The National Institute of Standards and Technology has established new post-quantum encryption standards to combat future quantum computing threats, yet many organizations remain unprepared for the transition.
View full story…

A sophisticated malware campaign involving the Lumma information stealer, utilizing Hijack Loader artifacts signed with legitimate code-signing certificates, has been identified by cybersecurity researchers at HarfangLab.
View full story…

As the 2024 US presidential election approaches, various cyber adversaries, including state-sponsored actors and hacktivist groups, are exploiting misinformation, phishing scams, and generative AI technologies to undermine the integrity of the electoral process.
View full story…

The ErrorFather campaign, identified by Cyble Research and Intelligence Labs, employs a modified Cerberus-based Android Banking Trojan to execute sophisticated financial fraud through techniques such as keylogging, overlay attacks, and remote control via VNC.
View full story…

The ConfusedPilot cyber-attack, identified by researchers at the University of Texas at Austin, poses a significant risk to Retrieval-Augmented Generation (RAG) AI systems like Microsoft 365 Copilot by allowing attackers to manipulate AI-generated responses through malicious document content injection.
View full story…

The conflict between WP Engine and WordPress founder Matt Mullenweg over the forking of the Advanced Custom Fields plugin into Secure Custom Fields highlights significant security concerns and legal challenges within the open-source community.
View full story…

Nation-state actors from Russia, China, Iran, and North Korea are increasingly partnering with cybercriminal networks to bolster their cyberespionage and cyberattack efforts, blurring the lines between state-sponsored activities and criminal enterprises.
View full story…

Large Language Models (LLMs) pose significant security risks, including potential manipulation, data breaches, and advanced threats such as AI backdoors and prompt injections, which can compromise sensitive systems and data.
View full story…

Change Healthcare, a subsidiary of UnitedHealth Group, suffered a significant ransomware attack in February that potentially affected the data of one-third of the American population, with financial losses projected to exceed $2.3 billion in 2024.
View full story…

As cyber threats become increasingly sophisticated, organizations must adopt modern identity and access management practices, including generative AI and zero-trust models, to protect their digital assets and personnel.
View full story…

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about significant security vulnerabilities associated with unencrypted persistent cookies in F5 BIG-IP Local Traffic Manager, which could facilitate unauthorized network reconnaissance and cyberattacks.
View full story…

The US Department of Defense has released the final rule for the Cybersecurity Maturity Model Certification 2.0, mandating stricter cybersecurity measures for defense contractors handling Controlled Unclassified Information and Federal Contract Information, with implementation expected by mid-2025.
View full story…

Small and medium-sized businesses are increasingly susceptible to cyberattacks due to a critical shortage of in-house cybersecurity expertise, leading to heightened risks and poor incident response outcomes.
View full story…

Effective management of privileged access is essential for organizations to protect sensitive data from malicious actors and mitigate risks associated with privilege abuse, especially in the face of AI-driven cybersecurity threats.
View full story…