Vulnerabilities/Threats

The Israeli company developed highly-targeted, mobile malware that would make any APT jealous.

The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring.

In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.

Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting.

CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.

So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.

The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.

Attackers exclusively target Windows users with an impersonation website that distributes information-stealing malware.

Artificial intelligence and machine learning aren't yet delivering on their cybersecurity promises. How can we close the gaps?

Many organizations are not prepared to respond to all the constituencies that come knocking after a breach or ransomware incident.

One of the already-patched flaws enables elevation of privilege, while the other enables remote code execution.

Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.

Researchers spot attackers using an existing phishing obfuscation tactic in order to better ensure recipients fall for their scam.

Sophisticated attacks on MGM and Caesars underscore the reality that even robust identity and access management may not be enough to protect you.

Ransomware-as-a-service affiliate ShadowSyndicate is unusual for the size of its malicious infrastructure and the fact that it's distributing seven different ransomware strains.