cyber2security blog

Kimsuky hackers use new recon tool to find security gaps

The North Korean Kimsuky hacking group has been observed employing…
Read more

Why Telecoms Struggle with SaaS Security

The telecom industry has always been a tantalizing target for…
Read more

Get 50% off Malwarebytes Premium + Privacy in this limited-time deal

If you are concerned about the security and privacy of your online…
Read more

New Fleckpe Android malware installed 600K times on Google Play

A new Android subscription malware named 'Fleckpe' has been spotted…
Read more

Brightline data breach impacts 783K pediatric mental health patients

Pediatric mental health provider Brightline is warning patients…
Read more

Level Finance crypto exchange hacked after two security audits

Hackers exploited a Level Finance smart contract vulnerability…
Read more

Police dismantles Try2Check credit card verifier used by dark web markets

The U.S. Department of Justice announced today the indictment…
Read more

1Password explains scary Secret Key and password change alerts

1Password says a recent incident that caused customers to receive…
Read more

Russian hackers use WinRAR to wipe Ukraine state agency’s data

The Russian 'Sandworm' hacking group has been linked to an attack…
Read more

FBI seizes 9 crypto exchanges used to launder ransomware payments

The FBI and Ukrainian police have seized nine cryptocurrency…
Read more

Facebook disrupts new NodeStealer information-stealing malware

Facebook discovered a new information-stealing malware distributed…
Read more

Researcher hijacks popular Packagist PHP packages to get a job

A researcher hijacked over a dozen Packagist packages—with…
Read more

Google will remove secure website indicators in Chrome 117

Google announced today that the lock icon, long thought to be…
Read more

Hackers exploit 5-year-old unpatched flaw in TBK DVR devices

Hackers are actively exploiting an unpatched 2018 authentication…
Read more

AppSec Making Progress or Spinning Its Wheels?

Software developers and application security specialists estimate…
Read more

Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor

The cyberattack campaign, similar to one to spread the Rhadamanthys…
Read more

Police operation ‘SpecTor’ arrests 288 dark web drug vendors and buyers

An international law enforcement operation codenamed 'SpecTor'…
Read more

How to Spot a ChatGPT Phishing Website

Scammers are leveraging the popularity of ChatGPT in phishing…
Read more

Google Chrome Drops Browser Lock Icon

Chrome 117 will retire the lock icon and replace it with a "tune"…
Read more

Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks

Build a culture of security so that everyone is on the lookout…
Read more

4 Principles for Creating a New Blueprint for Secure Software Development

Improving the security of the software development process is…
Read more

Meta Expunges Multiple APT, Cybercrime Groups From Facebook, Instagram

The company has removed three APTs and six potentially criminal…
Read more

Hotels at Risk From Bug in Oracle Property Management Software

Oracle's characterization of the vulnerability in its Opera software…
Read more

PrivateGPT Tackles Sensitive Info in ChatGPT Prompts

In an effort to curb employees from entering private data into…
Read more

Apple Debuts Its Rapid Response Security Update Approach

Smaller fixes deliver quick improvements for iPhones, iPads,…
Read more

‘BellaCiao’ Showcases How Iran’s Threat Groups Are Modernizing Their Malware

The dropper is being used in a Charming Kitten APT campaign that…
Read more

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks

Users of Advanced Custom Fields plugin for WordPress are being…
Read more

Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Installs Compromised

PHP software package repository Packagist revealed that an "attacker"…
Read more

Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry

An advanced persistent threat (APT) actor known as Dragon Breath has…
Read more

    (c) Bill Toulas
Read more

Western Digital says hackers stole customer data in March cyberattack

Western Digital has taken its store offline and sent customers…
Read more

Meet Akira — A new ransomware operation targeting the enterprise

The new Akira ransomware operation has slowly been building a…
Read more

Twitter says ‘security incident’ exposed private Circle tweets

Twitter disclosed that a 'security incident' caused private tweets…
Read more

New CS:GO map bypasses Russia’s censorship of Ukraine war news

Finish newspaper Helsingin Sanomat has created a custom Counter-Strike:…
Read more

Microsoft patches 3 vulnerabilities in Azure API Management

The vulnerabilities comprise url formatting bypasses and an unrestricted…
Read more

New PaperCut RCE exploit created that bypasses existing detections

A new proof-of-concept (PoC) exploit for an actively exploited…
Read more

The Merck appeal: cyber insurance and the definition of war

Pharmaceutical giant Merck’s won an appeal that might see it…
Read more

Top cybersecurity M&A deals for 2023

Uncertainty and instability marked the end of 2022 for many in…
Read more

New Cactus ransomware encrypts itself to evade antivirus

The Cactus ransomware operation has been active since at least…
Read more

Google launches entry-level cybersecurity certificate to teach threat detection skills

The six-month course requires no prior cybersecurity experience…
Read more

Patch manager Action1 to add vulnerability discovery, prioritization

Upcoming features will add new vulnerability management capabilities…
Read more

Malware disguised as ChatGPT apps are being used to lure victims, Meta says

Since March, Meta has discovered malware using ChatGPT and other…
Read more

Google rolls out passkey support across accounts on all major platforms

Passkeys for Google Accounts are available now while Google Workspace…
Read more

Attacks increasingly use malicious HTML email attachments

New research shows that up to a half of all HTML email attachments…
Read more

Vanta adds new SaaS capability to address growing concerns over vendor security

Vanta’s new offering aims to help customers streamline third-party…
Read more

oneM2M IoT security specifications granted ITU approval

The oneM2M specifications enable secure IoT data exchange and…
Read more

Samsung bans staff AI use over data leak concerns

Samsung has reportedly issued a memo prohibiting the use of generative…
Read more

11 security tools all remote employees should have

Compromised employee personal devices and accounts can disrupt…
Read more

Veza releases access security, governance solution for SaaS applications

Solution secures sensitive data in SaaS apps and integrates with…
Read more