Linux kernel impacted by new SLUBStick cross-cache attack
A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary…
China’s APT41 Targets Taiwan Research Institute for Cyber Espionage
The state-sponsored Chinese threat actor gained access to three systems and stole at least some research data around computing and…
Don’t Let Your Domain Name Become a “Sitting Duck”
More than a million domain names -- including many registered by Fortune 100 firms and brand protection companies -- are…
The Other Lesson from the XZ Utils Supply-Chain Attack
“The best supply chain attack execution ever seen” might sound like yet another hyperbole designed to attract attention, except in…
Changing the Passive to Active: Updating SaaS Cybersecurity Strategy with Threat Management
The massive Snowflake breach disclosed recently, involving hundreds of millions of stolen customer records, is a stark wake-up call for…
Wanted: A SBOM Standard to Rule Them All
A unified standard is essential for realizing the full potential of SBOMs in enhancing software supply chain security.
DNS hijacks target crypto platforms registered with Squarespace
A wave of coordinated DNS hijacking attacks targets decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing…
‘Crystalray’ Attacks Jump 10X, Using Only OSS to Steal Credentials
Remember when hackers used to write their own malware? Kids these days don't want to work, they just want freely…
What’s Bugging the NSA? A Vuln in Its ‘SkillTree’ Training Platform
Even the NSA leaves bugs in its software. In this case, it's the kind of cross-site issue that regularly slips…
‘CloudSorcerer’ Leverages Cloud Services in Cyber-Espionage Campaign
The newly discovered APT's main weapon is a malware tool that can change behavior depending on the process in which…