A new RedLine malware distribution campaign has been seen promoting fake Binance NFT mystery box bots on YouTube in order to trick people into downloading the information-stealing malware from GitHub repositories. Binance mystery boxes are collections of…

Google is increasing its investment in open source software security by forming a new team of developers committed to assisting the maintainers of major open source projects in improving their software's security. The new Open Source Maintenance Crew is…

Cybercrimals can find everything from information stealing to ransomware and crypto-mining modules offered by the Eternity Project as recently advertised on a popular Telegram channel. For prices ranging from $90 to $490, would be hackers can purchase…

NIST releases new guidance for dealing with cybersecurity risks throughout the supply chain. Supply chain is a vital part of global commerce. But vulnerabilities in the technology used to manage it can cause problems for businesses and their customers.…

The European Union (EU) has recently reached a political agreement on new legislation that will impose common cybersecurity standards on critical industry organizations.  The new directive will replace the EU’s existing rules on the security of…

ForgeRock, a global identity and access management company, has created a new application called ForgeRock Autonomous Access that uses AI to prevent identity-based cyberattacks and fraud.   The application monitors login requests in real-time to…

A team of researchers at Zhejiang University in China used basic Machine Learning (ML) to identify patterns that common Web Application Firewalls (WAFs) fail to detect, but which can deliver a threat actor's payload. The researchers started with common…

Gov. Larry Hogan just signed measures to strengthen cybersecurity in state and local governments in Maryland after lawmakers approved legislation and big investments earlier this year to protect vital systems against cyberattacks.  One of the…

Security researchers at Cisco’s Talos threat intelligence and research unit have discovered 17 vulnerabilities in a wireless industrial router made by InHand Networks, including flaws that can be chained to gain root access by getting a user to click on…

Researchers at Rapid 7 have discovered a critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls.  The researchers disclosed the vulnerability to Zyxel on April 13th, and it was fixed by the company with a patch released…

Researchers found a simple malware builder that steals credentials and sends them to Discord webhooks. A Discord user called Portu began selling a new password-stealing malware generator on April 23rd, 2022. Malware builders are programs that "script…

According to an analysis conducted by (ISC)², a Florida-based nonprofit organization specializing in IT training and certifications, the worldwide cybersecurity workforce must grow by 65 percent to protect enterprises' critical assets adequately. The…