In the digital age, the security of digital identities has become a defining challenge for organizations worldwide. As businesses embrace cloud computing, remote work, and interconnected ecosystems, digital identities representing users, devices, and applications have become prime targets for cybercriminals.…
Category: EN
Why Modern CISOs Must Be Business Translators, Not Just Technologists
The Chief Information Security Officer (CISO) role has fundamentally transformed today’s digital-first world. Once viewed primarily as technical guardians of the organizational perimeter, CISOs are now expected to be strategic partners who drive business value. As cyber threats become more…
3 Malware Tactics Used To Evade Detection By Corporate Security: See Examples
Some threats don’t kick down the door; they slip in, stay quiet, and wait. These days, attackers are playing the long game, using evasion techniques to hide in plain sight, delay detection, and make it harder for security teams to…
China’s Rare Earth Export Restrictions Poses Threat To US Defence
American think tank warns about possible threat to US defence, after China imposes rare earth export restrictions This article has been indexed from Silicon UK Read the original article: China’s Rare Earth Export Restrictions Poses Threat To US Defence
Beware! Online PDF Converters Tricking Users into Installing Password-Stealing Malware
CloudSEK’s Security Research team, a sophisticated cyberattack leveraging malicious online PDF converters has been demonstrated to target individuals and organizations globally. This attack, previously hinted at by the FBI’s Denver field office, involves the distribution of potent malware, known as…
Server-Side Phishing Attacks Target Employee and Member Portals to Steal Login Credentials
Attackers have been deploying server-side phishing schemes to compromise employee and member login portals across various enterprises. This strategic shift to server-side operations is designed to evade detection and complicate analysis. Evolving Phishing Techniques Recent investigations have highlighted a marked…
Congress Moves Closer to Risky Internet Takedown Law | EFFector 37.4
Sorry, EFF doesn’t hand out candy like the Easter Bunny, but we are here to keep you updated on the latest digital rights news with our EFFector newsletter! This edition of EFFector explains how you can help us push back…
What’s happening with MITRE and the CVE program uncertainty
Yesterday’s headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today. Overnight, the CVE Foundation emerged with a plan…
Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues…
6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin
On March 28th, 2025, we received a submission for an Arbitrary File Move vulnerability in Drag and Drop Multiple File Upload for WooCommerce, a WordPress plugin with more than 6,000 active installations. This vulnerability makes it possible for unauthenticated threat…
CISA Extends Support a Last Minute to CVE Program, Averting Global Cybersecurity Crisis
CISA announced an eleventh-hour contract extension with MITRE Corporation to maintain the Common Vulnerabilities and Exposures (CVE) program, narrowly avoiding a lapse in federal funding that threatened to destabilize vulnerability management worldwide. The move came just hours before the program’s…
Researchers Expose Medusa Ransomware Group’s Onion Site
Researchers have successfully infiltrated the digital fortress of one of the most prolific ransomware groups, Medusa Locker. Known for targeting critical sectors like healthcare, education, and manufacturing, the group has been responsible for numerous cyberattacks since its detection in 2019.…
Interlock Ransomware Uses Multi-Stage Attack Through Legitimate Websites to Deliver Malicious Browser Updates
The Interlock ransomware intrusion set has escalated its operations across North America and Europe with sophisticated techniques. Not falling under the typical Ransomware-as-a-Service (RaaS) category, Interlock operates independently, focusing primarily on Big Game Hunting and double extortion campaigns. This group’s…
CVE program gets last-minute funding from CISA – and maybe a new home
Feds extend vulnerability nerve-center contract at 11th hour In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) Program.… This article has been indexed from The Register – Security…
Vulnerability Summary for the Week of April 7, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a — n/a A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating…
ASML, Others Outline Impact Of Trump’s Tariffs
Chip making giant ASML mirrors other equipment makers, and outlines financial impact of Donald Trump’s tariffs This article has been indexed from Silicon UK Read the original article: ASML, Others Outline Impact Of Trump’s Tariffs
China Names US Operatives For Alleged Cyberattacks
China is reportedly pursuing three alleged US NSA operatives, after cyberattacks on Chinese infrastructure This article has been indexed from Silicon UK Read the original article: China Names US Operatives For Alleged Cyberattacks
Hackers Target Investors Through Fraud Networks to Steal Financial Data
Hackers have launched sophisticated schemes designed to defraud investors and steal their financial data. Utilizing digital platforms, encrypted messaging apps, and crypto transactions, these criminals exploit the rise of online investment platforms to conduct their fraudulent activities. Fraudulent networks employ…
How Apple plans to train its AI on your data without sacrificing your privacy
Apple’s solution is called ‘differential privacy’ – and it’s already been using it for Genmojis. This article has been indexed from Latest stories for ZDNET in Security Read the original article: How Apple plans to train its AI on your…
2025 Imperva Bad Bot Report: How AI is Supercharging the Bot Threat
Bad bots continue to target organizations across every industry and geography, but the rise of Artificial Intelligence (AI) is fueling bot attacks, making them more intelligent and more evasive than ever before. For over twelve years, Imperva has been dedicated…