New FCC Pilot Shores Up Security for K-12, Libraries
Data-rich and resource-poor, schools and libraries around the country make attractive targets for cybercriminals looking for an easy score, but…
New attack uses MSC files and Windows XSS flaw to breach networks
A novel command execution technique dubbed 'GrimResource' uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform…
‘SneakyChef’ APT Slices Up Foreign Affairs With SugarGh0st
Government ministries keep falling victim to relatively standard-fare cyber-espionage attacks, like this latest campaign with hazy Chinese links.
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has…
Developing a Plan to Respond to Critical CVEs in Open Source Software
Establishing a clear process for developers to respond to critical CVEs is essential for having a rapid and coordinated response.
‘Commando Cat’ Digs Its Claws into Exposed Docker Containers
Attackers are taking advantage of misconfigured containers to deploy cryptocurrency mining software.
Club Penguin fans breached Disney Confluence server, stole 2.5GB of data
Club Penguin fans hacked a Disney Confluence server to steal information about their favorite game but wound up walking away…
Chinese Threat Clusters Triple-Team a High-Profile Asia Government Org
A trio of Chinese-affiliated clusters performed specialized tasks in a broader attack chain, likely under the watch of a single…
Henry J. Heinz: Pittsburgh’s pious pickle pioneer
It is wise to be cynical about corporate do-gooding these days; the bigger the rainbow flag, the more likely it…
Google fixes eighth actively exploited Chrome zero-day this year
Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be…