Russian state-sponsored threat actor Nobelium used a basic password-spray attack to breach Microsoft corporate email accounts, including for execs.

Even the most careful VMware customers may need to go back and double check that they weren’t compromised by a zero-day exploit for CVE-2023-34048.

Thousands of vulnerable servers may be open to cyberattacks exploiting the max-severity CVE-2023-46604 bug.

Security teams need to start factoring for these tools when thinking about the software supply chain. After all, they can’t protect what they don’t know they have.

Infosec advocacy group warns that poor patching practices and reliance on cracked software increases risk.

The agency aims to build a more robust cybersecurity posture for the nation.

Ambient light sensors on smart-device screens can effectively be turned into a camera, opening up yet another path to snooping on unwitting victims.

Australia’s Essential Eight Maturity Model still doesn’t address key factors needed to protect today’s cloud and SaaS environments.

The Charming Kitten-related cyber-espionage group is posing as legitimate journalists and researchers to get intel on the Israel-Hamas war.

An IANS survey shows that CISOs shoulder more and more legal and regulatory liability for data breaches, but few are getting the recognition or support they need.