Stop Paying the Password Tax: A CFO’s Guide to Affordable Zero-Trust Access
In 2025, stolen credentials remain the most common and fastest path into an organization’s systems. Nearly half of breaches...
Month: November 2025
NDSS 2025 – YuraScanner: Leveraging LLMs For Task-driven Web App Scanning4+
SESSIONSession 2B: Web Security Authors, Creators & Presenters: Aleksei Stafeev (CISPA Helmholtz Center for Information Security), Tim Recktenwald (CISPA...
Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp
Nov 07, 2025Ravie LakshmananMobile Security / Vulnerability A now-patched security flaw in Samsung Galaxy Android devices was exploited as a...
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to...
Securing the AI-Enabled Enterprise
AI-Driven Security Threats: Moving Beyond the Hype Security does a great job of sensationalizing attacks. This trend was set...
Anchore Enterprise 5.23: CycloneDX VEX and VDR Support
Anchore Enterprise 5.23 adds CycloneDX VEX and VDR support, completing our vulnerability communication capabilities for software publishers who need...
ESET APT Activity Report Q2 2025–Q3 2025
ESET ResearchThreat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2...
Cisco fixes critical UCCX flaw allowing Root command execution
Cisco fixes critical UCCX flaw allowing Root command execution Pierluigi Paganini November 07, 2025 Cisco patched a critical flaw in...
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems Pierluigi Paganini November 07, 2025 Russia-linked group InedibleOchotense used...
Doubling Down in Vegas: The High-Stakes Question of Whether to Pay
Ransomware presents organizations with a terrible decision: Pay criminals to restore access to critical systems and data, or refuse...
The Shift Toward Zero-Trust Architecture in Cloud Environments
As businesses grapple with the security challenges of protecting their data in the cloud, several security strategies have emerged to safeguard digital assets and ensure...
Simulating Cyberattacks to Strengthen Defenses for Smart Buildings
Smart buildings contain dozens, sometimes hundreds, of internet-connected devices with weak built-in security controls — a threat actor’s ideal target if...
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
Nov 07, 2025Ravie LakshmananSupply Chain Attack / Malware A set of nine malicious NuGet packages has been identified as capable...
Enterprise Credentials at Risk – Same Old, Same Old?
Nov 07, 2025The Hacker NewsData Protection / Cloud Security Imagine this: Sarah from accounting gets what looks like a routine...
Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts
Nov 07, 2025Ravie LakshmananData Protection / Malware Google on Thursday said it's rolling out a dedicated form to allow businesses...
