Security researchers have found a new ransomware variant dubbed Rook.  Rook shows numerous similarities with Babuk, and security researchers have discovered that it was built using Babuk code that was leaked online earlier this year.  Rook was…

Severe vulnerabilities have been discovered in the All In One SEO WordPress plugin, affecting over 3 million websites. The vulnerabilities could allow an attacker to take advantage of a SQL injection issue and a privilege-escalation bug. The two…

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new scanning tool to help organizations find unpatched Log4j instances in their IT environment.  CISA posted the Log4j Scanner to GitHub.  CISA noted that this…

An international team of risk and machine-learning experts, led by researchers at the University of Cambridge's Centre for the Study of Existential Risk (CSER), recommends that the Artificial Intelligence (AI) industry creates a global community composed…

IT security experts of the Karlsruhe Institute of Technology (KIT) have demonstrated that air-gapped computer systems are still susceptible to being attacked. In a project titled LaserShark, the researchers have shown that it is possible to transmit data…

Group-IB security experts have uncovered a new global cyberespionage phishing campaign aimed at harvesting users' personal and financial information. The malicious campaign has been targeting users in more than 90 countries, including South Korea, Italy…

The UK's National Crime Agency (NCA) donated over 225 million passwords found during the course of its crime-fighting, to Have I Been Pwned (HIBP). HIBP is a free service used to check credentials stolen or leaked through past data breaches. The service…

Consumers have been warned to stay vigilant of delivery scam texts while online shopping for Christmas.  Security researchers at Proofpoint found that delivery ‘smishing’ scams are surging amid the busiest shopping period of the year.  Over…

Researchers at the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum are exploring how data generated using Artificial Intelligence (AI), known as deepfakes, can be distinguished from real data. Deepfakes refer to synthetic media,…

A three-hospital health system in West Virginia has become the victim of a business email compromise (BEC) scam that began with a phishing attack.  Monongalia Health System, Inc. (MHS) had no idea that its cybersecurity defenses had been penetrated…

Cybersecurity leaders from the US, Australia, Canada, New Zealand, and the UK have issued a new Log4j advisory. The guide covers technical details, mitigations, and resources for addressing vulnerabilities in the Apache Log4j software library. This is a…

Researchers from Sophos Labs have discovered the use of a novel exploit that can bypass a patch for a critical vulnerability impacting the Microsoft Office file format. Attackers weaponized a publicly available proof-of-concept Office exploit to deliver…