Despite the escalating frequency of data breaches, ransomware incidents, and assorted cyber perils, persuading Boards of Directors to invest in robust cybersecurity measures remains a challenge for many businesses. This hurdle primarily stems from the necessity to demonstrate tangible Return ...

At the turn of the millennium, cybercrime was scarcely a concern. The Good Friday Agreement was fresh, the US had just expelled a Russian diplomat for espionage, and fears of the Y2K bug loomed. It wasn’t until five months later ...

On Monday, Microsoft revealed detection of Kremlin-backed nation-state activity exploiting a now-resolved critical security loophole in its Outlook email service. The vulnerability facilitated unauthorized access to victims’ accounts within Exchange servers. The intrusions were attributed to a threat actor known ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a significant Adobe ColdFusion vulnerability by unidentified threat actors aiming to gain initial access to government servers. CISA stated, “The ColdFusion vulnerability (CVE-2023-26360) ...

An urgent Bluetooth security flaw has surfaced, posing a significant threat to Android, Linux, macOS, and iOS devices. Identified as CVE-2023-45866, the flaw centers around an authentication bypass issue, allowing attackers to establish connections with vulnerable devices and inject keystrokes ...

Recently disclosed technical details shed light on two security vulnerabilities in Microsoft Windows that have since been patched, but could still be combined by malicious actors to achieve remote code execution on the Outlook email service without any user interaction. ...

A recently addressed security loophole in Microsoft Outlook has been identified as a potential avenue for threat actors to obtain NT LAN Manager (NTLM) v2 hashed passwords when accessing a specially designed file. This security concern, denoted as CVE-2023-35636 (CVSS ...

Information-stealing malware is actively leveraging an undocumented Google OAuth endpoint called MultiLogin to hijack user sessions, allowing continuous access to Google services even after a password reset. CloudSEK reports that this critical exploit facilitates session persistence and cookie generation, empowering ...

Google has issued updates to address four security vulnerabilities in its Chrome browser, including a zero-day flaw currently being actively exploited. The identified issue, designated as CVE-2024-0519, revolves around an out-of-bounds memory access within the V8 JavaScript and WebAssembly engine. ...

A recent study by Cloudsek reveals that verified X accounts adorned with gold checkmarks are being peddled on the dark web, with prices ranging from $1200 to $2000, depending on their brand recognition and outreach. The surge in the availability ...