SMB

The patch that fixes CVE-2024-49040 in Microsoft Exchange is temporarily unavailable. We’ve implemented heuristics that detect attempts to exploit it.

Malicious packages for AI integration containing infostealer malware were found in the Python Package Index repository.

A vulnerability that permits bypassing authentication has been found in a popular security hardening plugin for WordPress.

Exploitation of vulnerability CVE-2024-43451 allows an attacker to steal an NTLMv2 hash with minimal interaction from the victim.

Hackers continue to target developers: during a fake job interview, they ask “potential employees” to run a script from GitHub that hides a backdoor.

Phishers have adopted another trick: they send emails pretending to be from Docusign with a fake link to a document that the recipient must sign.

Why cybersecurity in education is critical, and how to protect schools from attacks.

Our developments, products, research, patents and expert teams harnessed for AI.

An Office 365 security alert as bait in a phishing email.

Where and why quantum-resistant cryptography has already been implemented, and what compatibility issues it caused.

A paper from Uruguayan scientists lays out a highly technical and impractical method of spying on computer monitors.

Windows Downdate is an attack that can roll back updates to your OS to reintroduce vulnerabilities and allow attackers to take full control of your system. How to mitigate the risk?

Cybercriminals are using AitM techniques to compromise accounts of company executives. How do they do this, and how to protect against it?

Managing cybersecurity risks through an evidence-based approach.

Although Microsoft has radically revised the rollout plan for its controversial Recall feature, cybersecurity teams can’t afford to ignore the issue of “AI onlookers.

The story of how CrowdStrike released an update on a Friday and brought down thousands, tens of thousands, or maybe even hundreds of thousands of computers around the world.

A zero-day vulnerability actively exploited by attackers has been discovered in Internet Explorer — the browser that Microsoft supposedly laid to rest over a year ago.

Medium-sized businesses increasingly find themselves on the receiving end of targeted attacks. What tools does one need when basic security proves inadequate?

Someone is targeting security experts using an archive that allegedly contains an exploit for the regreSSHion vulnerability.

The JavaScript CDN service Polyfill.io has started spreading malicious code. Remove the service’s script from your website.

Developers’ accounts are being hijacked using fake job offers sent from a legitimate GitHub address.