A security researcher has discovered a vulnerability in Hikvision surveillance cameras that make them susceptible to remote hijacking without the attacker needing to have a username and password. The attack can be launched using the standard HTTP and…

The decentralized finance (DeFi) system pNetwork that allows communication between different blockchains recently announced that it had been hacked for 277 pBTC (its bridged version of bitcoin), with losses worth more than $12 million at current value.…

Corporate end-users should be on high alert for phishing attacks in the final quarter of the year as this is when most malicious emails are likely to land, according to new research from Tessian.  The email security vendor analyzed four billion…

Windows IIS servers are being used to add expired certificate notification pages prompting visitors to download a fake installer. All Windows versions since Windows 2000, XP, and Server 2003 include the Microsoft Windows web server software, Internet…

Security researchers from AirEye discovered a new hacking method called SSID Stripping that could be used to trick unsuspecting users into connecting to fraudulent wireless networks. In collaboration with Technion, AirEye revealed the possible…

An Iowan agricultural group hit by ransomware over the weekend is claiming that the impact of the attack on the US public could be worse than the Colonial Pipeline incident.  The attack has been traced to BlackMatter, a group that some believe has…

The National Institute of Standards and Technology (NIST) recently held the "Workshop on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software," which is the government agency's latest step in the creation of a…

Security researchers have created a list of flaws commonly abused by ransomware gangs to infiltrate a victim's network. Allan Liska, a member of Recorded Future's Computer Security Incident Response Team (CSIRT), made a call to action on Twitter to…

AMD has disclosed a vulnerability contained by the AMD Platform Security Processor (PSP) chipset driver. Threat actors could exploit this vulnerability to dump memory pages and steal sensitive information, such as passwords and storage decryption keys.…

The Continuous Integration and Continuous Delivery (CI/CD) service for cloud platform projects, Travis CI, has addressed a severe security flaw, which exposed API keys, access tokens, and credentials, posing a significant threat to businesses that set…

Bitdefender has announced the release of a free, universal decryption key for REvil ransomware victims to recover their locked data. The tool, created by Bitdefender together with an unnamed law enforcement, can restore files from REvil attacks before…

The U.S. Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Coast Guard Cyber Command (CGCYBER) warn of the exploitation of a recently disclosed vulnerability…