Exchange Server zero-day vulnerability can be triggered by opening a malicious email
A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon ...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1598 — Phishing for Information (Reconnaissance)
Clear filter138 articles found
Metasploit Wrap-Up 05/15/2026
Weaponizing a text editor for fun and profit Gather round, dear readers, because today, we (by we, we mean @h00die) dropped the ultimate persistence mechanis...
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around s...
Autonomous systems are finally working. Security is next
Waymo recently crossed a major milestone: Over 170 million autonomous miles driven without a single serious crash or injury. For years, autonomous driving wa...
The economics of ransomware 3.0
The moment every boardroom dreads There is a moment in almost every ransomware negotiation — usually around 36 hours, when legal, IT and the CFO are all in t...
Popular node-ipc npm Library Hit by Supply Chain Attack, Impacting 822K Weekly Downloads
A widely used npm package with more than 822,000 weekly downloads has once again become the center of a serious supply chain attack, raising fresh concerns a...
The Dark Side of Efficiency: When Network Controllers Become "God Mode" for Attackers
Imagine you build a massive corporate campus with every security control money can buy. Blast resistant doors.
Stop Chasing Threats: Top 3 Insights from the SANS Attack Surface Management Survey
Executive Summary The 2025 SANS ASM Survey highlights a clear shift in cybersecurity operations. Organizations are moving beyond fragmented, alert-driven sec...
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploit...
Sandworm Hackers Shift From IT Breaches to Critical OT Targets
A new wave of cyber activity linked to the notorious Sandworm group is raising fresh alarms across global critical infrastructure. Security researchers warn ...
What to do when your AI’s guardrails fail
I want to talk about the Microsoft 365 Copilot bug. Not because it was exceptional, but because what it exposed should change how every organization architec...
What CISOs need to land a board role
Cybersecurity leaders often have complex relationships with their boards. Many boards lack cyber expertise, and CISOs can encounter roadblocks as a result wh...
CERN’s open source KiCad library gives the world 17,000 circuit board components
CERN has released its complete KiCad component library under an open source license, making it available to hardware designers anywhere in the world. The lib...
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when ...
Windows BitLocker 0-Day Vulnerability Exposes Encrypted Drives to Unauthorized Access
A newly disclosed Windows zero-day, YellowKey, is attracting significant attention because it can bypass BitLocker protection and expose data on encrypted dr...
Critical Fortinet FortiSandbox Vulnerability Enables Code Execution Attacks
The ultimate irony in cybersecurity has just struck the very tool designed to catch and isolate deadly malware has become an open door for hackers. A newly d...
Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox
Fortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. For...
Alleged Dream Market admin arrested in Germany after US indictment
Court documents said Dream Market was launched in 2013 by Owe Martin Andresen and others before becoming one of the biggest criminal marketplaces online.
The CISO shortage: Finding leadership without a leader
Thanks to AI, full-time CISO services may become available to firms that can't afford a full-time CISO.
Google Enhances Android Mobile Security with New AI-powered Protections
Mobile devices have become ground zero for a ruthless wave of cyberattacks, with invisible threat actors draining bank accounts and hijacking digital identit...