Kali Linux can now run in Apple containers on macOS systems
Cybersecurity professionals and researchers can now launch Kali Linux in a virtualized container on macOS Sequoia using Apple's new containerization framework.
Feds still trying to crack Volt Typhoon hackers’ intentions, goals | CyberScoop
Federal analysts are still sizing up what the Chinese hackers known as Volt Typhoon might have intended by setting up shop there, a CISA official said Thursday.
Modernize your identity defense with Microsoft Identity Threat Detection and Response
Microsoft's Identity Threat Detection and Response solution integrates identity and security operations to protect against identity-based cyberthreats.
Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow | CyberScoop
A new Microsoft report finds that the long-running threat group has gained positions on state-aligned ISPs and Russian telecoms, while tricking foreign embassy staff to download custom malware.
Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks
Microsoft warns that a cyber-espionage group linked to Russia's Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers.
CISA open-sources Thorium platform for malware, forensic analysis
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, public, and private sectors.
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware.
CompTIA Security+ vs Google Cybersecurity Professional: What’s Best?
Learn which entry-level cyber security certification is right for you in this CompTIA Security+ vs Google Cybersecurity Professional Certificate showdown.
Ransomware gangs capitalize on law enforcement takedowns of competitors
After authorities dismantled LockBit and RansomHub, other groups rushed in to snatch up their affiliates, according to a new report that highlights a cybercrime ecosystem in flux.
The goal of Thorium is to enable cyber defenders to bring automation to their existing analysis through simple tool integration and event-driven triggers, CISA said, adding that it is built to support cybersecurity teams across mission functions.
North Korean hackers target open-source repositories in new espionage campaign
In its latest operation, Lazarus took advantage of major gaps in the open-source software supply chain — like developers depending on unvetted packages and the lack of oversight for popular tools that are often maintained by just one or two people.
Espionage costing Australia $8 billion each year, warns intelligence chief
Mike Burgess, who leads the Australian Security Intelligence Organisation, said at the Annual Hawke Lecture at the University of South Australia that he was putting a dollar figure on the economic cost of espionage for the first time to stress the “real, present and costly danger” facing Australia.
Spikes in malicious activity precede new CVEs in 80% of cases
Researchers have found that in roughly 80% of cases, spikes in malicious activity like network reconnaissance, targeted scanning, and brute-forcing attempts are a precursor to the disclosure of new security vulnerabilities (CVEs) within six weeks.
Quishing is Here, and It’s Hiding in Plain Sight | CSA
QR codes promise convenience, but most people don’t realize the sheer ease with which those codes can be weaponized. Learn more about the new “quishing” threat.
Senate legislation would direct federal agencies to fortify against quantum computing cyber threats | CyberScoop
A bipartisan pair of senators are introducing legislation Thursday that would direct a White House office to develop a strategy for reckoning with the cybersecurity ramifications of quantum computers, and require agencies to begin pilot programs on quantum-safe encryption.