XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack
Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse.
Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse.
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three…
The infamous vulnerability may be on the older side at this point, but North Korea's primo APT Lazarus is creating…
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a…
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact…
Conferences are where vendors and security researchers meet face to face to address problems and discuss solutions — in public.
Developers need more software security safeguards earlier in the process, especially as AI becomes more common.
A software bills of materials standard gets an update, but the driver is compliance rather than security.
Security analysts have discovered a previously undocumented remote access trojan (RAT) named 'EarlyRAT,' used by Andariel, a sub-group of the…
The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach…