Basic cyber hygiene protects against 99% of cyber attacks. Seems easy, but that implies establishing a proper cybersecurity program, that includes people, processes and technology.

Pro CISO’s Threat Intelligence service identifies collections of Bitwarden password manager credentials on the Darkweb

How the CL0P ransomware group exploits a zero day vulnerability of the MOVEit file transfer product, to attack their victims, encrypt their data and demand a ransom to decrypt the files.

"Stealer" malware is the new silent threat. Targeting anyone, both individuals and organizations, with the objective to harvest credentials and sensitive information from user devices and sell them on the Darkweb

Why did cybersecurity become a business risk? Because of ransomware ? Or maybe, because of something we've all heard about called: the Digital Transformation (DX) ?

CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination

The Five Eyes (FVEY) intelligence alliance warns managed service providers (MSPs) and their customers around increasing supply chain attacks.

The new juvenile data extortion group, LAPSUS$, has taken big organizations by surprise with their old-fashioned social engineering attacks

A new vulnerability in the Spring Framework for Java Development Kit (JDK) version 9.0 or later. Exposes millions of systems to compromise, similarly to the Log4j vulnerability,

The Microsoft Defender for IoT research team has discovered the method through which MikroTik devices are used in Trickbot’s C2 infrastructure. 

Hive Systems updates its Password Table, considering the new processing power available in 2022

To preserve the integrity of customer data present in its devices in Ukraine, Russia, and Belarus, Cloudflare has implemented Keyless encryption and configured systems to self-isolate in case of compromise.

Google LLC today announced that it has signed a definitive agreement to acquire Mandiant, Inc., a leader in dynamic cyber defense and response, for $5.4 billion

Linux "Dirty Pipe" vulnerability affects Linux Kernel 5.8 and later versions, even on Android devices, allowing a non-privileged user to inject and overwrite data in read-only files.

Security analysts warn of a sharp rise in API attacks, with most companies still underestimating these high risks.

Security experts from Avanan have observed attackers taking advantage of Teams conversations to introduce malware into an organization.

The new 2022 version of ISO/IEC 27002 has been published.

Offensive Security releases the new version of its popular open source penetration testing platform.