Vulnerabilities/Threats

Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.

An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage.

The average organization does business with 11 third parties, and 98% of organizations do business with a third party who has suffered a breach, an analysis finds.

Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.

Security vulnerabilities in VMware's vRealize Log Insight platform can be chained together to offer a cybercriminals a gaping hole to access corporate crown jewels.

Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps.

Recent cyberattacks against SMBs across Europe have been traced back to copycat groups using leaked LockBit locker malware.

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.

The Instagram rate-limiting bug, found by a rookie hunter, could be exploited to bypass Facebook 2FA in vulnerable apps, researcher reports.

Experian’s annual Future of Fraud Forecast highlights five fraud threats facing businesses and consumers in 2023.

Users searching for Bitwarden and 1Password's Web vaults on Google have recently reported seeing paid ads with links to cleverly spoofed sites for stealing credentials to their password vaults.

Cybercriminals are co-opting the identities of legitimate US financial advisers to use them as fodder for relationship scams (aka "pig butchering"), which end with the theft of investments.