A new end-to-end phishing toolkit called "FishXProxy" makes it easier for cybercriminals to launch and manage malicious email attacks that bypass security.

Symantec reports that in the first quarter of 2024, successful ransomware attacks advertised on leak sites increased 9 percent despite high-profile law enforcement takedowns of major groups.

GitLab has made security updates that address six vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including a critical-severity bug.

Dallas County is notifying over 200,000 people that the Play ransomware attack in October 2023 exposed their personal data to cybercriminals.

Advance Auto Parts started to send data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks.

According to researchers at Sysdig, the new threat actor called "CRYSTALRAY" now has over 1,500 victims. The threat actor has stolen credentials and deployed cryptocurrency miners.

A recently disclosed PHP security flaw has been used to deliver Remote Access Trojans (RATs), cryptocurrency miners, and Distributed Denial-of-Service (DDoS) botnets.

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint alert about the exploitation of OS command injection vulnerabilities in network edge devices.

Cryptocurrency investigators at Elliptic have claimed a popular online marketplace in Southeast Asia is actually being used primarily by money launderers and fraudsters.

VMWare recently pushed out patches for a high-risk SQL injection vulnerability in its Aria Automation product and warned that an authenticated malicious user could target the flaw to manipulate databases.

The National Security Agency (NSA) joins the Australian Signals Directorate (ASD) and other agencies in publishing a Cybersecurity Advisory (CSA) titled "PRC MSS Tradecraft in Action." It delves into the tradecraft of a cyber actor group associat

Cisco Talos reports that ransomware attackers are increasingly focusing on defense evasion to boost dwell time in victim networks.