Business

Since 2016, a threat actor has been exploiting insecure plugins and themes to infect WordPress websites and redirect traffic to malicious websites.

Businesses reaching the “acceptance stage”: given inevitable breaches — how to prepare for them?

Scammers are using Google ads to push fake versions of real websites – and they’re after business accounts and company data.

How organizations implement zero-trust principles, and what CISOs advise for project success.

Archives are being used in targeted phishing and other attacks on organizations. What tools, settings, and policies can mitigate the threat?

Scammers are exploiting GetShared to bypass email security.

A year after the ransomware attack on healthcare giant UnitedHealth Group, we’ve compiled all publicly available information about the incident and its aftermath.

$3 billion worth of damage to healthcare insurance giant, schools closed, soccer club players’ data leaked, and other ransomware incidents in 2024.

We look at the most notable supply-chain attacks of 2024.

Discontinuing mandatory password rotations, banning outdated MFA methods, and other updates in the NIST SP 800-63 standards for digital account authentication and management.

Phishers have adopted another trick: they send emails pretending to be from Docusign with a fake link to a document that the recipient must sign.

We explore the root causes of the talent crisis in the cybersecurity industry and look for possible solutions.

Telegram bot sells subscriptions to phishing tools to hack Microsoft 365 accounts, including 2FA bypass.

Cybercriminals are using AitM techniques to compromise accounts of company executives. How do they do this, and how to protect against it?

Although Microsoft has radically revised the rollout plan for its controversial Recall feature, cybersecurity teams can’t afford to ignore the issue of “AI onlookers.

The JavaScript CDN service Polyfill.io has started spreading malicious code. Remove the service’s script from your website.

Developers’ accounts are being hijacked using fake job offers sent from a legitimate GitHub address.

Based on our analysis of ZKTeco vulnerabilities, we dissect the risks associated with biometric authentication.

Cybercriminals are using genuine Facebook infrastructure to send phishing emails threatening to block accounts.

dormakaba Saflok locks — used on around three million doors across 13,000 hotels — are vulnerable to an attack that involves forging electronic keycards.

A credential stuffing attack is one of the most effective ways to take control of accounts. Here’s how it works and what you should do to protect your company.