risks

How automation turns legitimate tools into a channel for malware delivery.

We examine how popular Canon printers could become a foothold for attackers within an organization’s network.

Attackers are abusing legitimate websites to host hidden SEO links. We break down their tactics, and what you can do about it.

WordPress sites are increasingly becoming targets of attacks exploiting vulnerabilities in plugins and themes. In this post, we examine recent cases and share protection tips.

This is a story of how a blockchain developer lost US$500 000 to a fake Solidity extension from the Open VSX marketplace.

Researchers have found several vulnerabilities in the Sitecore CMS platform that enable unauthenticated remote code execution (RCE).

How to assess all the complexities of open-source application integration in advance, and choose the most efficient solutions.

Since 2016, a threat actor has been exploiting insecure plugins and themes to infect WordPress websites and redirect traffic to malicious websites.

Scammers are using Google ads to push fake versions of real websites – and they’re after business accounts and company data.

How the situation with ransomware attacks on companies has changed, and why paying a ransom has become an even worse and more useless idea in 2025.

Scammers are exploiting GetShared to bypass email security.

A vulnerability in Google OAuth allows attackers to access accounts of defunct organizations through abandoned domains.

A year after the ransomware attack on healthcare giant UnitedHealth Group, we’ve compiled all publicly available information about the incident and its aftermath.

$3 billion worth of damage to healthcare insurance giant, schools closed, soccer club players’ data leaked, and other ransomware incidents in 2024.

We look at the most notable supply-chain attacks of 2024.

What to do if you receive a text with a two-factor authentication code from a service you’ve never registered for.

A look at the biggest ransomware attacks of 2023.

The KeyTrap DoS attack, which can disable DNS servers with a single malicious packet exploiting a vulnerability in DNSSEC.

Why cybercriminals want to attack PR and marketing staff and, crucially, how to protect your company from financial and reputational harm.

Time to update Fortra GoAnywhere MFT: an exploit has been developed for a critical vulnerability that allows attackers to bypass authentication and create admin accounts.

Ethical hackers told 37C3 how they found a few eye-openers while breaking DRM to fix trains.