Security News

Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) accounts. “While Device...

A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. “In the course of investigating,...

ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this cyberespionage...

The Department of the Treasury is sanctioning Chinese cybersecurity company Sichuan Silence, and one of its employees, Guan Tianfeng, for their roles in the April 2020 compromise of tens of...

A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player supply chain compromise, this...

Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code...

GenAI is quickly changing the software development process by automating tasks that once took developers hours, if not days, to complete, bolstering efficiency and productivity, according to Legit...

North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, phishing emails seemingly...

A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect...

Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense...