The latest cybersecurity threats and news to help you protect your data, networks, applications, and devices.

  • Over 15 Million Systems Exposed to Known Exploited Vulnerabilities

    Effective vulnerability management is about knowing what you own and prioritizing what you need to fix. A new research report shows that millions of organizations are failing at those critical cybersecurity practices. Researchers at cybersecurity firm Rezilion found more than 15 million instances in which systems are vulnerable to the 896 flaws listed in the… Read more

  • Weakness at the Network Edge: Mandiant Examines 2022’s Zero-Day Exploits

    Enterprise IT, network and security product vulnerabilities were among those actively exploited in zero-day attacks last year, according to a recent Mandiant report. Mandiant tracked 55 zero-day vulnerabilities that were actively exploited in 2022. That’s fewer than the 81 zero-days exploited in 2021, but far more than those exploited in any previous year. Going forward,… Read more

  • Microsoft Targets Critical Outlook Zero-Day Flaw

    Microsoft’s Patch Tuesday for March 2023 includes patches for more than 70 vulnerabilities, including zero-day flaws in Outlook and in Windows SmartScreen. According to Crowdstrike researchers, 40 percent of the patched vulnerabilities are remote code execution flaws, down from 48 percent last month; 31 percent are elevation of privilege flaws, up from almost 16 percent… Read more

  • BlackMamba PoC Malware Uses AI to Avoid Detection

    HYAS researchers recently developed proof-of-concept (PoC) malware that leverages AI both to eliminate the need for command and control (C2) infrastructure and to generate new malware on the fly in order to evade detection algorithms. The malware, dubbed “BlackMamba,” is the latest example of exploits that can evade even the most sophisticated cybersecurity products. While… Read more

  • What is Cyber Threat Hunting? Definition, Techniques & Steps

    Threat hunting starts with a pretty paranoid premise: That your network may have already been breached and threat actors may be inside waiting for an opportunity to strike. Sadly, that turns out to be true in many cases. You can’t be paranoid enough when it comes to cybersecurity. And that’s why cyber threat hunting adds… Read more

  • Cloudflare Blocks Record DDoS Attack as Threats Surge

    Cloudflare mitigated dozens of hyper-volumetric DDoS attacks last weekend, most of them ranging from 50 to 70 million requests per second (RPS) – and the largest one exceeding 71 million RPS. “This is the largest reported HTTP DDoS attack on record, more than 35 percent higher than the previous reported record of 46 million RPS… Read more

  • Microsoft Patch Tuesday Includes Three Exploited Zero-Day Vulnerabilities

    Microsoft’s February 2023 Patch Tuesday fixes 75 vulnerabilities, nine of them rated critical, and three (all rated important) that are being exploited. “This is only the second Patch Tuesday of the year, and we have already tripled the number of weaponized threats that need to be fixed in this release,” Syxsense CEO and founder Ashley… Read more

  • Hackers Use RMM Software to Breach Federal Agencies

    Cybercriminals recently breached U.S. federal agencies using remote monitoring and management (RMM) software as part of a widespread campaign. The malicious campaign began in June 2022 or earlier and was detected a few months later, according to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the… Read more

  • Threat Groups Distributing Malware via Google Ads

    Security researchers are warning that Google Ads are being actively leveraged to distribute malware to unsuspecting victims searching for software downloads. On January 20, CronUp researcher Germán Fernández warned that the DEV-0569 ransomware group is using Google Ads to distribute Gozi/Ursnif malware, RedLine stealer, and Royal ransomware. “For deployment, they use Add-MpPreference to configure exclusions… Read more

  • Cybercriminals Use VSCode Extensions as New Attack Vector

    Microsoft’s Visual Studio Code integrated development environment (IDE) is used by as much as 75% of developers, so any security issue has widespread implications. And Aqua Nautilus researchers have discovered a big one. The researchers reported earlier this month that the VSCode editor could be vulnerable to attacks targeting its extensions. The free open source… Read more

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis