The Jenkins security team has disclosed 34 security vulnerabilities impacting 29 plugins for the Jenkins open-source automation server, with all of them being zero-days remaining unpatched. Jenkins is a widely used platform, with support for more than 1,…

A newly discovered malware dubbed SessionManager has been used in the wild since at least March 2021 to backdoor Microsoft Exchange servers belonging to various entities worldwide, with infections still present in 20 organizations as of June 2022. After…

One of the most common Android risks, toll fraud malware, is expanding with capabilities that enable automated membership to premium services, according to a Microsoft warning. In toll fraud, a subset of billing fraud, the threat actor tricks victims…

So far, 18 security vulnerabilities have been exploited as unpatched zero-days in the wild this year, with half of them being preventable flaws. Nine of the flaws were updated versions of vulnerabilities that had already been patched, with four of them…

Dr. Ahmed Aleroud, associate professor in the Augusta University School of Computer and Cyber Sciences and grant principal investigator, has been awarded a three-year grant totaling $500,622 by the Office of Naval Research's Social Networks and…

According to a recent study by consulting firm Trail of Bits, supported by the US Defense Advanced Research Projects Agency (DARPA), blockchains are not impenetrable despite claims to the contrary and can be compromised using unethical methods.…

The FBI's Internet Crime Complaint Center (IC3) issued a warning about the use of deepfakes and stolen Personally Identifiable Information (PII) by individuals seeking remote work positions. According to the FBI, the fraudulent activity targets IT jobs,…

Google has released a preview version of Advanced API Security, a service designed to assist organizations in combating growing threats targeting Application Programming Interfaces (APIs). The service, which is built on the API management platform Apigee…

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has published guidance for transitioning from Basic Authentication ("Basic Auth") in Microsoft Exchange Online to Modern Authentication ("Modern Auth")…

In order to strengthen defensive capabilities and share threat information with the government, US Cyber Command (USCYBERCOM) wants more technology organizations on the front lines of the international cybersecurity effort. USCYBERCOM distributes…

Based on comparisons to the Ronin bridge attack in March 2022, the North Korean-backed Lazarus Group is thought to be responsible for the recent $100 million cryptocurrency theft from Harmony Horizon Bridge. The discovery comes after Harmony announced…

During the NATO summit, NATO announced its plans to create a rapid response cyber force and that it plans to bolster military partnerships with civil society and industry to respond to cyber threats. During the summit, it was decided that NATO will build…