Security News

How to map and manage your cyber attack surface with EASM
2025-04-02 13:00

In today’s digital landscape, understanding your organization’s attack surface is crucial for maintaining robust cybersecurity. To effectively manage and mitigate the cyber-risks hiding in modern...

How SSL Misconfigurations Impact Your Attack Surface
2025-04-02 10:00

When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration...

Critical auth bypass bug in CrushFTP now exploited in attacks
2025-04-01 12:46

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. [...]

Case Study: Are CSRF Tokens Sufficient in Preventing CSRF Attacks?
2025-04-01 11:03

Explore how relying on CSRF tokens as a security measure against CSRF attacks is a recommended best practice, but in some cases, they are simply not enough. Introduction As per the Open Web...

Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks
2025-03-31 18:49

A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). [...]

North Korean hackers adopt ClickFix attacks to target crypto firms
2025-03-31 15:56

The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance...

Chinese FamousSparrow hackers deploy upgraded malware in attacks
2025-03-27 18:38

A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based trade organization. [...]

Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks
2025-03-27 14:10

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's...

Dozens of solar inverter flaws could be exploited to attack power grids
2025-03-27 12:00

Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor's cloud...

A Taxonomy of Adversarial Machine Learning Attacks and Mitigations
2025-03-27 11:00

NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures.