Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote...
Russian Hackers Had Covert Access to Ukraine’s Telecom Giant for Months
Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar's systems at least since May...
New Bandook RAT Variant Resurfaces, Targeting Windows Machines
A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows machines,...
Three Ways To Supercharge Your Software Supply Chain Security
Section four of the "Executive Order on Improving the Nation's Cybersecurity" introduced a lot of people in tech to the concept of a "Software...
Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners
Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected...
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT
The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software."The group's...
Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack
American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker...
Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to...
5 Ways to Reduce SaaS Security Risks
As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves...
SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails
A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender...