A vulnerability in the GitHub Actions workflow for PyPI’s source repository could be exploited to perform a malicious pull request and eventually execute arbitrary code on pypi.org, according to a warning from a Japanese security researcher.
Nozomi Networks, a provider of operational technology (OT) and internet of things (IoT) cybersecurity solutions, said Monday that it has raised $100 million in Series D pre-IPO-funding round.
Nobelium-style Phishing Tactics Used to Spread Malware
Nearly 40 cybersecurity-related mergers and acquisitions were announced in July 2021.
The Open Source Security Foundation (OpenSSF), the cross-industry forum focused on improving open source software security, has expanded its member list with the addition of names such as Accurics, Anchore, Bloomberg Finance, Cisco Systems, Codethink, Cybertrust Japan, OpenUK, ShiftLeft, Sonatype and Tidelift.
Amazon was fined 746 million euros ($880 million) by Luxembourg authorities over allegations it flouted the EU's data protection rules, the online retail giant said Friday.
The National Security Agency (NSA) has published a new document to provide a series of recommendations on how governmental agencies in the United States can mitigate the cybersecurity risks associated with the use of wireless devices in public settings.
Several serious vulnerabilities discovered in a widely used pneumatic tube system made by Swisslog Healthcare can be highly useful for ransomware attacks aimed at hospitals, according to enterprise IoT security firm Armis.
Zoom, the videoconferencing firm, has agreed to settle a class-action US privacy lawsuit for $85 million, it said Sunday.
The suit charged that Zoom's sharing of users' personal data with Facebook, Google and LinkedIn was a breach of privacy for millions.
The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts of some of the most prominent federal prosecutors’ offices around the country last year, the Justice Department said.
A newly discovered Android banking Trojan relies on screen recording and keylogging instead of HTML overlays for the capturing of login credentials, according to security researchers at ThreatFabric.
The Russian cyberespionage group known as APT29 and Cozy Bear is still actively delivering a piece of malware named WellMess, despite the fact that the malware was exposed and detailed last year by Western governments.
A previously undocumented Chinese-speaking threat actor is targeting Microsoft Exchange vulnerabilities in an attempt to compromise high-profile victims, Kaspersky reveals.
Tracked as GhostEmperor, the long-running operation focuses on targets in Southeast Asia and uses a formerly unknown Windows kernel-mode rootkit.
For the last 15 years, researchers have produced an annual State of Application Security report. But in the last 18 pandemic driven months, they told SecurityWeek, “the world has turned on its head.” Both application development and use, and subsequent software compromises have grown dramatically.
A vulnerability patched recently in the WordPress Download Manager plugin could be abused to execute arbitrary code under specific configurations, the Wordfence team at WordPress security company Defiant warns.
Microsoft has shared more information on how organizations can protect Windows domain controllers and other Windows servers against potential PetitPotam attacks.
A 21-year-old Rhode Island woman has pleaded guilty to targeting candidates for political office and their campaign staff with phishing emails.
The woman, Diana Lebeau, of Cranston, R.I., admitted in court to sending phishing emails to roughly 22 members of the campaign staff of a political candidate, posing as the campaign’s managers or co-chairs.
Operating systems have been restored at South Africa's state-owned logistics firm, the company said Thursday following a cyber-attack last week that hit the country's key port terminals.
Two Belarusian nationals were arrested earlier this month in Poland on the suspicion they engaged in multiple ATM jackpotting attacks.
The two are believed to have committed dozens of ATM jackpotting attacks (also known as Black Box attacks) in several European countries, stealing an estimated €230,000 (approximately $273,000) in cash.
Security researchers at Guardicore Labs are sharing details of a critical vulnerability in Hyper-V that Microsoft patched in May 2021.