Apple has released a new tool aimed at helping developers protect iOS apps against security threats. Apple's Attest API tool generates a cryptographic key on a user's device to ensure that an app is authentic. The tool also makes sure that a phone…

Researchers at the security firm Group-IB have discovered a Russian-speaking hacking group, dubbed RedCurl. According to the researchers, RedCurl has focussed on corporate espionage and launched 26 campaigns against 14 organizations since 2018. RedCurl…

Chinese hackers have infiltrated at least 10 Taiwan government agencies and gained access to about 6,000 email accounts in an attempt to steal data. According to a top Taiwan cyber official, the damage done is not small, and the full impact is still…

The Apache Software Foundation has released security advisories about vulnerabilities discovered in Apache Struts versions  2.0.0 through 2.5.20 that have the potential to help launch remote code-execution (RCE) and denial-of-service (DoS…

Cyber-physical systems security researchers at the University of California demonstrated the use of inexpensive equipment to attack a grid-tied solar inverter. The researchers built a remote spoofing device composed of an electromagnet, an Arduino…

Security researchers at a company called Menlo Security, have uncovered an active malware campaign that utilizes HTML smuggling to deliver malware, effectively bypassing various network security solutions, including sandboxes, legacy proxies, and…

Hackers used a social engineering technique called "phone spear phishing," also known as "vishing" or "voice phishing," in an attempt to compromise more than 100 Twitter accounts belonging to high-profile users, including CEOs, celebrities, and…

Researchers at Risk Based Security have discovered that the number of publicly reported data breaches is at its lowest in five years.  However, the number of records exposed is more than four times higher than any previously reported time period.…

Security researchers have discovered cryptocurrency mining malware capable of stealing AWS credentials from infected servers. The malware was observed being used by TeamTNT, a cybercrime group that targets Docker installations. According to researchers,…

The Cybersecurity and Infrastructure Security Agency (CISA) has published an alert to provide information on attacks delivering the KONNI remote access Trojan (RAT).  Phishing emails are being sent delivering Microsoft Word documents that contain…

Researchers at Wordfence have discovered two critical flaws in a WordPress plugin called Quiz and Survey Master, which is actively installed on over 30,000 websites.  The two critical flaws that were discovered include an arbitrary file-upload…

Army researchers were awarded a patent for their invention of a practical method that could be used to improve the security of communications between Army wireless devices. The technique enables simultaneous, covert verification of wireless…