Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors
The Russia-linked influence operation called Doppelganger has targeted Ukrainian, U.S., and German audiences through a combination of inauthentic news sites and social media accounts. These campaigns are designed to amplify
A new “post-exploitation tampering technique” can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it’s actually
Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a now-patched critical security flaw in its Outlook email service to gain unauthorized access to victims’ accounts within Exchange servers.
A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what’s suspected to be a cyber espionage mission.
New research has found that over 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. “More than 9,000 repositories are vulnerable to repojacking due to GitHub
Microsoft Copilot has been called one of the most powerful productivity tools on the planet. Copilot is an AI assistant that lives inside each of your Microsoft 365 apps —
Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to “hands-on-keyboard activity
The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the
Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that’s capable of targeting routers and IoT devices. The latest version, per Cado Security Labs, is compiled for Microprocessor