Business

Two critical zero-day vulnerabilities in SharePoint are actively exploited by attackers in real-world attacks.

A curious case of spear-phishing email techniques employed on a mass scale.

We break down the Common Vulnerability Scoring System: what it’s for, how it’s used in practice, and why the Base Score is just the beginning — not the end — of vulnerability assessment.

How the research tool Defendnot disables Microsoft Defender by registering a fake antivirus, and why you shouldn’t always trust what your operating system says.

This is a story of how a blockchain developer lost US$500 000 to a fake Solidity extension from the Open VSX marketplace.

How cybercriminals can exploit your online store — and how to stop them.

How integrated industrial cybersecurity solutions protect OT networks and reduce the cost of critical incidents.

Drawing from INTERPOL’s just-released Africa Cyberthreat Assessment Report, we identify which threats most often target developing businesses – and how to stop them.

Researchers have found several vulnerabilities in the Sitecore CMS platform that enable unauthenticated remote code execution (RCE).

Researchers have found a vulnerability that allows attackers to get root privileges on most Linux distributions.

How to assess all the complexities of open-source application integration in advance, and choose the most efficient solutions.

Internet Explorer sends its regards: a vulnerability in the HTTP protocol extension allows attackers to run malicious code — even on a modern operating system.

While open-source projects let you build almost any infosec solution, it’s crucial to realistically assess your team’s resources and the time it would take to achieve your goals.

Since 2016, a threat actor has been exploiting insecure plugins and themes to infect WordPress websites and redirect traffic to malicious websites.

A popular password manager was modified to allow attackers to steal passwords and encrypt users’ data. How to protect home computers and corporate systems from this threat?

This post examines a hybrid email-and-phone scam in which attackers send emails from a genuine Microsoft email address.

Businesses reaching the “acceptance stage”: given inevitable breaches — how to prepare for them?

Scammers are using Google ads to push fake versions of real websites – and they’re after business accounts and company data.

We explore how cybercriminals are targeting IT specialists searching for a popular network scanner, using the Interlock ransomware attack as an example.

How organizations implement zero-trust principles, and what CISOs advise for project success.

How the situation with ransomware attacks on companies has changed, and why paying a ransom has become an even worse and more useless idea in 2025.