Category: Security

Microsoft announced that passwordless authentication is now easier on Windows 11 through native support for third-party passkey managers, the first ones supported being 1Password and Bitwarden. […]

Read more →

The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement’s Operation Endgame disrupted its activity in May. […]

Read more →

The Rhadamanthys infostealer operation has been disrupted, with numerous “customers” of the malware-as-a-service reporting that they no longer have access to their servers. […]

Read more →

A Chinese woman known as the “Bitcoin Queen” was sentenced in London to 11 years and eight months in jail for laundering Bitcoin from a £5.5 billion ($7.3 billion) cryptocurrency investment scheme. […]

Read more →

SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. […]

Read more →

GlobalLogic, a provider of digital engineering services part of the Hitachi group, is notifying over 10,000 current and former employees that their data was stolen in an Oracle E-Business Suite (EBS) data breach. […]

Read more →

A sudden CPU spike turned out to be the first clue of an in-progress RansomHub ransomware attack. Varonis breaks down how their team traced the attack from fake browser updates to domain-admin takeover, ultimately stopping the attack before files were encrypted. […]

Read more →

Many organizations still struggle to patch fast enough to prevent breaches. Join us December 2 at 2PM ET to learn how modern patch management strategies can reduce risk and close the remediation gap. […]

Read more →

North Korean hackers from the KONNI activity cluster are abusing Google’s Find Hub tool to track their targets’ GPS positions and trigger remote factory resets of Android devices. […]

Read more →

Deeper Network Promo

A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users’ credentials. […]

Read more →

A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. […]

Read more →

Small and medium-size businesses (SMBs) face a daunting cybersecurity landscape. With 29% of businesses with fewer than 25 employees and nearly one in five midsize SMBs (19%) having experienced ransomware attacks in 2025, the threat is no longer theoretical; it’s a statistical inevitability. And as the holiday season approaches, these challenges intensify dramatically. Cyberattacks traditionally spike…

Read more →

Attackers are increasingly phishing over LinkedIn to reach executives and bypass email security tools. Push Security explains how real-time browser protection detects and blocks phishing across apps and channels as users load malicious pages. […]

Read more →

Attacks have gotten out of hand No amount of emphasis can truly demonstrate how dangerous the current threat landscape is. According to the latest ransomware report by Sophos, the average ransomware demand has now reached $1 million, while average recovery costs stand at $1.5 million. However, that’s not all. Some organizations are paying even higher…

Read more →

NAKIVO Backup & Replication v11.1 expands disaster recovery with real-time replication, enhanced Proxmox VE support, and granular physical backups. The update adds MSP Direct Connect for secure client management and a multilingual interface supporting seven languages. […]

Read more →

The Swiss National Cyber Security Centre (NCSC) is warning iPhone owners about a phishing scam that claims to have found your lost or stolen iPhone but is actually trying to steal your Apple ID credentials. […]

Read more →

The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 times. […]

Read more →

Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. […]

Read more →

Red and blue teams often operate independently, but attackers don’t. Picus Security shows how continuous purple teaming and BAS turn red-blue rivalry into real defense, validating controls and closing gaps in real time. […]

Read more →

ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic  detection of the operating system to provide the correct commands. […]

Read more →

Cisco has released security updates to patch a critical vulnerability in the Unified Contact Center Express (UCCX) software, which could enable attackers to execute commands with root privileges. […]

Read more →

width=”2496″ height=”1404″ sizes=”auto, (max-width: 2496px) 100vw, 2496px”>Die Beschuldigten sollen zur Abwicklung von Zahlungen vier große deutsche Zahlungsdienstleister kompromittiert haben. Andrea Danti – shutterstock.com Bei der Razzia gegen mutmaßliche Betrugs- und Geldwäschenetzwerke auf drei Kontinenten sind auch 29 Objekte in Deutschland durchsucht worden. In Baden-Württemberg, Bayern, Berlin, Hessen, Rheinland-Pfalz, Sachsen, Hamburg und Schleswig-Holstein waren mehr als…

Read more →

Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine’s education, government, and the grain sector, the country’s main revenue source. […]

Read more →

The Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to promote fake websites that distribute the malware. […]

Read more →

Hyundai AutoEver America is notifying individuals that hackers breached the company’s IT environment and gained access to personal information. […]

Read more →

SonicWall’s investigation into the September security breach that exposed customers’ firewall configuration backup files concludes that state-sponsored hackers were behind the attack. […]

Read more →

Under a new partnership with the government aimed at combating fraud, Britain’s largest mobile carriers have committed to upgrading their networks to eliminate scammers’ ability to spoof phone numbers within a year. […]

Read more →

Security teams rely on dashboards and data feeds, but outdated or fragmented tools leave dangerous blind spots across assets, vulnerabilities, and credentials. Learn how Outpost24’s CompassDRP unifies EASM and DRP to reveal what attackers see and what’s already exposed. […]

Read more →

International authorities have dismantled three massive credit card fraud and money laundering networks, linked to losses exceeding €300 million ($344 million), which affected over 4.3 million cardholders across 193 countries. […]

Read more →

The U.S. Treasury Department imposed sanctions on two North Korean financial institutions and eight individuals involved in laundering cryptocurrency stolen in cybercrime and fraudulent IT worker schemes. […]

Read more →

The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. […]

Read more →