Insufficient policy enforcement could lead to data disclosure when loading malicious resources.

While most of the victims are based overseas, security pros say it’s plausible the group will also target North America.

The rollout of new rules around the Cybersecurity Maturity Model Certification by the U.S. Department of Defense is pushing government contractors to upgrade their internal security practices and protections

The malicious package also uses Unicode steganography to evade detection.

Google suspects Scattered Spider targeted UK retailers Marks & Spencer, the Co-op and Harrods.

Palo Alto Networks researchers spot instances where threat actors are using AI platforms.

The EUVD, maintained by ENISA, compiles information from the CVE program, CSIRTs and vendors.

A second zero-day flaw was found in addition to exploitation of Netweaver by ransomware groups.

Browser fingerprinting and additional payload encryption are the most recent methods used.

Patches include five vulnerabilities actively targeted in the wild, as well as two others with public exploit code available.