Guides, playbooks, and learning resources to level up your cybersecurity knowledge and keep your organization secure.
GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential rotation.
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools.
The US government has warned that Iran-linked hackers are manipulating PLCs and SCADA systems to cause disruption.
A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks.
Attackers could exploit these vulnerabilities in denial-of-service, information disclosure, and arbitrary code execution attacks.
AI browser extensions increase enterprise risk with 60% higher vulnerabilities, bypassing DLP controls and exposing sensitive data.
The critical vulnerabilities affect Chrome’s WebML component and they have been reported by anonymous researchers.
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools.
The document provides a behavior-based model of the tactics and techniques employed by fraudsters.
Within nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild.
Google releases DBSC in Chrome 146 for Windows, binding cookies to devices to reduce session theft and prevent unauthorized access.
New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication.
