Cybersecurity
Moving CVEs past one-nation control
Sometimes you don’t know how much you will miss something until you (almost) lose it. That is certainly the case with the news on Tuesday that the MITRE Corporation had not received the funding necessary to continue operating the Common Vulnerabilities and Exposures (CVE) Program past April. Fortunately, the Cybersecurity Infrastructure Security Agency (CISA) stepped…
They’re coming for your data: What are infostealers and how do I stay safe?
Here’s what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data 16 Apr 2025 • , 6 min. read In the world of cybercrime, information is a means to an end. And that end, more often than not, is to make…
State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater),…
Funding Expires for Key Cyber Vulnerability Database – Krebs on Security
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program — which is traditionally funded each…
Ransomware Trends, Statistics and Facts in 2025 | Informa TechTarget
While ransomware isn’t a new cybersecurity risk, it continues to receive attention at the highest levels of government worldwide. Ransomware has affected people’s ability to get healthcare, put gas in their vehicles and buy groceries. The financial effects of ransomware have also become particularly pronounced in recent years. Attacks on supply chains have caused more…
SaaS Security Essentials: Reducing Risks in Cloud Applications
As organizations increasingly rely on SaaS applications to run their operations, securing them has become a necessity. Without strong protection, sensitive data, user access, and cloud infrastructure are left vulnerable to breaches. SaaS security is not a single-layer fix; it demands multiple approaches to address cybersecurity threats across identity, data, and applications. Key Components of…
The quiet data breach hiding in AI workflows – Help Net Security
As AI becomes embedded in daily business workflows, the risk of data exposure increases. Prompt leaks are not rare exceptions. They are a natural outcome of how employees use large language models. CISOs cannot treat this as a secondary concern. To reduce risk, security leaders should focus on policy, visibility, and culture. Set clear rules…
Sophos Firewall v21.5 early access is now available
We’re pleased to announce that the early access program (EAP) is now underway for the latest Sophos Firewall release. This update brings exciting industry-first enhancements and top-requested features, including… Sophos NDR Essentials integration Set up and monitor NDR Essentials threat feeds under the Active Threat Response menu. Sophos Firewall customers with Xstream Protection now get…
1 billion reasons to protect your identity online
Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t. 08 Apr 2025 • , 5 min. read Data breaches are a growing threat to companies and a nightmare for their…
Initial Access Brokers Shift Tactics, Selling More for Less
What are IABs? Initial Access Brokers (IABs) specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like social engineering and brute-force attacks. By selling access, they significantly mitigate the risks associated…