Cyber security researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack.
Ransom Cartel, a RaaS operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil and Conti.
Abusing variants of legitimate penetration testing tools has become a standard tactic for many attackers seeking to fool security teams.
A group of attackers, likely based in Vietnam, that specialises in targeting employees with potential access to Facebook business has re-emerged.
On the naughty list this year are a host of bad actors employing a huge variety of different bot attacks that can have a big impact on retail websites.
Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.
The OpenSSL project released a patch for two high severity vulnerabilities in the world’s most widely used cryptographic library.
Distributing malware inside password-protected archives has long been one of the main techniques used by attackers to bypass email security filters.
The number of ransomware attacks observed over the previous three months declined compared to the previous quarter, according to new reports.
Most companies believe they are using no open source software libraries with known vulnerabilities, but new research finds them in 68 per cent of selected enterprise applications.
Researchers have discovered a new attack framework of Chinese origin that they believe is being used in the wild.
Global encryption keys were hardcoded on some programmable logic controller product lines. Siemens recommends upgrading all affected devices.
Hacker group Lazarus has begun exploiting a known vulnerability in an OEM driver developed by Dell to evade detection by security solutions.
Attackers are currently exploiting two unpatched vulnerabilities to remotely compromise on-premises Microsoft Exchange servers.
A possibly new threat actor packaged and deployed back-doors as vSphere Installation Bundles, gaining remote code execution and persistence capabilities.