Cybersecurity

A sophisticated supply chain attack via the xz Utils compression library was caught just days before reaching stable Linux distributions.

An international law enforcement coalition takes down the LockBit ransomware group’s infrastructure in a landmark operation.

A critical Jenkins vulnerability allows arbitrary file reads through the CLI. Here’s why this matters more than your typical CVE and what it reveals about CI/CD security.

Researchers disclose the Terrapin attack against SSH, demonstrating that even our most trusted protocols can harbor subtle cryptographic weaknesses.

The LockBit ransomware attack on ICBC’s US operations disrupted Treasury market trading and exposed critical vulnerabilities in financial infrastructure.

CVE-2023-44487 exploits a fundamental aspect of HTTP/2 to enable record-breaking DDoS attacks. Here’s what you need to know and do.

The MGM Resorts cyberattack that started with a phone call is a stark reminder that the most sophisticated defenses can be undone by human vulnerability.

A new Intel CPU vulnerability called Downfall exposes sensitive data through speculative execution, and the performance impact of mitigations is significant.

The MOVEit Transfer vulnerability has now impacted hundreds of organizations worldwide — a stark reminder that managed file transfer tools remain critical and under-secured attack surfaces.

A critical zero-day in Progress MOVEit Transfer is being actively exploited, and the scope of the damage is still emerging.

Google enables passkey sign-in for all Google Accounts, marking the most significant push yet toward a passwordless future built on FIDO2 and WebAuthn.

Samsung employees accidentally leaked proprietary source code and meeting notes via ChatGPT, exposing the urgent need for enterprise AI usage policies.