Latest Cybersecurity News
Stay Informed
Get the most recent updates and insights on cybersecurity to stay ahead of potential threats.
Explore Topics
- All News
- Vulnerabilities and Updates
- Malware and Threats
- Breaches
- United States Government
- International Government
- Blogs and Reports
New Banshee Stealer macOS Malware Priced At $3,000 Per Month
Cybercriminals are advertising a new macOS malware that they claim is capable of stealing a wide range of data from compromised systems. Named Banshee Stealer and believed to have been developed by Russian threat actors, the malware is advertised on cybercrime forums...
Netsuite Vulnerability Could Leave Thousands Of Websites Exposed
Researchers have warned of a new vulnerability in NetSuite’s SuiteCommerce tool that could expose sensitive data. Stemming from misconfigured access controls, the vulnerability leaves sensitive personally identifiable information (PII) exposed, including the full...
Google To Remove App From Pixel Devices Following Claims That It Made Phones Vulnerable
Google and a cybersecurity company are disputing over claims that an application on Android phones left the devices vulnerable to cyberattacks and spyware. On Thursday, cybersecurity company iVerify published a report about an Android package called "Showcase.apk”...
Microsoft Disables Bitlocker Security Fix, Advises Manual Mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. Tracked as CVE-2024-38058, this important severity security flaw can...
Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs
Researchers have found a way to manipulate the credential validation process in Microsoft Entra ID identity environments that they say attackers can use to bypass authentication in hybrid identity infrastructures. The attack would require an adversary to have admin...
Zero-Click Exploit Concerns Drive Urgent Patching Of Windows TCP/IP Flaw
Security experts are ratcheting up the urgency for Windows sysadmins to patch a pre-auth remote code execution vulnerability in the Windows TCP/IP stack, warning that zero-click exploitation is very likely. Technical details on the vulnerability, tracked as...
Copy2Pwn Zero-Day Exploited To Bypass Windows Protections
Trend Micro’s Zero Day Initiative (ZDI) has detailed a recently patched zero-day vulnerability that cybercriminals have exploited to bypass Windows protections. The flaw, tracked as CVE-2024-38213 and named Copy2Pwn by ZDI, was fixed by Microsoft in June 2024, but it...
SolarWinds Web Help Desk Vulnerability Possibly Exploited As Zero-Day
The US cybersecurity agency CISA on Thursday warned that a fresh critical-severity vulnerability in SolarWinds Web Help Desk has been exploited in attacks. The bug, tracked as CVE-2024-28986 (CVSS score of 9.8), is described as a Java deserialization remote code...
Netsuite Vulnerability Could Leave Thousands Of Websites Exposed
Researchers have warned of a new vulnerability in NetSuite’s SuiteCommerce tool that could expose sensitive data. Stemming from misconfigured access controls, the vulnerability leaves sensitive personally identifiable information (PII) exposed, including the full...
Google To Remove App From Pixel Devices Following Claims That It Made Phones Vulnerable
Google and a cybersecurity company are disputing over claims that an application on Android phones left the devices vulnerable to cyberattacks and spyware. On Thursday, cybersecurity company iVerify published a report about an Android package called "Showcase.apk”...
Microsoft Disables Bitlocker Security Fix, Advises Manual Mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. Tracked as CVE-2024-38058, this important severity security flaw can...
Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs
Researchers have found a way to manipulate the credential validation process in Microsoft Entra ID identity environments that they say attackers can use to bypass authentication in hybrid identity infrastructures. The attack would require an adversary to have admin...
Zero-Click Exploit Concerns Drive Urgent Patching Of Windows TCP/IP Flaw
Security experts are ratcheting up the urgency for Windows sysadmins to patch a pre-auth remote code execution vulnerability in the Windows TCP/IP stack, warning that zero-click exploitation is very likely. Technical details on the vulnerability, tracked as...
Copy2Pwn Zero-Day Exploited To Bypass Windows Protections
Trend Micro’s Zero Day Initiative (ZDI) has detailed a recently patched zero-day vulnerability that cybercriminals have exploited to bypass Windows protections. The flaw, tracked as CVE-2024-38213 and named Copy2Pwn by ZDI, was fixed by Microsoft in June 2024, but it...
SolarWinds Web Help Desk Vulnerability Possibly Exploited As Zero-Day
The US cybersecurity agency CISA on Thursday warned that a fresh critical-severity vulnerability in SolarWinds Web Help Desk has been exploited in attacks. The bug, tracked as CVE-2024-28986 (CVSS score of 9.8), is described as a Java deserialization remote code...
New Banshee Stealer macOS Malware Priced At $3,000 Per Month
Cybercriminals are advertising a new macOS malware that they claim is capable of stealing a wide range of data from compromised systems. Named Banshee Stealer and believed to have been developed by Russian threat actors, the malware is advertised on cybercrime forums...
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
- NIST SP 800-61 Revision 1: Computer Security Incident Handling Guide
- NIST FIPS PUB 201-2: Personal Identity Verification of Federal Employees and Contractors DRAFT
- Live Webinar | Accelerating Secure DevOps: Proven Practices
- AI Rise: Can We Still Trust What We See?
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
- Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023
- Astra, Invary Raise Millions for AI-Powered Pentesting, Runtime Security
- Hacker Who Targeted NATO, US Army Arrested in Spain
- Five Eyes Agencies Release Guidance on Securing Edge Devices
- Security Teams Pay the Price: The Unfair Reality of Cyber Incidents
- SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
- Cisco Patches Critical Vulnerabilities in Enterprise Security Product
- The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025
- North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
- Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams
- Why Cybesecurity Giants Are Rushing to Acquire DSPM Startups
- AI Rise: Can We Still Trust What We See?
- NIST SP 800-61 Revision 1: Computer Security Incident Handling Guide
- NIST FIPS PUB 201-2: Personal Identity Verification of Federal Employees and Contractors DRAFT
- Live Webinar | Accelerating Secure DevOps: Proven Practices
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
- Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023
- SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
- The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025
- North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
- Top 3 Ransomware Threats Active in 2025
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
- Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
- Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
- Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks
All News
New Banshee Stealer macOS Malware Priced At $3,000 Per Month
Cybercriminals are advertising a new macOS malware that they claim is capable of stealing a wide range of data from compromised systems. Named Banshee Stealer and believed to have been developed by Russian threat actors, the malware is advertised on cybercrime forums...
Netsuite Vulnerability Could Leave Thousands Of Websites Exposed
Researchers have warned of a new vulnerability in NetSuite’s SuiteCommerce tool that could expose sensitive data. Stemming from misconfigured access controls, the vulnerability leaves sensitive personally identifiable information (PII) exposed, including the full...
Google To Remove App From Pixel Devices Following Claims That It Made Phones Vulnerable
Google and a cybersecurity company are disputing over claims that an application on Android phones left the devices vulnerable to cyberattacks and spyware. On Thursday, cybersecurity company iVerify published a report about an Android package called "Showcase.apk”...
Microsoft Disables Bitlocker Security Fix, Advises Manual Mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. Tracked as CVE-2024-38058, this important severity security flaw can...
Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs
Researchers have found a way to manipulate the credential validation process in Microsoft Entra ID identity environments that they say attackers can use to bypass authentication in hybrid identity infrastructures. The attack would require an adversary to have admin...
Zero-Click Exploit Concerns Drive Urgent Patching Of Windows TCP/IP Flaw
Security experts are ratcheting up the urgency for Windows sysadmins to patch a pre-auth remote code execution vulnerability in the Windows TCP/IP stack, warning that zero-click exploitation is very likely. Technical details on the vulnerability, tracked as...
Copy2Pwn Zero-Day Exploited To Bypass Windows Protections
Trend Micro’s Zero Day Initiative (ZDI) has detailed a recently patched zero-day vulnerability that cybercriminals have exploited to bypass Windows protections. The flaw, tracked as CVE-2024-38213 and named Copy2Pwn by ZDI, was fixed by Microsoft in June 2024, but it...
SolarWinds Web Help Desk Vulnerability Possibly Exploited As Zero-Day
The US cybersecurity agency CISA on Thursday warned that a fresh critical-severity vulnerability in SolarWinds Web Help Desk has been exploited in attacks. The bug, tracked as CVE-2024-28986 (CVSS score of 9.8), is described as a Java deserialization remote code...
New Banshee Stealer macOS Malware Priced At $3,000 Per Month
Cybercriminals are advertising a new macOS malware that they claim is capable of stealing a wide range of data from compromised systems. Named Banshee Stealer and believed to have been developed by Russian threat actors, the malware is advertised on cybercrime forums...
Netsuite Vulnerability Could Leave Thousands Of Websites Exposed
Researchers have warned of a new vulnerability in NetSuite’s SuiteCommerce tool that could expose sensitive data. Stemming from misconfigured access controls, the vulnerability leaves sensitive personally identifiable information (PII) exposed, including the full...
Google To Remove App From Pixel Devices Following Claims That It Made Phones Vulnerable
Google and a cybersecurity company are disputing over claims that an application on Android phones left the devices vulnerable to cyberattacks and spyware. On Thursday, cybersecurity company iVerify published a report about an Android package called "Showcase.apk”...
ALL NEWS
New Banshee Stealer macOS Malware Priced At $3,000 Per Month
Cybercriminals are advertising a new macOS malware that they claim is capable of stealing a wide range of data from compromised systems. Named Banshee Stealer and believed to have been developed by Russian threat actors, the malware is advertised on cybercrime forums...
Netsuite Vulnerability Could Leave Thousands Of Websites Exposed
Researchers have warned of a new vulnerability in NetSuite’s SuiteCommerce tool that could expose sensitive data. Stemming from misconfigured access controls, the vulnerability leaves sensitive personally identifiable information (PII) exposed, including the full...
Google To Remove App From Pixel Devices Following Claims That It Made Phones Vulnerable
Google and a cybersecurity company are disputing over claims that an application on Android phones left the devices vulnerable to cyberattacks and spyware. On Thursday, cybersecurity company iVerify published a report about an Android package called "Showcase.apk”...
Microsoft Disables Bitlocker Security Fix, Advises Manual Mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. Tracked as CVE-2024-38058, this important severity security flaw can...
Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs
Researchers have found a way to manipulate the credential validation process in Microsoft Entra ID identity environments that they say attackers can use to bypass authentication in hybrid identity infrastructures. The attack would require an adversary to have admin...
Vulnerabilities and Updates
Netsuite Vulnerability Could Leave Thousands Of Websites Exposed
Researchers have warned of a new vulnerability in NetSuite’s SuiteCommerce tool that could expose sensitive data. Stemming from misconfigured access controls, the vulnerability leaves sensitive personally identifiable information (PII) exposed, including the full...
Google To Remove App From Pixel Devices Following Claims That It Made Phones Vulnerable
Google and a cybersecurity company are disputing over claims that an application on Android phones left the devices vulnerable to cyberattacks and spyware. On Thursday, cybersecurity company iVerify published a report about an Android package called "Showcase.apk”...
Microsoft Disables Bitlocker Security Fix, Advises Manual Mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. Tracked as CVE-2024-38058, this important severity security flaw can...
Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs
Researchers have found a way to manipulate the credential validation process in Microsoft Entra ID identity environments that they say attackers can use to bypass authentication in hybrid identity infrastructures. The attack would require an adversary to have admin...
Zero-Click Exploit Concerns Drive Urgent Patching Of Windows TCP/IP Flaw
Security experts are ratcheting up the urgency for Windows sysadmins to patch a pre-auth remote code execution vulnerability in the Windows TCP/IP stack, warning that zero-click exploitation is very likely. Technical details on the vulnerability, tracked as...
Malware and Threats
New Banshee Stealer macOS Malware Priced At $3,000 Per Month
Cybercriminals are advertising a new macOS malware that they claim is capable of stealing a wide range of data from compromised systems. Named Banshee Stealer and believed to have been developed by Russian threat actors, the malware is advertised on cybercrime forums...