Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk. In the rapidly evolving… Read More »The High-Stakes Disconnect For ICS/OT Security
As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a… Read More »Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as… Read More »FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a… Read More »Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in… Read More »3 Actively Exploited Zero-Day Flaws Patched in Microsoft’s Latest Security Update
New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive… Read More »Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System… Read More »Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin’s efforts to gather economic and political intelligence in Central Asia. The… Read More »Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new… Read More »4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. “The campaign involved unauthorized administrative logins… Read More »Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces