SMB

Microsoft’s March Patch Tuesday fixes several vulnerabilities that have already been used in the wild. Details are not clear at the moment, but it’s worth installing the patches ASAP.

We’ve added technology that checks QR codes in emails for phishing links.

A vulnerability in Google OAuth allows attackers to access accounts of defunct organizations through abandoned domains.

What is Auto-Woodpecker, and what does it have to do with AI?

Just a few hours before 2025, we recorded a surge in cryptominer distribution through video games. Interestingly, not only home PCs but also corporate machines were affected.

New research demonstrates for the first time how hardware vulnerabilities in modern CPUs can be exploited in practice.

We look at the most notable supply-chain attacks of 2024.

$3 billion worth of damage to healthcare insurance giant, schools closed, soccer club players’ data leaked, and other ransomware incidents in 2024.

Researchers have discovered a vulnerability in the 7-Zip file archiver software.

The complete story of the hype, panic, and misunderstanding surrounding attacks on cryptographic algorithms using quantum computers.

Dangerous features are creeping into legitimate Chrome extensions. How to keep your organization safe?

Cybercriminals distributing the Mamont banker under the guise of an application for tracking the delivery of goods at wholesale prices.

Hidden logic, data poisoning, and other targeted attack methods via AI systems.

The patch that fixes CVE-2024-49040 in Microsoft Exchange is temporarily unavailable. We’ve implemented heuristics that detect attempts to exploit it.

Malicious packages for AI integration containing infostealer malware were found in the Python Package Index repository.

A vulnerability that permits bypassing authentication has been found in a popular security hardening plugin for WordPress.

Exploitation of vulnerability CVE-2024-43451 allows an attacker to steal an NTLMv2 hash with minimal interaction from the victim.

Hackers continue to target developers: during a fake job interview, they ask “potential employees” to run a script from GitHub that hides a backdoor.

Phishers have adopted another trick: they send emails pretending to be from Docusign with a fake link to a document that the recipient must sign.

Why cybersecurity in education is critical, and how to protect schools from attacks.

Two fresh papers on the art of data exfiltration in scenarios where it seems utterly impossible.