A cryptocurrency firm used by gamers to transfer virtual coins has found that hackers stole hundreds of millions of dollars worth of currency from it.  Vietnamese blockchain game developer Sky Mavis created the Ronin Network to function as an…

Rapid7's new 2021 Vulnerability Intelligence Report reveals a 71 percent decrease in 'time to known exploitation' (TTKE) due to the surge in widespread zero-day attacks, most of which were launched by ransomware gangs. Hackers were found to be faster in…

Researchers at Checkmarx have reported the launch of hundreds of malicious packages by the threat actor RED-LILI as part of Node Package Manager (NPM) attacks against Azure and other developers. According to the researchers, attackers have typically…

WordPress websites are being infected with malicious scripts to use visitors' browsers to execute Distributed Denial-of-Service (DDoS) attacks against Ukrainian websites. Security researchers with MalwareHunterTeam have identified a compromised WordPress…

Security researchers at Veracode have discovered that more than four-fifths (82%) of public sector applications have security flaws, the highest proportion of any industry.  The researchers also found that the public sector takes around twice as…

Lawmakers in the United States have proposed a new bill that aims to enhance the cybersecurity of America's healthcare and public health (HPH) sector. The new bill is called the Healthcare Cybersecurity Act. A primary goal of the act is to improve…

A new email phishing campaign has been discovered hijacking conversations to deliver IcedID information-stealing malware. The campaign exploits unpatched and publicly-exposed Microsoft Exchange servers. The phishing emails apply the social engineering…

A researcher at the University of Massachusetts Dartmouth has published Proof-of-Concept (PoC) videos demonstrating how an attacker can remotely unlock a Honda vehicle's doors or start its engine. The attack is made possible by a vulnerability contained…

Browser-in-the-Browser (BITB) is a novel phishing method in which third-party Single Sign-On (SSO) options are abused. These SSO options are embedded on websites and issue pop-up windows for authentication via Google, Facebook, Apple, or Microsoft. The…

A Health District in the State of Washington has made its second data breach announcement of 2022.  Both data breaches at the Spokane Regional Health District (SRHD) occurred when employees fell victim to phishing attacks.  The district…

Utah has passed a new privacy law called the Utah Consumer Privacy Act (UCPA).  UCPA will take effect in under two years, on December 31, 2023.  The provisions will apply to organizations with annual revenue of $25m or more that conduct…

Trustwave SpiderLabs released a report detailing a new phishing campaign that plants the Vidar information-stealing malware on target machines. This malicious campaign hides its complex malware behind a Microsoft Compiled HTML Help (.CHM) file, which is…