Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before. Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primary
Multiple suspected Russia-linked threat actors are “aggressively” targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device…
The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users’ private keys. The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been…
Critics — which include the US embassy in Zambia — contend the just-signed Cyber Security Act and the Cyber Crime Act allow suppression of dissent and too much concentration of power.
Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. “We’ve made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for…
The cybersecurity landscape confounded expectations in 2024, as anticipated threats and risk didn’t materialize and less widely touted attack scenarios shot up.
Understanding how multiple AI models speak to each other and deciding which framework to use requires careful evaluation of both the business benefits of advanced AI orchestration and the cybersecurity implications of connecting automated services.
The tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT’s breach of its Exchange Online environment in 2023.
The Texas municipality is following its incident response playbook as it works with a third-party to investigate the scope and scale of the attack.
Dialysis firm DaVita, Wisconsin-based Bell Ambulance, and Alabama Ophthalmology Associates all suffered apparent or confirmed ransomware attacks this month.