Unanswered Questions Cloud the Recent Targeting of an Asian Research Org

A novel threat group, utilizing new malware, is out in the wild. But the who, what, where, and why are yet to be determined, and there's evidence of a false-flag operation.

Scammers Mimic ChatGPT to Steal Business Credentials

Hackers will take anything newsworthy and turn it against you, including the world's most advanced AI-enabled chatbot.

Massive GoAnywhere RCE Exploit: Everything You Need to Know

Weeks after an exploit was first announced in a popular cloud-based file transfer service, could some organizations still be vulnerable? The answer is yes.

NewsPenguin Goes Phishing for Maritime & Military Secrets

A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year.

Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis?

Restricting the Twitter API will have implications across Twitter, the broader Internet, and society, experts say. Is there a cybersecurity silver lining, or will threat actors pay to play?

'Money Lover' Finance App Exposes User Data

A broken access control vulnerability could have led to dangerous follow-on attacks for users of the money-management app.

Rising 'Firebrick Ostrich' BEC Group Launches Industrial-Scale Cyberattacks

The group's wanton attacks demonstrate that business email compromise is everything a hacker can want in one package: low risk, high reward, quick, easy, and low effort.

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status

Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps.

Federal Agencies Infested by Cyberattackers via Legit Remote Management Systems

Hackers don't need a key to get past your defenses if they can essentially teleport using RMMs, warns CISA and the NSA.

North Korea's Top APT Swindled $1B From Crypto Investors in 2022

The DPRK has turned crypto scams into big business to replenish its depleted state coffers.

'DragonSpark' Malware: East Asian Cyberattackers Create an OSS Frankenstein

Hackers cleverly cobbled together a suite of open source software — including a novel RAT — and hijacked servers owned by ordinary businesses.