Threatpost

Microsoft's May Patch Tuesday update is triggering authentication errors.

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack.

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.

Dell and HP were among the first to release patches and fixes for the bug.

A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.

Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.

Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.

The bug has a severe rating of 9.8, public exploits are released.

The threat group has leaked data that it claims was stolen in the breach and is promising more government-targeted attacks.

Researchers say a hacker is selling access to quality malware for chump change.

A huge spike in fraudulent activities related to attacks leveraging business email accounts is a billion-dollar-problem.

In this podcast with Mackenzie Jackson, developer advocate at GitGuardian, we dive into the report and also the issues that corporations face with public leaks from groups like Lapsus and more, as well as ways that developers can keep their code safe.

Activity dubbed ‘Raspberry Robin’ uses Microsoft Standard Installer and other legitimate processes to communicate with threat actors and execute nefarious commands.

A close look at a new type of network, known as a Cloud Area Network.

The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10.

Source code and Bitcoin transactions point to the malware, which emerged in March 2020, being the work of APT38, researchers at Trellix said.

A state-sponsored threat actor designed a house-of-cards style infection chain to exfiltrate massive troves of highly sensitive data.

A sophisticated campaign utilizes a novel anti-detection method.