432 articles
Elastic Security Labs details BRUSHWORM, a modular backdoor spreading via USB, and BRUSHLOGGER, a DLL-side-loaded keylogger, targeting a South Asian financial institution.
Kaspersky details CrystalX RAT, a MaaS malware with spyware, credential theft, and prankware features targeting Windows users globally since mid-2025.
ESET warns that misconfigured cloud VMs—overprivileged IAM roles, exposed management ports, and unpatched OS images—create systemic security gaps across enterprise environments.
ESET's Tony Anscombe warns that March 2026 attacks — including ransomware, supply chain compromises, and AI-driven phishing — reveal systemic gaps in organizational…
US DOJ, Canada, and Germany dismantled four IoT botnets — Aisuru, Kimwolf, JackSkid, Mossad — compromising 3M+ devices, enabling record-breaking DDoS attacks.
Itron disclosed a cybersecurity incident in an SEC 8-K filing: an unauthorized third party accessed internal IT systems.
Kaspersky GReAT reveals Coruna framework used in Operation Triangulation: updated kernel exploits for CVE-2023-32434 and CVE-2023-38606 targeting iPhones with zero-click iMessage…
Check Point Research uncovered CVE-2026-3502, a 7.8-CVSS privilege escalation in TrueConf client, exploited in targeted attacks against Southeast Asian government entities since…
Elastic Security Labs dissects VoidLink, a Linux rootkit framework that blends Loadable Kernel Modules with eBPF hooks to evade detection and maintain stealthy persistence on…
ADT confirmed cybercriminals breached its systems on April 20, 2026, stealing a limited set of customer and prospect data. No financial info or credentials compromised.
CISA added 4 actively exploited vulnerabilities to its KEV catalog — SimpleHelp, Samsung MagicINFO 9, and D-Link DIR-823X — with a May 2026 federal remediation deadline.
Dark Reading reports attackers are manipulating voltage to destabilize power grids — a growing cyber-physical threat vector targeting electricity infrastructure with no patch…
