Researchers have observed the BazarLoader information stealer now being spread via compromised versions of VLC and TeamViewer packages.
CloudLinux's Imunify360 security platform has a severe flaw (CVE-2021-21956) that can lead to remote code execution in some circumstances.
Cybercriminals are using the known ProxyLogon and ProxyShell vulnerabilities to hijack email threads in malware attacks.
An APT group is using a suite of tools, including KdcSponge, Godzilla, and NGLite, to exploit a known ManageEngine flaw and move laterally.
This week's Source Code podcast by Decipher takes a look behind the scenes at top news with input from our sources.
A new Federal Deposit Insurance Corporation (FDIC) rule requires banks to notify federal regulators of security incidents within 36 hours.
The FBI is warning about an APT actor that is exploiting a zero day flaw in the FatPipe software on several products, including MPVPN, WARP, and IPVPN.
A recently uncovered attack by a new ransomware group shows how cybercriminals will switch up their tactics on a whim.
CISA warned that an unnamed APT group associated with the Iranian government i exploiting known Fortinet and the Exchange ProxyShell bug to gain access to target networks.
The U.S. government has published new playbooks with the goal of standardizing and improving how federal agencies plan for vulnerability and incident response.
Nick Selby joins Dennis Fisher to talk about his long and varied career in security, the challenges that law enforcement faces in investigating cybercrime, and what the future may hold for enterprise security teams.
Almost a year after law enforcement disrupted its infrastructure, the Emotet malware has returned.
Ransomware groups such as REvil have take some hits recently, but the broader landscape has continued to expand and experts say defenders need to change their thinking in order to address the problem.
CISA is warning ICS operators of a number of vulnerabilities in some open-source and proprietary data distribution service implementations that can lead to remote code execution.
The Cybersecurity Talent Management System from the Department of Homeland Security (DHS) aims to overhaul the government's efforts in recruiting - and retaining - top cyber talent.