Endor Labs published "The State Of Dependency Management," which provides insight into the widespread but often unmonitored use of existing open-source software in application development, as well as the risks associated with this common practice. The…

Lighting and building management giant Acuity Brands has recently publicly disclosed two data breaches it suffered in recent years, including one that may have involved ransomware.  The Atlanta, Georgia-based firm employs roughly 13,000 people and…

According to the Cybernews research team, web Explorer - Fast Internet, an Android browsing app, left its Firebase instance open, exposing app and user data. Firebase is a mobile app development platform with numerous analytics, hosting, and real-time…

Security researchers at Jscrambler had recently discovered that a web skimming campaign running for the past year has already compromised over 40 e-commerce sites.  The researchers revealed that "Group X," which exfiltrated card data to a server in…

Google's Threat Analysis Group (TAG) discovered a zero-day exploit for an Internet Explorer (IE) vulnerability that was used to target South Korean users. TAG made the discovery in October 2022 and found malware in documents emailed to targets. The…

Apple has announced plans for new cybersecurity features aimed at helping users protect their data more effectively from hacking. The first feature Apple will include in the update is Advanced Data Protection, which will be made available through iCloud…

Security researchers at Group-IB have uncovered a prolific investment fraud group that may have made half a billion dollars in profits over the past four years.  Named “CryptosLabs” after a scam website template it used, the group’s fake investment…

Douglas McKee, director of vulnerability research at Trellix, struggled to extract passwords from a medical patient-monitor device that he was probing for vulnerabilities. The GPU password-cracking tool he had used to lift the layers of credentials…

Cybercriminals are scamming each other and using arbitration to settle disputes about the scams. Sophos experts investigated two Russian-language cybercrime forums with Access-as-a-Service (AaaS) listings, as well as an English-language cybercrime forum…

An unusual data exfiltration method uses a previously unknown covert channel to leak sensitive data from air-gapped systems. According to Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center at Ben Gurion University of the Negev…

In supply chain attacks affecting organizations in Israel, Hong Kong, and South Africa, the Iranian Agrius Advanced Persistent Threat (APT) hacking group is employing a new 'Fantasy' data wiper. The campaign began in February and reached its peak in…

A large blindspot in front of an approaching autonomous vehicle's LiDAR system can be created by shining expertly timed lasers. This attack can hide moving pedestrians and other obstacles. A group of researchers from the University of Florida, the…