Trend Micro

JUNE 16, 2025

This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data.

DDOS 119

DDOS 119

Graham Cluley

OCTOBER 17, 2024

Read more in my article on the Tripwire State of Security blog. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day.

Ransomware 136

Ransomware Encryption Healthcare Data breaches 136

Schneier on Security

AUGUST 28, 2024

Matthew Green wrote a really good blog post on what Telegram’s encryption is and is not.

Encryption 324

Encryption 324

Troy Hunt

MARCH 30, 2025

On that note, stay tuned for the promised "Passkeys for Normal People" blog post, I hope to be talking about that in next week's video (travel schedule permitting). I've no doubt whatsoever this is a net-positive event that will do way more good than harm.

Phishing 237

Phishing Data breaches Scams 237

Troy Hunt

JULY 2, 2025

I alluded to Truyu being an excellent example of a potential partner in the aforementioned blog post, so their inclusion in this program should come as no surprise, but let me embellish further. If that happens as a result of the Qantas breach, at least I'm going to know about it early.

Data breaches 188

Data breaches Financial Services Passwords Hacking 188

Graham Cluley

OCTOBER 24, 2024

Read more in my article on the Tripwire State of Security blog. And the recent discovery of a new malware strain emphasises that the threat - even if much smaller than on Windows - remains real.

Ransomware 139

Ransomware Malware 139

Krebs on Security

MARCH 14, 2025

. “This campaign delivers multiple families of commodity malware, including XWorm, Lumma stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT,” Microsoft wrote in a blog post on Thursday. “Depending on the specific payload, the specific code launched through mshta.exe varies.

Phishing 297

Phishing Scams Malware Passwords 297

Trend Micro

JUNE 17, 2025

This blog breaks down the attack chain. A recent attack campaign took advantage of exposed Docker Remote APIs and used the Tor network to deploy a stealthy cryptocurrency miner.

Cryptocurrency 126

Cryptocurrency Malware 126

Malwarebytes

MARCH 26, 2025

Through an automated attack disguised as a notice from Hunts chosen newsletter provider Mailchimp, scammers stole roughly 16,000 records belonging to current and past subscribers of Hunts blog. The email claimed that Mailchimp was temporarily cutting service to Hunt because his blog had allegedly received a spam complaint. Hunt wrote.

Phishing 112

Phishing Data breaches Scams Password Management 112

Krebs on Security

MARCH 11, 2025

. “Garantex has been used in sanctions evasion by Russian elites, as well as to launder proceeds of crime including ransomware, darknet market trade and thefts attributed to North Koreas Lazarus Group,” Elliptic wrote in a blog post.

Ransomware 292

Ransomware Cryptocurrency Marketing Government 292

Schneier on Security

JULY 19, 2024

He’s written a blog post about what he’s learned and what comes next. Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director.

302

302

Troy Hunt

MARCH 3, 2025

But the confusing nature of stealer logs coupled with an overtly long blog post explaining them and the conflation of which services needed a subscription versus which were easily accessible by anyone made for a very intense last 6 days. That was a bit intense, as is usually the way after any large incident goes into HIBP.

Passwords 251

Passwords Accountability Malware 251

Graham Cluley

JUNE 28, 2025

Read more in my article on the Hot for Security blog. Suspected high-ranking members of one of the world's largest online marketplaces for leaked data have been arrested by French police.

Cybercrime 103

Cybercrime Data breaches 103

Schneier on Security

JUNE 25, 2025

I’ll quote the last section, “User Interaction Metadata”, in full because it includes some interesting specific technical notes: [Blog editor note: The list below has been reformatted for as a numbered list for readability.] Topics were discussed between June 2024 and October 2024. User is currently in United States.

Architecture 328

Architecture Surveillance Accountability VPN 328

Krebs on Security

OCTOBER 17, 2024

. “Where their potential impact becomes really significant is when they then acquire access to thousands of other machines — typically misconfigured web servers — through which almost anyone can funnel attack traffic,” Amazon explained in a blog post.

DDOS 284

DDOS Government Internet Internet 284

Krebs on Security

JANUARY 7, 2025

The image that Lookout used in its blog post for Crypto Chameleon can be seen in the lower right hooded figure. That latter domain was created and deployed shortly after Lookout published its blog post on Crypto Chameleon. com and two other related control domains — thebackendserver[.]com com and lookoutsucks[.]com.

Phishing 346

Phishing Cryptocurrency Accountability Social Engineering 346

Security Boulevard

DECEMBER 9, 2024

This blog post explores how maintaining USB security mitigates insider threats and fosters a secure workplace environment. The post The Role of USB Security in Combating Insider Threats appeared first on Security Boulevard.

Software 132

Software Security Awareness Cybersecurity 132

Graham Cluley

JUNE 25, 2025

Read more in my article on the Hot for Security blog. A new INTERPOL report has sounded the alarm over a dramatic increase in cybercrime across Africa, with digital crime now accounting for a significant proportional of all criminal activity across the continent.

Cybercrime 95

Cybercrime Accountability Phishing Ransomware 95

Krebs on Security

JANUARY 14, 2025

Further reading on today’s patches from Microsoft: Tenable blog SANS Internet Storm Center Ask Woody And if you run into any problems installing this month’s patch batch, drop a line in the comments below, please.

Artificial Intelligence 303

Artificial Intelligence Social Engineering Encryption Internet 303

Graham Cluley

JUNE 27, 2025

Find out how it is different from other ransomware, and read more in my article on the Fortra blog. SafePay is a relatively new ransomware that is making a big impact.

Ransomware 111

Ransomware Malware 111

Penetration Testing

NOVEMBER 5, 2024

A recent blog by security researcher Hossam Ehab has detailed an advanced technique for process injection through manipulation of the Kernel Callback Table within the Process Environment Block (PEB) on... The post Stealthy Process Injection: New Kernel Callback Table Technique Exposed appeared first on Cybersecurity News.

Cybersecurity 113

Cybersecurity Malware 113

Graham Cluley

JUNE 20, 2025

Read more in my article on the Hot for Security blog. Krispy Kreme, the dispenser of delectable doughnuts, has revealed that an astonishingly wide range of personal information belonging to past and present employees, as well as members of their families, was accessed by hackers during a cyber attack last year.

Hacking 97

Hacking Cyber Attacks Data breaches 97

Schneier on Security

SEPTEMBER 17, 2024

On this blog, let’s stick to the tech and the security ramifications of the threat. And it seems to be a large detonation for an overloaded battery. This reminds me of the 1996 assassination of Yahya Ayyash using a booby trapped cellphone. EDITED TO ADD: I am deleting political comments.

69

69

Adam Shostack

JANUARY 2, 2025

That the White House is involved should not be a shocker to readers of this blog, and it represents a fascinating state of the evolution of the conversation around memory safety that it would reach that level. Blog overview or direct link.) Regulation The White House released a report on memory safe languages.

Software 130

Software Advertising Hacking 130

Heimadal Security

JULY 7, 2025

That’s why we’re excited to launch Threat Watch Live, our new monthly webinar series designed to […] The post Introducing Threat Watch Live: Heimdal’s New Monthly Cybersecurity Intelligence Webinar appeared first on Heimdal Security Blog.

Cybersecurity 89

Cybersecurity 89

Heimadal Security

NOVEMBER 1, 2024

The same threat actors breached the tech giant earlier this week and are responsible for the notorious SolarWinds supply chain attack […] The post Microsoft Warns: Midnight Blizzard’s Ongoing Spear-Phishing Campaign with RDP Files appeared first on Heimdal Security Blog.

Phishing 98

Phishing Cybersecurity 98

Graham Cluley

MAY 16, 2025

Read more in my article on the Fortra blog. Ascension, one of the largest private healthcare companies in the United States, has confirmed that the personal data of some 437,329 patients has been exposed following an attack by cybercriminals.

Healthcare 98

Healthcare Data breaches 98

Schneier on Security

MARCH 21, 2025

The UK’s National Computer Security Center (part of GCHQ) released a timeline —also see their blog post —for migration to quantum-computer-resistant cryptography. It even made The Guardian.

250

250

Krebs on Security

MAY 22, 2025

Further reading: Danabot: Analyzing a Fallen Empire ZScaler blog: DanaBot Launches DDoS Attack Against the Ukrainian Ministry of Defense Flashpoint: Operation Endgame DanaBot Malware March 2022 criminal complaint v. Separately, Microsoft filed a civil lawsuit to seize control over 2,300 domain names used by Lumma Stealer and its affiliates.

Malware 267

Malware Cybercrime Government Banking 267

Schneier on Security

AUGUST 12, 2024

Through this analysis, we illuminate key and novel patterns in misuse during this time period, including potential motivations, strategies, and how attackers leverage and abuse system capabilities across modalities (e.g. image, text, audio, video) in the wild. Note the graphic mapping goals with strategies.

Artificial Intelligence 321

Artificial Intelligence Risk 321

Cisco Security

JUNE 16, 2025

Learn what sets Cisco XDR apart in our blog. Cisco has been named a Leader and Fast Mover in GigaOm's Radar for Extended Detection and Response (XDR).

97

97

Krebs on Security

OCTOBER 30, 2024

“Affected insurance providers can contact us to prevent leaking of their own data and [remove it] from the sale,” RansomHub’s victim shaming blog announced on April 16. A few days after BlackCat imploded, the same stolen healthcare data was offered for sale by a competing ransomware affiliate group called RansomHub.

Healthcare 310

Healthcare Insurance Computers and Electronics Data breaches 310

Heimadal Security

NOVEMBER 22, 2024

The same agencies issued a joint advisory in May that warned about BianLian’s shifting tactics, which […] The post CISA: BianLian Ransomware Focus Switches to Data Theft appeared first on Heimdal Security Blog.

Ransomware 104

Ransomware Cybersecurity 104

Heimadal Security

JANUARY 16, 2025

This article outlines the crucial steps for aligning with NIS2 standards, drawn from our comprehensive NIS2 […] The post Your Ultimate Guide to NIS2 Compliance: Key Steps and Insights appeared first on Heimdal Security Blog.

Cyber Risk 111

Cyber Risk Risk Cybersecurity 111

Adam Shostack

FEBRUARY 18, 2025

If youve read my recent blog post on Hoarding, Debt and Threat Modeling , youll hear me reiterate how people often try to model everything at once and get overwhelmed in the process. I wanted to share some key themes we explored. One of the core messages I emphasized is how we can make threat modeling more accessible.

130

130

NSTIC

FEBRUARY 26, 2025

To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 !

Cybersecurity 108

Cybersecurity 108

Adam Shostack

JANUARY 2, 2025

Google has released information on their Secure by Design commitment, including a blog and white paper. Were launching a course, Scaling Threat Modeling , and theres a survey at the end of that blog announcement. Adam participated in the keynote, and we talked to lots of folks about how we can help them threat model. (If

Manufacturing 130

Manufacturing Data breaches Software Cybersecurity 130