Researchers have discovered a new phishing attempt that is using Facebook Messenger.  Adversaries use people's social media accounts to send "a video" to the user's friends.  The adversaries then ask, "is it you in this video". There is no…

Sophos researchers have reported the use of a backdoor named SystemBC by multiple ransomware families, including Ryuk and Egregor. The continuously evolving backdoor executes commands and enables adversaries to download and run scripts, executables, and…

Researchers at the healthcare cybersecurity provider CyberMDX discovered critical vulnerabilities in Dell Wyse Thin Client devices. The exploitation of these vulnerabilities could allow attackers to remotely run malicious code and access arbitrary files…

Positive Technologies released a new report titled "5G Standalone Core Security Research," highlighting several potential vulnerabilities in 5G standalone networks that could lead to Denial-of-Service (DoS) attacks. Researchers conducted network…

Synopsys researchers discovered a severe authentication bypass vulnerability in a popular Java cryptography library called Bouncy Castle. The vulnerability exists in the OpenBSDBcrypt class of Bouncy Castle. The exploitation of this vulnerability could…

Researchers at Astra Security found a critical bug for the popular WordPress plugin called Contact Form 7.  The critical bug allows an unauthenticated adversary to take over a website running the plugin or hijack the entire server hosting the…

There has been a significant increase in cyberattacks against public schools in the United States since the beginning of the 2020-21 school year. Federal cybersecurity officials expect these attacks to continue growing in frequency and sophistication.…

IBM Trusteer researchers report that hackers are using mobile emulators to spoof banking customers' mobile devices in order to steal millions of dollars from online banking accounts belonging to customers located in the U.S. and Europe. Mobile emulators…

Researchers at One Identity conducted a new survey of 1,216 IT security professionals. They found that 37 percent of the participants rated rapid changes in their AD/AAD environment as the key impact of COVID-19 on their organization’s identity…

Microsoft, FireEye, and GoDaddy have worked together to create a "killswitch" for SUNBURST, which is the malware distributed in the supply chain attack on SolarWinds' Orion IT management platform. This platform is used by several U.S. government agencies…

Researchers at Avast Threat Intelligence have recently identified malware existing in popular add-ons for Facebook, Vimeo, Instagram, and others commonly used in browsers from Google and Microsoft.  A total of 28 popular extensions for Google Chrome…

The Government Accountability Office (GAO) released a report revealing that most large agencies did not implement the National Institute of Standards and Technology's (NIST) Supply Chain Risk Management (SCRM) practices following closely after the…