A common question we are asked by clients after deploying is, “Are attack paths in Active Directory this bad for everyone?” The answer is usually “Yes,”...
The North Korean Lazarus hacking group is now using fake ‘Crypto.com’ job offers to hack developers and artists in the crypto space, likely with a long-term...
The Ukrainian military intelligence service warned today that Russia is planning “massive cyber-attacks” targeting the critical infrastructure of Ukraine and its allies. This incoming “massive” wave...
The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that...
A recently resolved vulnerability in Sophos Firewall has been abused by attackers in targeted attacks, the vendor warns. The critical vulnerability (CVE-2022-3236) poses a remote code execution (RCE) risk. Sophos...
Sophos warned today that a critical code injection security vulnerability in the company’s Firewall product is being exploited in the wild. “Sophos has observed this vulnerability...
Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects appear to have been compromised. Powered by the Ethereum blockchain, dydX is a...
As students head back into the classroom, K-12 district leaders are faced with the difficult task of preventing and mitigating cybersecurity threats against their districts. School...
A vulnerability in Netlify could allow an attacker to achieve either persistent cross-site scripting (XSS) or full-response server-side request forgery on any supported website. Netlify is a web...
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical severity Java deserialization vulnerability affecting multiple Zoho ManageEngine products to its catalog of bugs exploited...