Researchers at Palo Alto Networks' Unit 43 have discovered at least 30 malicious images in Docker Hub, with a collective 20 million downloads.  The images have been used to spread cryptomining malware.  According to the researchers, the…

The Internal Revenue Service (IRS) has issued an alert about an ongoing IRS-impersonation phishing scam that primarily targets university students and employees. The IRS has received complaints about the scam over the past few weeks from people with…

During Veracode's inaugural Hacker Games competition, the University of Warwick has been crowned as the winner.  After coming out on top in a collegiate contest between eight universities from across the UK and US, the WMG Cyber Security Center at…

Security researchers at Proofpoint have recently linked a late-2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with…

In an effort to bolster election security, the National Institute of Standards and Technology (NIST) has drafted guidelines for local election officials on how to address cyber threats that could impact election infrastructure and disrupt the voting…

The developers who maintain the PHP programming language have decided to move the main Git repository for PHP to GitHub after hackers targeted PHP source code in a backdoor attack. Nearly 80 percent of websites on the Internet are written in PHP. Two…

Researchers from Awake Security, CrowdStrike, and Accenture analyzed attacks involving the Hades ransomware and shared information on their findings in relation to the malware itself and its operators' tactics, techniques, and procedures (TTPs). Hades…

The SolarWinds cyberattackers were able to use SolarWinds’ Orion network management platform to infect targets by pushing out a custom backdoor called Sunburst via trojanized product updates. Sunburst was delivered to almost 18,000 organizations around…

Russian state-sponsored hackers known for launching disinformation campaigns against the North Atlantic Treaty Organization (NATO) are suspected to have targeted dozens of German lawmakers. The hackers performed spear-phishing attacks targeting private…

Researchers in Trend Micro's Zero Day Initiative (ZDI) team discovered two remote code execution (RCE) vulnerabilities that could lead to the takeover of SolarWinds Orion systems. The team has worked closely with SolarWinds to assist in responding to the…

During a new study, researchers at F-Secure discovered that double-extortion ransomware attacks exploded in 2020.  The tactic involves threat actors stealing data from organizations in addition to encrypting files. This means that, as well as…

Marcus Fowler, the director of strategic threat at the cybersecurity Artificial Intelligence (AI) company Darktrace, discusses the need for new technologies and new talent to close the cybersecurity skills gap. Although the first decrease has been…