Breaking the trade-off: Full email security without deployment friction
How API-based security is redefining email protection in the face of escalating human risk.
SC Media
20 articles
DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet... - SWN #569
Stryker back online after cyberattack
BleepingComputer reports that major U.S.
Over 257K compromised in Texas hospital hack
Texas-based Nacogdoches Memorial Hospital had personal and medical information from 257,073 patients stolen following a cyberattack in January, Cybernews rep...
Brokk purportedly hacked by Play ransomware, data leaked
Brokk, a leading Swedish global remote-controlled demolition machinery manufacturer, had a 4 GB dataset allegedly stolen from its systems exposed by the Russ...
Malicious LNK files, GitHub leveraged in South Korea-targeted malware campaign
Infosecurity Magazine reports that Windows users across South Korea have been subjected to attacks involving illicit LNK files that trigger multi-stage compr...
Bogus installers facilitate RAT, cryptominer spread in long-running operation
Threat operation REF1695 has been harnessing counterfeit installers to facilitate multiple attack campaigns delivering remote access trojans and cryptocurren...
Accelerated Akira ransomware intrusions examined
CyberScoop reports that increasingly efficient techniques have significantly reduced the Akira ransomware operation's attack times.
Multiple EU entities impacted by European Commission breach, CERT-EU says
At least 29 other European Union entities were disclosed by CERT-EU to have had their data compromised following the TeamPCP supply chain attack against the ...
Threat actors impersonate CERT-UA, distribute AGEWHEEZE malware
The campaign targeted approximately 1 million users across various sectors, including government, healthcare, education, and finance.
The complexity crisis in network security: Why policy governance matters
Only firm policy governance can tame the rampant growth of complexity across enterprise environments.
Axios maintainer’s post mortem confirms social engineering by UNC1069
Jason Saayman says he installed a remote access trojan disguised as a Teams update.
Duc App exposes hundreds of thousands of personal records due to server misconfiguration
The exposed data included unencrypted driver's licenses, passports, and other identity verification documents, along with selfies and personal information su...
Storm infostealer bypasses Chrome encryption, targets crypto wallets
Discovered by Varonis Threat Labs, Storm infostealer operates as a malicious subscription service, targeting multiple browsers like Chrome, Edge, Firefox, an...
Fraudsters exploit vacant properties and postal services for identity theft
The tutorial, analyzed by Flare, outlines a low-cost, difficult-to-detect workflow that begins with identifying vacant residential properties, often found by...
Residential proxies undermine IP reputation systems, researchers warn
A recent analysis by GreyNoise, examining 4 billion malicious sessions, found that approximately 39% originated from home networks, likely part of residentia...
Claude Code leak leveraged to distribute malware
Researchers at Zscaler's ThreatLabz discovered a GitHub repository disguised as a leaked TypeScript source code for Anthropic's Claude Code CLI.
Internet-connected coffee machine reportedly led to data breach
A digital forensics investigator, identified only as TR, was called in when a client suspected a rival had infiltrated their systems after a data breach.
Chaos malware now targeting 64-bit Linux servers
Analysis of China-nexus groups also discovers double-pronged strategy, one on immediacy, the other around long dwell times.
ISC2 integrates AI security into cybersecurity certifications
The new Exam Guidance for Artificial Intelligence maps AI concepts across more than 50 core cybersecurity exam domains.