Автор: Tara Seals, Managing Editor, News, Dark Reading

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode.

The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode.

Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks.

A professional-grade tool set, appropriately dubbed "CloudScout," is infiltrating cloud apps like Microsoft Outlook and Google Drive, targeting sensitive info for exfiltration.

The latest GenAI jailbreak technique tricks chatbots into returning restricted content by blending different prompt topics together.

The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.

The security firm is denying an assessment that its systems were compromised in Israel by pro-Palestinian cyberattackers, but acknowledged an attack on one of its partners.

A stealthy new underground offering uses sophisticated adversary-in-the-middle (AitM) techniques to convincingly serve up "Microsoft" login pages of various kinds, with dynamic enterprise branding.

A stealthy new underground offering uses sophisticated adversary-in-the-middle (AitM) techniques to convincingly serve up "Microsoft" login pages of various kinds, with dynamic enterprise branding.