Zeljka Zorz
QNAP NAS devices under ransomware attack
QNAP NAS device owners are once again under attack by ransomware operators, who are exploiting a recently fixed vulnerability to lock data on vulnerable devices by using the …
SniperPhish: An all-in-one open-source phishing toolkit
SniperPhish is an all-in-one open-source phishing toolkit that pentesters and other security professionals can use for setting up and executing email and web-based spear …
Monero-mining botnet targets orgs through recent MS Exchange vulnerabilities
The recent Microsoft Exchange Server vulnerabilities might have initially been exploited by a government-backed APT group, but cybercriminals soon followed suit, using them to …
Cloud Sniper: Manage and automate cloud security operations
Cloud Sniper is an open-source platform for managing cloud security operations that aims to make it easy for cloud teams to deal with security incidents. “One of our …
Hackers found leveraging three SonicWall zero-day vulnerabilities
Attackers that seem to have “intimate knowledge” of the SonicWall Email Security product have been discovered leveraging three (at the time) zero-day …
Attackers are exploiting zero-day in Pulse Secure VPNs to breach orgs (CVE-2021-22893)
Attackers have been exploiting several old and one zero-day vulnerability (CVE-2021-22893) affecting Pulse Connect Secure (PCS) VPN devices to breach a variety of defense, …
Securing vehicles from potential cybersecurity threats
Organizations in the automotive industry are no stranger to demands and mandates regarding car and passenger safety, so addressing the issue of cybersecurity of computerized, …
Securing an online marketplace through the COVID-19-fueled boom
When COVID-19 began to spread around the globe, citizens of many countries were instructed to stay at and work from home. Most non-essential brick-and-mortar shops were closed …
Office 365 phishing campaign uses publicly hosted JavaScript code
A new phishing campaign targeting Office 365 users cleverly tries to bypass email security protections by combining chunks of HTML code delivered via publicly hosted …
SAP applications are getting compromised by skilled attackers
Newly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities …
Vulnerabilities in ICS-specific backup solution open industrial facilities to attack
Claroty researchers have found and privately disclosed nine vulnerabilities affecting Rockwell Automation’s FactoryTalk AssetCentre, an ICS-specific backup solution. All of …
Zero Trust creator talks about implementation, misconceptions, strategy
A little over a decade ago, John Kindervag outlined the Zero Trust security model. As a VP and Principal Analyst on the Security and Risk Team at Forrester Research, he spent …
Featured news
Resources
Don't miss
- Reachability makes AI threat modeling worth the trust
- EU Cybersecurity Act 2.0: When good regulation goes bad
- The rise of machine identities and agentic AI: Securing trust in the next era of digital autonomy
- China-linked spies backdoored authentication stack to stay hidden for years
- AI vulnerability discovery is pushing 2026 CVEs toward 66,000