Your blog category
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the… Read More »Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
A zero-day security flaw in Telegram’s mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale for… Read More »Telegram App Flaw Exploited to Spread Malware Hidden in Videos
Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work.… Read More »How a Trust Center Solves Your Security Questionnaire Problem
The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version… Read More »Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool
There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and… Read More »How to Reduce SaaS Spend and Risk Without Impacting Productivity
Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. “On… Read More »CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed… Read More »CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List
A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza.… Read More »Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers
Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools.… Read More »Chinese Hackers Target Taiwan and US NGO with MgBot Malware
Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the… Read More »New ICS Malware ‘FrostyGoop’ Targeting Critical Infrastructure