Google Chrome’s DBSC Now Generally Available to Prevent Account Takeovers
Google has officially made Device Bound Session Credentials (DBSC) generally available for the Chrome browser on Windows. This architectural upgrade delivers...
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
189 articles found
Google has officially made Device Bound Session Credentials (DBSC) generally available for the Chrome browser on Windows. This architectural upgrade delivers...
Authorities dismantle Russian-aligned hosting firm, FBI warns of in-person data thefts, and TrapDoor steals credentials via software supply chain attack.
A newly discovered malicious NuGet package disguised as a legitimate Sicoob software development kit (SDK) has been caught exfiltrating sensitive banking cre...
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest coo...
A sophisticated supply chain attack targeting the npm ecosystem has been uncovered, involving a malicious package named js-logger-pack that evolved into a po...
Delivered via phishing lures, the malware combines financial theft with data exfiltration and remote access. The post New BTMOB Android Malware Enables Full ...
A newly discovered malicious npm package is drawing attention across the cybersecurity community after inadvertently exposing its own operator’s private GitH...
Unit 42 explores trends in data theft and extortion, outlining key strategies for organizations as frontier AI models advance. The post Out of the Crypt: The...
SRG actors initiate attacks by posing as IT support staff, contacting victims via phone calls or phishing emails to solicit a remote desktop session.
In a public advisory issued Tuesday the FBI said a hacking group has targeted law firms using social engineering schemes to gain remote access to corporate s...
The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.
NightSpire has quickly emerged as a significant ransomware threat since its discovery in early 2025, combining classic double-extortion tactics with stealthy...
Published within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets. The post Laravel-Lang Packages Poisoned for Malware De...
Hackers are increasingly exploiting cloud identity and access management systems, and a methodical, sophisticated, and multi-layered attack, where a threat a...
Hackers have launched a large-scale software supply chain attack targeting developers across npm, PyPI, and Crates.io, compromising at least 34 open-source p...
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure...
European authorities have cracked down on a VPN that has been used for various criminal activities. The operation, led by investigators in France and the Net...
Key Findings Introduction During the recent geopolitical tensions in the Middle East, we reported on multiple Iran-nexus threat actors advancing Iran’s strat...
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub reposit...
In March 2026, attackers exploited a pull_request_target misconfiguration in the aquasecurity/trivy-action GitHub Action to exfiltrate organization and repos...