Cyber Due Diligence
Google Looks to Dim ‘Lighthouse’ Phishing-as-a-Service Op
The phishing kit, run by a group known as the "Smishing Triad," has powered massive amounts of unpaid tolls and package tracking texts....
Microsoft Exchange ‘Under Imminent Threat’, Act Now
Threats against Microsoft Exchange continue to mount, but there are steps both organizations and Microsoft can take.
Phishing Tool Uses Smart Redirects to Bypass Detection
A campaign against Microsoft 365 users leverages Quantum Route Redirection, which simplifies previously technical attack steps and has ...
Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs
Security teams may have a less burdensome rollout in November after October's Goliath Patch Tuesday, but shouldn't wait on a few top-pr...
Grandparents to C-Suite: Elder Fraud Reveals Gaps in Human-Centered Cybersecurity
Cybercriminals are weaponizing AI voice cloning and publicly available data to craft social engineering scams that emotionally manipula...
Bridging the Skills Gap: How Military Veterans Are Strengthening Cybersecurity
From intelligence analysts to surface warfare officers, military veterans of all backgrounds are successfully pivoting to cybersecurity...
Kimsuky APT Takes Over South Korean Androids, Abuses KakaoTalk
Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost...
OWASP Highlights Supply Chain Risks in New Top 10 List
Security misconfiguration jumped to second place while injection vulnerabilities dropped, as organizations improve defenses against tra...
GlassWorm Returns, Slices Back into VS Code Extensions
GlassWorm, a self-propagating VS Code malware first found in the Open VSX marketplace, continues to infect developer devices around the...
ClickFix Campaign Targets Hotels, Spurs Secondary Customer Attacks
Attackers compromise hospitality providers with an infostealer and RAT malware and then use stolen data to launch phishing attacks agai...