​Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. “When you turn on Identity… Read More »Android’s New Identity Check Feature Locks Device Settings Outside Trusted Locations

​The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on… Read More »CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

​Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the… Read More »Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers

​Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. “The campaign is global, with Netskope Threat… Read More »Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

​An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices’ firmware as well as misconfigured security features. “These… Read More »Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

​An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from… Read More »Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

​Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to… Read More »New Research: The State of Web Exposure 2025

​SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a… Read More »SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

​Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as… Read More »How to Eliminate Identity-Based Threats

​Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader. “BackConnect is a common feature or… Read More »QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features