Автор: Elizabeth Montalbano, Contributing Writer

A software engineer hired for an internal IT AI team immediately became an insider threat by loading malware onto his workstation.

CrowdStrike vows to provide customers with greater control over the delivery of future content updates by allowing granular selection of when and where these updates are deployed.

An exploit sold on an underground forum requires user action to download an unspecified malicious payload.

An exploit sold on an underground forum requires user action to download an unspecified malicious payload.

Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.

Three newly discovered SMTP smuggling attack techniques can exploit misconfigurations and design decisions made by at least 50 email-hosting providers.

Manipulated header info within files, in mobile Trojans like TeaBot and others, makes it difficult for defenders to analyze and detect them.

The threat group used CVE-2024-38112 and a "zombie" version of IE to spread Atlantida Stealer through purported PDF versions of reference books.

A new end-to-end toolkit circulating on the Dark Web significantly lowers the barrier to entry for creating sophisticated campaigns that can avoid most traditional security detection and protection systems.

The novel malware targets Spanish-speaking users via malicious Google Drive links, and taps a popular C++ library to evade detection.