People making cybersecurity and disaster recovery (DR) decisions today often operate as if they’re in a vacuum. Their company has […]

The AI revolution is entering a critical new phase. It’s not just about the promise of AI anymore, but also […]

A Chinese-sponsored cyber attack was so damaging that it was briefly proposed that an entire data hub be destroyed, according […]

Nation-state threat actors and cybercriminals are increasingly abusing cryptocurrency blockchains to host malicious payloads with a technique known as “EtherHiding,” […]

Cloud Security plays a crucial role in the field of information security operations, handling much of the heavy lifting needed […]

As the U.S. Department of Defense (DoD) continues to make artificial intelligence (AI) a key segment of national security, turning […]

The AI revolution has transformed how organizations operate, yet beneath the excitement of chatbots and autonomous agents lies a security […]

Imagine this: millions of players logged in, trading gear, leveling up, and trusting your platform with not just their credit […]

A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from …

The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the …

In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly implementing security measures to protect sensitive data and ensure regulatory compliance. Among these measures, AI-SPM …

Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft …

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and …

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously …

Google's DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company's …

For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security …

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design is built …

Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), …

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site visitors get injected content …

Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT …

Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT …

Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an attempt …

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 …

A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known …

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google …

SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain encrypted credentials and configuration data; …

Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every …

Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies …

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute its payloads. According to Fortinet …

A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. "Storm-2657 is actively targeting a range of U.S.-based …

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under active exploitation since …

The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how …

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The …

Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time …

Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems …

Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to an "exploit shotgun" approach, …

Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that unknown threat actors were abusing the backward compatibility …

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face …

Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, …

Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the …

Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging …

Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other …

Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error …

A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group's expansion to the country beyond Southeast …

U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities …

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing …

TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the …

Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant …

MCPTotal, a comprehensive secure Model Context Protocol (MCP) platform, today announced its flagship platform to help businesses adopt and secure […]

Today, in the age of digitization, cybersecurity is no longer a luxury; quite the contrary, it is both a necessity […]

The remote work revolution did not just change where we work, it redefined how we secure our workplaces. The shift, […]

Criminals have been spotted exploiting a new zero-day vulnerability in Gladinet CentreStack and Triofox file sharing servers that could allow […]

How Artificial Intelligence is transforming both cyber defense and cybercrime by Venkatesh Apsingekar, Senior Engineering Manager – Illumio I recently […]

At their core, alerts exist to bring attention to something meaningful: an indicator of compromise (IOC), an indicator of attack […]

The Department of Defense recently sent defense contractors a clear signal: an update to the recently finalized CMMC 2.0 is […]

The word “bot” doesn’t have the best reputation right now. You hear it and think of election manipulation, fake social […]

In today’s cybersecurity landscape, identity is no longer just a credentialing concern; it is the battleground. Modern cyber defenses increasingly […]

On Sept. 17, security vendor SonicWall announced that cybercriminals had stolen backup files configured for cloud backup. At the time, the […]

Cyberattacks are becoming increasingly complex because organizations are more interconnected than ever before while threat actors are better resourced and […]

Der Sicherheitsvorfall bei SonicWall ist umfangreicher als bisher angenommen. Tada Images – shutterstock.com Am 17. September gab der Security-Anbieter SonicWall […]

Velociraptor, the open-source DFIR tool meant to hunt intruders, has itself gone rogue – being picked up by threat actors […]

In recent months, headlines have drawn attention to record-breaking DDoS attacks, often measured in terabits per second (Tbps) and accompanied […]

Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing resources in […]

srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_1213189189.jpg?quality=50&strip=all 5472w, https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_1213189189.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_1213189189.jpg?resize=768%2C432&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_1213189189.jpg?resize=1024%2C576&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_1213189189.jpg?resize=1536%2C864&quality=50&strip=all 1536w, https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_1213189189.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_1213189189.jpg?resize=1240%2C697&quality=50&strip=all 1240w, https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_1213189189.jpg?resize=150%2C84&quality=50&strip=all 150w, https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_1213189189.jpg?resize=854%2C480&quality=50&strip=all 854w, https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_1213189189.jpg?resize=640%2C360&quality=50&strip=all 640w, […]

High-end computer mice can be used to eavesdrop on the voice conversations of nearby PC users, researchers from the University […]

China-affiliated hackers have quietly turned a once-benign open-source network monitoring tool into a remote access beacon. According to new findings […]

Artificial Intelligence development is moving faster than secure coding practices, and attackers are taking notice. Imperva Threat Research recently uncovered […]

Weggefährten der it-sa auf der ersten Pressekonferenz (von links): Claudia Plattner, BSI-Präsidentin, Ralf Wintergerst, Präsident des Bitkom, Prof. Norbert Pohlmann, Vorsitzender […]

It’s the bad news that many customers of Oracle E-Business Suite (EBS) have been dreading: reports of ransomware attacks targeting […]

Die Cl0p-Bande nutzt Zero-Day-Schwachstelle bei Oracle für Cyberattacken aus. Dragos Asaftei / Shutterstock Oracle hat ein Notfall-Update veröffentlicht, um eine […]

Security researchers at Tenable revealed three distinct vulnerabilities across Gemini’s cloud assist, search optimization, and browsing components. If exploited, these […]