Google reveals details on Android’s Advanced Protection for Chrome
Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements.
Suspected contractor for China’s Hafnium group arrested in Italy
U.S. authorities charged the man and a co-conspirator with hacking COVID-19 researchers and kicking off a cyberattack spree targeting Microsoft Exchange servers.
Driver's license numbers, addresses leaked in 2024 bitcoin ATM company breach
Bitcoin Depot, which operates cryptocurrency ATMs across North America, says information belonging to more than 26,000 people was breached in an incident last year.
Microsoft expands Zero Trust workshop to cover network, SecOps, and more
The Microsoft Zero Trust workshop has been expanded to cover all six pillars of Microsoft's Zero Trust model, providing a comprehensive guide for organizations to modernize their security posture.
Taking your cyber security skills up a level? Use our comprehensive cheat sheet to ace your CompTIA Security+ exam and kickstart your cyber security career.
Ruckus Networks leaves severe flaws unpatched in management devices
Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve.
Scattered Spider Behind Major ESXi Ransomware Attacks | CSA
Scattered Spider (aka UNC3944, 0ktapus, & Muddled Libra) is one of the most dangerous threat clusters in operation. Their most damaging operations target ESXi.
Treasury sanctions North Korean over IT worker malware scheme
The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea's hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime.
New ServiceNow flaw lets attackers enumerate restricted data
A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access.
The MFA You Trust Is Lying to You – and Here's How Attackers Exploit It
MFA Authenticator apps aren't cutting it anymore. Attackers are bypassing legacy MFA with fake sites and real-time phishing. Token Ring and BioStick stop them cold—with fingerprint-bound hardware. Learn more from Token.
Yet Another Strava Privacy Leak - Schneier on Security
This time it’s the Swedish prime minister’s bodyguards. (Last year, it was the US Secret Service and Emmanuel Macron’s bodyguards. in 2018, it was secret US military bases.) This is ridiculous. Why do people continue to make their data public?
Understanding Security Risks in AI-Generated Code | CSA
AI coding assistants accelerate development, but they also introduce security risks. Learn how AI-generated code introduces risk and how to stay ahead.