Alexander Culafi

Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.

Threat actors are scamming users by advertising legitimate-looking generative AI websites that, when visited, install credential-stealing malware onto the victim's computer.

The $168 million judgment against NSO Group underscores how citizens put little store in the spyware industry's justifications for circumventing security — but will it matter?

The threat group's goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more.

With critical infrastructure facing constant cyber threats from the Typhoons and other corners, federal agencies and others are warning security for the OT network, a core technology in many critical sectors, is not powered up enough.

CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild.

A cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-phishing attacks that exploit XSS vulnerabilities.

Researchers discovered a phishing attack in the wild that takes multiple well-tread technologies like open source packages and AES encryption and combines them.

A new equation introduced by the National Institute of Standards and Technology (NIST) aims to offer a mathematical likelihood that a vulnerability has been exploited in the wild.

A number of major industrial organizations suffered ransomware attacks last quarter, such as PCB manufacturer Unimicron, appliance maker Presto, and more — a harbinger of a rapidly developing and diversifying threat landscape.