most global organizations are exposing sensitive and insecure protocols to the public internet, potentially increasing their attack surface.  The researchers analyzed a range of enterprise IT…

Unidentified attackers have specifically targeted Russian businesses with malware that allows remote control and data theft from infected machines. According to Malwarebytes, one of the Russian enterprises targeted by this spyware is a government-…

In a typosquatting effort to impersonate legitimate projects, a hacker using the handle "Pl0xP" cloned a large number of GitHub repositories and slightly changed the cloned repository names, potentially infecting any software that imported the code.…

As cybercriminals, state-backed hackers, and scammers continue to flood the zone with digital attacks and aggressive campaigns around the world, Microsoft, the maker of the ubiquitous Windows operating system, is focusing on security defense. Microsoft's…

NC State University is the lead institution on a $9 million National Science Foundation (NSF) grant to conduct research on technical challenges in software supply chain security and to assist in the development of a diverse workforce for the software…

A Danish ethical hacker gained unauthorized access to a closed Cloudflare beta and discovered a vulnerability that a cybercriminal could have exploited to hijack and steal someone else's email. Albert Pedersen, the student who reported the critical…

As scientists push the boundaries of machine learning, the amount of money, energy, and time required to train increasingly complex neural network models are skyrocketing.  A new area of artificial intelligence called analog deep learning promises…

Researchers from Aqua Nautilus discovered a new type of cryptomining attack in the wild that is designed to hijack network bandwidth. They pointed out that until now, cryptominers attempted to generate cryptocurrency by performing extensive, complicated…

Cybersecurity-focussed non-profit CREST has recently partnered with the Open Web Application Security Project (OWASP) to release the OWASP Verification Standard (OVS).  The OVS aims to provide mobile and web app developers with enhanced security…