LODEINFO, a backdoor malware distributed through spear-phishing attacks, undergoes updates and enhancements, posing a significant threat with its advanced features and targeted nature.
Bugcrowd reports a 151% increase in vulnerability submissions in the government sector, as well as notable increases in the retail, corporate services, and computer software sectors, highlighting the importance of crowdsourced security and bug bounty programs with open scopes.
Nudge Security offers a comprehensive platform that collaboratively works with employees to enhance SaaS security and governance, providing proactive monitoring, automated workflows, and vendor assessment capabilities.
Kasseika ransomware has adopted bring-your-own-vulnerable-driver (BYOVD) attacks, utilizing the Martini driver to disable antivirus software and encrypt files, with potential connections to the now-defunct BlackMatter ransomware group.
Social media giant X introduces passkeys as a more secure login option for its US users on iOS in response to a SIM swap attack on the SEC’s X account, highlighting the importance of strong security measures to protect against account takeover attacks.
A critical vulnerability in Google Kubernetes Engine (GKE) allows external threat actors to gain control over vulnerable clusters, potentially leading to lateral movement, cryptomining, denial-of-service attacks, and data theft.
