-
Executive Summary Beginning in late 2021 and continuing late into 2022, a globally active, extortion-focused cyber threat actor group attacked dozens of well-known companies and government agencies …
-
The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules.
Software supply chain security f…
-
-
North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the JumpCloud hack following an operational security (OPSEC) blunder that exposed the…
-
## Use case
Import all the NIST CPE (Common Platform Enumeration)
## Current Workaround
## Proposed Solution
Create a CPE connector: https://nvd.nist.gov/developers/products
## Additi…
-
### **SUMMARY**
**_Note:_** _This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants…
-
One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. N…
-
# 每日安全资讯(2023-06-28)
- HackerOne Hacker Activity
- [ ] [User scoped external storage can be used to gather credentials of other users](https://hackerone.com/reports/1978882)
- SecWiki News
- [ ] …
-
On April 1, DataBreaches reached out to Bienville Orthopaedic Specialists (BOS) in Mississippi to ask about a claim by Abyss threat actors that they had compromised BOS. BOS never replied. But now, …
-
Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign.
The activity, …