Vulnerabilities/Threats

In a new phishing tactic, faux chatbots establish a conversation with victims to guide them to malicious links, researchers say.

Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.

Two of Microsoft's Patch Tuesday updates need a do-over after causing certificate-based authentication errors.

To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.

QNAP is urging customers of its NAS products to update QTS and avoid exposing the devices to the Internet.

In the three months since the war started, Russian operatives and those allied with the nation's interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says.

Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.

Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.

Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.

For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.

System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.

Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.

Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.

As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare.

A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.