In an industry that operates in anonymity, trust is everything — but recent accusations of ransomware actors working with or being law enforcement is threatening that work model.

Implementation flaws in Google Drive integrations created server-side request forgery (SSRF) vulnerabilities in a variety of applications, a security researcher has revealed.

A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys.

The US Justice Department indicted six India-based call centers and their directors for their alleged role in making tens of millions of scam calls to defraud thousands of American citizens.

The attack, which was discovered on January 20, affected Dow Jones, the Wall Street Journal, the New York Post, News Corp headquarters, and its UK news operations, according to the report.

The acquisition enhances Keeper Security’s continued evolution in the identity and access cybersecurity space, particularly in enabling hyper-secure access to remote resources.

Microsoft said today that a Russian hacking group known as Gamaredon has been behind a streak of spear-phishing emails targeting Ukrainian entities and organizations related to Ukrainian affairs since October 2021.

Swissport International was hit by a ransomware attack that had a severe impact on its operations causing flights to suffer delays. The company said via Twitter that the attack has been largely contained.

The Department of Homeland Security has announced a new Cyber Safety Review Board bringing together cybersecurity experts from public and private organizations to “review and assess significant cybersecurity events.”

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch their systems against an actively exploited Windows vulnerability that enables attackers to gain SYSTEM privileges.