Security News

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect...

Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. [...]

Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using...

Crew helped lowlifes generate X-rated celeb deepfakes using Redmond's OpenAI-powered cloud – claim Microsoft has named four of the ten people it is suing for allegedly snatching Azure cloud...

Since early 2024, ESET researchers have been tracking DeceptiveDevelopment, a series of malicious campaigns linked to North Korea-aligned operators. Disguising themselves as software development...

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via...

'Near-global' initial access campaign active since 2021 An initial-access subgroup of Russia's Sandworm last year wriggled its way into networks within the US, UK, Canada and Australia, stealing...

The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new...

A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication...

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat...