​GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the… Read More »GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

​Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax… Read More »New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide

​A Chinese national has been indicted in the U.S. on charges of conducting a “multi-year” spear-phishing campaign to obtain unauthorized access to computer software and source code created by the… Read More »Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military

​The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only… Read More »Why Pay A Pentester?

​A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed… Read More »North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

​Google has announced that it’s rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects… Read More »Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing

​The GSM Association, the governing body that oversees the development of the Rich Communications Services (RCS) protocol, on Tuesday, said it’s working towards implementing end-to-end encryption (E2EE) to secure messages… Read More »GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging

​Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS… Read More »Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

​Meta has announced that it will begin training its artificial intelligence (AI) systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming… Read More »Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts

​The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution… Read More »U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation