The Google One Virtual Private Network (VPN) service is now available to Google One Premium members in over 20 countries. During the summer, NCC Group, an information assurance firm, conducted a security assessment of the Google One VPN service and…

Participants at the latest Pwn2Own competition discovered many zero-day vulnerabilities in a range of products.  The contest is run by Trend Micro’s Zero Day Initiative (ZDI).  During the competition, which lasted three days, contestants were…

Security researchers at Endor Labs have discovered that nearly all open source vulnerabilities (95%) are found in transitive or indirect dependencies.  The researchers noted that developers increasingly favor open source as a way to accelerate time…

The Senate has passed the Quantum Computing Cybersecurity Preparedness Act to bolster national security by preparing the federal government's defenses against quantum-computing-enabled data breaches. The bill aims to protect sensitive data from the…

Google recommends that organizations use the Supply Chain Levels for Software Artifacts (SLSA) framework when developing software to improve software security and integrity, following an exploration of best practices for securing the software supply…

Checkmarx and Phylum detailed a typosquatting campaign aimed at the NPM and PyPI package managers. This campaign includes embedded ransomware and targets the popular "requests" package on PyPI and the "discord.js" package on NPM. When the…

Deep Instinct's Threat Research team discovered a new campaign carried out by the MuddyWater Advanced Persistent Threat (APT) group, also known as SeedWorm, TEMP.Zagros, and Static Kitten. The APT's campaign has targeted Armenia, Azerbaijan, Egypt, Iraq…

Dimensional Research surveyed 1,175 security professionals and executives from five continents to get a global perspective of the capabilities of security solutions, deployment strategies, gaps, and the value of tool consolidation. According to the…

As part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe, a hack-for-hire group called Evilnum has targeted travel agencies. The attacks, which occurred in 2020 and 2021 and most likely began in…

Research by Dr. Joel Reardon, a University of Calgary Internet security and privacy expert, and his colleague, Dr. Serge Egelman, at the University of California Berkeley, has led to the web browser firm Mozilla removing an offshore company as a trusted…

To deter and defeat agile adversaries, people and assets deployed by the US Department of Defense (DOD) in ground, sea, air, and space must maintain operational wireless network connectivity. Researchers from Florida Atlantic University's (FAU) College…

The Science and Technology Directorate (S&T) is working with the Cybersecurity and Infrastructure Security Agency (CISA) to develop and test new technologies and tools to combat both online and physical threats. According to the S&T program…