Backlogs larger than 100K+ vulnerabilities but too time-consuming to address
Rezilion and Ponemon Institute announced the release of “The State of Vulnerability Management in DevSecOps,” which reveals that organizations are losing thousands of hours in …
Attackers mount Magento supply chain attack by compromising FishPig extensions
FishPig, a UK-based company developing extensions for the popular Magento open-source e-commerce platform, has announced that its paid software offerings have been injected …
Phishers take aim at Facebook page owners
Phishers are looking to trick owners of Facebook pages with fake notices from the social network (i.e., Meta, the company behind Facebook, Instagram and WhatsApp), in an …
Thwarting attackers in their favorite new playground: Social media
For years, LinkedIn has been utilized by threat actors looking to refine their attacks. From simple spear-phishing attacks to reconnaissance, the professional networking site …
What’s challenging development teams amid their race to the cloud?
Couchbase announced findings from industry research examining the challenges faced by development teams amid the race to the cloud and to execute on digital transformation …
CFOs’ overconfidence in cybersecurity can cost millions
Kroll announced its report Cyber Risk and CFOs: Over-Confidence is Costly which found chief financial officers (CFOs) to be woefully in the dark regarding cybersecurity, …
Microsoft fixes exploited zero-day in the Windows CLFS Driver (CVE-2022-37969)
September 2022 Patch Tuesday is here, with fixes for 64 CVE-numbered vulnerabilities in various Microsoft products, including one zero-day (CVE-2022-37969) exploited by …
U-Haul reports data breach, customers’ info exposed
U.S. moving and storage rental company U-Haul has suffered a data breach due to an unauthorized person having accessed an unspecified number of rental contracts, …
Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917)
Apple has fixed a slew of vulnerabilities in macOS, iOS, and iPadOS, including a zero-day kernel vulnerability (CVE-2022-32917) exploited by attackers in the wild. About …
Modernizing data security with a zero trust approach to data access
In a world where we can no longer trust anyone, zero trust security has picked up momentum, especially since 2018 when NIST published Implementing a Zero Trust Architecture. …
5 Kali Linux books you should read this year
Kali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering. Here is a selection of books for different …
Organizations should fear misconfigurations more than vulnerabilities
Censys launched its State of the Internet Report, a holistic view into internet risks and organizations’ exposure to them. Through careful examination of which ports, …
Featured news
Resources
Don't miss
- Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731)
- Brutus: Open-source credential testing tool for offensive security
- Why secure OT protocols still struggle to catch on
- Edge computing’s biggest lie: “We’ll patch it later”
- Cyber risk is becoming a hold-period problem for private equity firms