According to a team of academics from Ben-Gurion University of the Negev, a soda can, a smartphone stand, or any bright lightweight desk decoration could lead to eavesdropping. This can even be done in a soundproof room if an attacker can see the object…

Security researchers have created a tool named Cooper that detects flaws in the way apps such as Microsoft Word and Adobe Acrobat process JavaScript. Through the use of Cooper,  the researchers discovered 134 bugs, 59 of which have been deemed…

Security researchers at Microsft are warning that a new variant of the Sysrv botnet has added a recent Spring Cloud Gateway vulnerability to its exploit portfolio.  The Sysrv botnet has been active since at least late 2020, looking to exploit known…

A prolific ransomware group called AvosLocker recently hit a Dallas-based nonprofit Catholic health system with more than 600 facilities across four U.S. states, Mexico, Chile, and Colombia.  The attack on CHRISTUS Health marks the second health…

Since at least 2021, a post-exploitation framework known as IceApple has been targeting global enterprises that employ Microsoft's extensible web server software and Microsoft Exchange servers, according to Falcon OverWatch, CrowdStrike's proactive…

A new RedLine malware distribution campaign has been seen promoting fake Binance NFT mystery box bots on YouTube in order to trick people into downloading the information-stealing malware from GitHub repositories. Binance mystery boxes are collections of…

Google is increasing its investment in open source software security by forming a new team of developers committed to assisting the maintainers of major open source projects in improving their software's security. The new Open Source Maintenance Crew is…

Cybercrimals can find everything from information stealing to ransomware and crypto-mining modules offered by the Eternity Project as recently advertised on a popular Telegram channel. For prices ranging from $90 to $490, would be hackers can purchase…

NIST releases new guidance for dealing with cybersecurity risks throughout the supply chain. Supply chain is a vital part of global commerce. But vulnerabilities in the technology used to manage it can cause problems for businesses and their customers.…

The European Union (EU) has recently reached a political agreement on new legislation that will impose common cybersecurity standards on critical industry organizations.  The new directive will replace the EU’s existing rules on the security of…

ForgeRock, a global identity and access management company, has created a new application called ForgeRock Autonomous Access that uses AI to prevent identity-based cyberattacks and fraud.   The application monitors login requests in real-time to…

A team of researchers at Zhejiang University in China used basic Machine Learning (ML) to identify patterns that common Web Application Firewalls (WAFs) fail to detect, but which can deliver a threat actor's payload. The researchers started with common…