Vulnerabilities/Threats

An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.

The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.

Analysts have seen a massive spike in malicious activity by the XorDdos trojan in the last six months, against Linux cloud and IoT infrastructures .

A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.

In a new phishing tactic, faux chatbots establish a conversation with victims to guide them to malicious links, researchers say.

Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.

Two of Microsoft's Patch Tuesday updates need a do-over after causing certificate-based authentication errors.

To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.

QNAP is urging customers of its NAS products to update QTS and avoid exposing the devices to the Internet.

In the three months since the war started, Russian operatives and those allied with the nation's interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says.

Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.

Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.

Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.

For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.

System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.