Unlike other speculative execution attacks like Spectre, Retbleed exploits return instructions rather than indirect jumps or calls.
State-affiliated APT groups seek sensitive information and try to learn story sources by targeting journalists' email and social media accounts.
The phishing web pages that this adversary-in-the-middle phishing campaign uses act as a proxy and pull content from the legitimate Office 365 login page.
APT group's use of a legitimate pen-testing tool gives them stealth capabilities, allowing them to avoid detection by EDR and antivirus tools.
The ZuoRAT remote access Trojan malware can compromise multiple router brands and likely has been active for years.
Criminal use of the LockBit ransomware as a service is growing rapidly thanks to updates to the malware and the decline of other ransomware gangs.
A new research project from OT:ICEFALL has uncovered 56 vulnerabilities in operational technology (OT) devices from 10 different vendors.
Researchers from Kaspersky Lab have published an analysis of a previously undocumented APT group that they have dubbed ToddyCat.
A proof-of-concept exploit could make Office 365 or Microsoft 365 documents stored on OneDrive or SharePoint inaccessible.
Researchers warn of a new worm that's infecting Linux servers by brute-forcing and stealing SSH credentials.
Researchers have come across a stealthy Linux backdoor that uses sophisticated techniques to hide itself on compromised servers and steal credentials.
Atlassian has issued emergency patches for the vulnerability, which could allow attackers to perform remote code execution.
Leaked Conti information show the ransomware gang likely completed a proof of concept to exploit Intel ME and rewrite its firmware.
The actively exploited flaw allows attackers to use malicious Word documents to perform remote code execution through Microsoft Support Diagnostic Tool.
The paid Assured Open Source Software service will offer common open source packages after vetting the provenance of its code and dependencies.
