News

Five LPE flaws in Ubuntu’s needrestart utility enable attackers to gain root access in versions prior to 3.8

60% of QR code emails are spam according findings from Cisco Talos, who also identified attackers using QR code art to bypass security filters

CrowdStrike unveiled a new Chinese-aligned hacking group allegedly spying on telecom providers

Apple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks

OWASP has updated its Top 10 list of risks for LLMs and GenAI, upgrading several areas and introducing new categories

Aqua Security has observed threat actors using compromised Jupyter servers in a bid to illegally stream sporting events

Entrust claims deepfakes are driving a surge in digital identity fraud

Ransomware groups are targeting weekends and holidays to exploit understaffed security teams in order to get the best chance of a pay day

Sophos MDR has observed a new campaign that uses targeted phishing to entice the target to download a legitimate remote machine management tool to dump credentials. We believe with moderate confidence that this activity, which we track as STAC 1171, is related to an Iranian threat actor commonly referred to as MuddyWater or TA450. The […]

Steve Bellovin is retiring. Here’s his retirement talk, reflecting on his career and what the cybersecurity field needs next.