Business

The JavaScript CDN service Polyfill.io has started spreading malicious code. Remove the service’s script from your website.

Developers’ accounts are being hijacked using fake job offers sent from a legitimate GitHub address.

Based on our analysis of ZKTeco vulnerabilities, we dissect the risks associated with biometric authentication.

Cybercriminals are using genuine Facebook infrastructure to send phishing emails threatening to block accounts.

dormakaba Saflok locks — used on around three million doors across 13,000 hotels — are vulnerable to an attack that involves forging electronic keycards.

A credential stuffing attack is one of the most effective ways to take control of accounts. Here’s how it works and what you should do to protect your company.

Dropbox has shared a report on a data breach in the Dropbox Sign e-signature service. What does this mean for users, and what should they do?

Proxyware can make it difficult to detect cyberattacks on organizations — sometimes making the latter unwitting accomplices in crimes.

A look at the biggest ransomware attacks of 2023.

The KeyTrap DoS attack, which can disable DNS servers with a single malicious packet exploiting a vulnerability in DNSSEC.

Why cybercriminals want to attack PR and marketing staff and, crucially, how to protect your company from financial and reputational harm.

Time to update Fortra GoAnywhere MFT: an exploit has been developed for a critical vulnerability that allows attackers to bypass authentication and create admin accounts.

Ethical hackers told 37C3 how they found a few eye-openers while breaking DRM to fix trains.

Google OAuth allows to create phantom Google accounts — uncontrollable by corporate Google Workspace administrators.

Espionage operations to hack corporate routers are now commonplace — and all organizations need to be aware of this.

Why criminals want to hack your website, how they might use it in new attacks, and how to stop them.

Proper account security not only reduces the number of cyberattacks on companies — it brings financial benefits too. What needs to be done to reap them?

It’s common practice in many companies to keep work and personal information separate. But browser synchronization often remains unnoticed — and attackers are already exploiting it.

Business is actively moving over to open-source solutions. How can the transition be made successfully, and what are the risks to consider?

Information security measures are far more effective when supported by top management. How to get this support?

Miners still pose a threat to businesses — especially ones that use cloud infrastructure.