Kim Jong-Un’s hackers are scraping the bottom of the barrel, using script kiddie-grade malware to steal devalued digital assets.

The latest vulnerability severity scoring system addresses gaps in the previous version; here’s how to get the most out of it.

Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the bug’s revised CVSS score of 10.

Companies must recognize AI’s utility, while setting clear boundaries to curtail unsafe utilization.

Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials.

Mandiant/Google Cloud’s Jill C. Tyson offers up timelines, checklists, and other guidance around enterprisewide readiness to ensure compliance with the new rule.

To combat sophisticated threats, we need to improve how we approach authorization and access controls.

The attackers also use custom wipers to cover their tracks and bypass EDR.

Previously limited to initial access brokering, the Gootloader group has pivoted to a nasty post-compromise “GootBot” attack, each implant with its own C2.

With AI and publicly available data, cybercriminals have the resources they need to fake a real-life kidnapping and make you believe it.