Dec 31, 2024 · The federal agency said it has been working with the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), and that available evidence points to it being the work of an unnamed state-sponsored Advanced Persistent Threat (APT) actor from China.

Dec 29, 2024 · A new attack campaign has targeted known Chrome browser extensions, leading to at least 35 extensions being compromised and exposing over 2.6 million users to data exposure and credential theft.

Jan 3, 2025 · Given that the .azureedge[.]net domains could cease to become unavailable in the future, Microsoft said it's migrating to Azure Front Door CDNs.The Windows maker said it will automatically migrate customers' workloads by January 7, 2025, if no action is taken.

Jan 6, 2025 · How to Conduct an AI Risk Assessment [Free Guide] The past two years have been as explosive for generative AI as they were for Taylor Swift. This guide will help you take practical steps to identify and mitigate GenAI risks so you can ensure safe and compliant use in your org.

Jan 3, 2025 · The development comes days after a report from The Guardian revealed that OpenAI's ChatGPT search tool could be deceived into generating completely misleading summaries by asking it to summarize web pages that contain hidden content. "These techniques can be used maliciously, for example to cause ChatGPT to return a positive assessment of a …

Dec 30, 2024 · Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe.

Dec 23, 2024 · The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology.

Jan 4, 2025 · "In one phishing case, the infection begins by tricking the victim into opening a malicious RAR archive disguised as an image file by using a .jpg extension," the company said. "When extracted and executed by the victim, the archive drops a malicious Windows executable, which eventually downloads and executes PLAYFULGHOST from a remote server."

Jan 2, 2025 · The second vulnerability, on the other hand, lies in using the orderby clause in the same API to obtain the data from the necessary database table column (e.g., EMailAddress1, which refers to the primary email address for the contact). Lastly, Stratus Security also found that the FetchXML API could be exploited in conjunction with the contacts table to access …

A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web ( MotW ) protections and execute arbitrary code in the context of the current user.