cyber2security blog

Kimsuky hackers use new recon tool to find security gaps

The North Korean Kimsuky hacking group has been observed employing…

Why Telecoms Struggle with SaaS Security

The telecom industry has always been a tantalizing target for…

Get 50% off Malwarebytes Premium + Privacy in this limited-time deal

If you are concerned about the security and privacy of your online…

New Fleckpe Android malware installed 600K times on Google Play

A new Android subscription malware named 'Fleckpe' has been spotted…

Brightline data breach impacts 783K pediatric mental health patients

Pediatric mental health provider Brightline is warning patients…

Level Finance crypto exchange hacked after two security audits

Hackers exploited a Level Finance smart contract vulnerability…

Police dismantles Try2Check credit card verifier used by dark web markets

The U.S. Department of Justice announced today the indictment…

1Password explains scary Secret Key and password change alerts

1Password says a recent incident that caused customers to receive…

Russian hackers use WinRAR to wipe Ukraine state agency’s data

The Russian 'Sandworm' hacking group has been linked to an attack…

FBI seizes 9 crypto exchanges used to launder ransomware payments

The FBI and Ukrainian police have seized nine cryptocurrency…

Facebook disrupts new NodeStealer information-stealing malware

Facebook discovered a new information-stealing malware distributed…

Researcher hijacks popular Packagist PHP packages to get a job

A researcher hijacked over a dozen Packagist packages—with…

Google will remove secure website indicators in Chrome 117

Google announced today that the lock icon, long thought to be…

Hackers exploit 5-year-old unpatched flaw in TBK DVR devices

Hackers are actively exploiting an unpatched 2018 authentication…

AppSec Making Progress or Spinning Its Wheels?

Software developers and application security specialists estimate…

Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor

The cyberattack campaign, similar to one to spread the Rhadamanthys…

Police operation ‘SpecTor’ arrests 288 dark web drug vendors and buyers

An international law enforcement operation codenamed 'SpecTor'…

How to Spot a ChatGPT Phishing Website

Scammers are leveraging the popularity of ChatGPT in phishing…

Google Chrome Drops Browser Lock Icon

Chrome 117 will retire the lock icon and replace it with a "tune"…

Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks

Build a culture of security so that everyone is on the lookout…

4 Principles for Creating a New Blueprint for Secure Software Development

Improving the security of the software development process is…

Meta Expunges Multiple APT, Cybercrime Groups From Facebook, Instagram

The company has removed three APTs and six potentially criminal…

Hotels at Risk From Bug in Oracle Property Management Software

Oracle's characterization of the vulnerability in its Opera software…

PrivateGPT Tackles Sensitive Info in ChatGPT Prompts

In an effort to curb employees from entering private data into…

Apple Debuts Its Rapid Response Security Update Approach

Smaller fixes deliver quick improvements for iPhones, iPads,…

‘BellaCiao’ Showcases How Iran’s Threat Groups Are Modernizing Their Malware

The dropper is being used in a Charming Kitten APT campaign that…

Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Installs Compromised

PHP software package repository Packagist revealed that an "attacker"…

Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry

An advanced persistent threat (APT) actor known as Dragon Breath has…

    (c) Bill Toulas

Western Digital says hackers stole customer data in March cyberattack

Western Digital has taken its store offline and sent customers…

Meet Akira — A new ransomware operation targeting the enterprise

The new Akira ransomware operation has slowly been building a…

Twitter says ‘security incident’ exposed private Circle tweets

Twitter disclosed that a 'security incident' caused private tweets…

New CS:GO map bypasses Russia’s censorship of Ukraine war news

Finish newspaper Helsingin Sanomat has created a custom Counter-Strike:…

Microsoft patches 3 vulnerabilities in Azure API Management

The vulnerabilities comprise url formatting bypasses and an unrestricted…

New PaperCut RCE exploit created that bypasses existing detections

A new proof-of-concept (PoC) exploit for an actively exploited…

The Merck appeal: cyber insurance and the definition of war

Pharmaceutical giant Merck’s won an appeal that might see it…

Top cybersecurity M&A deals for 2023

Uncertainty and instability marked the end of 2022 for many in…

New Cactus ransomware encrypts itself to evade antivirus

The Cactus ransomware operation has been active since at least…

Google launches entry-level cybersecurity certificate to teach threat detection skills

The six-month course requires no prior cybersecurity experience…

Patch manager Action1 to add vulnerability discovery, prioritization

Upcoming features will add new vulnerability management capabilities…

Malware disguised as ChatGPT apps are being used to lure victims, Meta says

Since March, Meta has discovered malware using ChatGPT and other…

Google rolls out passkey support across accounts on all major platforms

Passkeys for Google Accounts are available now while Google Workspace…

Attacks increasingly use malicious HTML email attachments

New research shows that up to a half of all HTML email attachments…

Vanta adds new SaaS capability to address growing concerns over vendor security

Vanta’s new offering aims to help customers streamline third-party…

oneM2M IoT security specifications granted ITU approval

The oneM2M specifications enable secure IoT data exchange and…

Samsung bans staff AI use over data leak concerns

Samsung has reportedly issued a memo prohibiting the use of generative…

11 security tools all remote employees should have

Compromised employee personal devices and accounts can disrupt…

Veza releases access security, governance solution for SaaS applications

Solution secures sensitive data in SaaS apps and integrates with…