The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of… Read More »CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
Regulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses (SMBs) are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS,… Read More »Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat). The campaign, detected earlier this… Read More »CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers… Read More »Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing… Read More »Leaked Black Basta Chats Suggest Russian Officials Aided Leader’s Escape from Armenia
The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer.… Read More »ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers
In today’s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and MFA bypass—remain a major challenge. Instead… Read More »Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen
Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network… Read More »5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious… Read More »Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV)… Read More »CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise