Security News

ShinyHunters-linked heist thought to have been ongoing since March Exclusive A massive online heist targeting AWS customers during which digital crooks abused misconfigurations in public websites...

A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. [...]

Datadog advises Australian and APAC companies to phase out long-lived cloud credentials.

The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately...

Attackers leveraging virtual private network (VPN) vulnerabilities and weak passwords for initial access contributed to nearly 30% of ransomware attacks, according to Corvus Insurance. According...

Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android's...

In this Help Net Security video, Tina Srivastava, MIT Lecturer and CEO of Badge, discusses a 20-year cryptography problem – using biometrics for authentication without storing a face/finger/voice...

No word on when or if the issue will be fixed Chinese government-linked snoops are exploiting a zero-day bug in Fortinet's Windows VPN client to steal credentials and other information, according...

Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials. [...]

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number...