Security News > 2024 > November

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per...

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed...

Over 5 million records from 25 organizations posted to black hat forum Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability.…

North Korean threat actors target Apple macOS systems using trojanized Notepad apps and minesweeper games created with Flutter, which are signed and notarized by legitimate Apple developer IDs. [...]

Threat actors with ties to the Democratic People's Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has...

If you’re wondering whether your personal and financial data has been compromised in the massive Hot Topic breach, you can use two separate online tools to check: Have I Been Pwned? or...

I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will...

Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it’s now being reimagined as a...

A threat actor who goes by the online moniker “Nam3L3ss” has leaked employee data belonging to a number of corporations – including Amazon, 3M, HSBC and HP – ostensibly compromised during the May...

It’s easy to see why identity security is often synonymous with user security. Social engineering tactics are the mainstay of the threat actor’s arsenal, and it’s rare to find an attack that...