$ page 17/47

Russia's 'Fancy Bear' APT continues its global onslaught with familiar tactics

Russia's 'Fancy Bear' (APT28) continues its global cyber-espionage campaigns, relying on spear-phishing and unpatched vulnerabilities to succeed.

6 min readApr 10

Iranian cyber campaign places nearly 4,000 U.S. critical infrastructure devices at risk

A Censys report warns nearly 4,000 U.S. critical infrastructure devices in the energy and water sectors are exposed online, making them targets for Ir

6 min readApr 10

Adobe Reader zero-day was exploited for months before patch

A critical zero-day in Adobe Reader was actively exploited by a state-sponsored actor for months, allowing system takeover via malicious PDFs. Patch n

5 min readApr 10

Russia accuses former Radio Free Europe journalist of aiding cyberattacks for Ukraine

Russia's FSB accuses a former RFE/RL journalist of aiding Ukrainian cyberattacks, a move that weaponizes cybersecurity language to criminalize reporti

6 min readApr 10

'BlueHammer' Windows zero-day exploit signals Microsoft bug disclosure issues

A researcher, citing a dispute with Microsoft, released a zero-day exploit for Windows that allows for full system takeover, highlighting ongoing tens

5 min readApr 10

Apple Intelligence AI guardrails bypassed in new attack

Researchers from Luta Security have successfully bypassed Apple Intelligence's AI guardrails using a novel prompt injection technique called "Neural E

5 min readApr 10

Bitter-linked hack-for-hire group expands espionage campaign to MENA journalists

A joint investigation reveals that the Bitter APT group, with suspected ties to India, has expanded its operations, targeting journalists and activist

6 min readApr 9

A fragile ceasefire won't halt Iran-linked cyberattacks

A fragile ceasefire on the physical battlefield is unlikely to stop Iran-linked hackers, who see digital warfare as a persistent, ingrained part of co

6 min readApr 9

Critical vulnerability in Ninja Forms exposes over a million WordPress sites

A critical flaw in the popular Ninja Forms WordPress plugin allows unauthenticated attackers to upload malicious files, leading to full site compromis

2 min readApr 9

‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace

Researchers discovered a flaw in Grafana's AI that lets attackers steal corporate data by hiding commands in dashboards, turning the AI into a spy.

2 min readApr 9

The anatomy of a non-leak: How a public Orbán quote became a cybersecurity myth

A viral story claimed a 'leaked call' exposed a Hungarian leader's comments. The truth? It was a public interview. A case study in misinformation.

6 min readApr 9

FBI and Pentagon warn of Iranian hackers targeting U.S. operational technology

A joint federal advisory warns that Iranian hackers are targeting U.S. water and energy sectors by exploiting default passwords on operational technol

6 min readApr 9