Cybersecurity Archives

In this picture taken near the truce village of Panmunjom inside the demilitarized zone (DMZ) separating the two Koreas, a bird flies near a North Korean flag fluttering in the wind at the propaganda village of Gijungdong in North Korea on October 4, 2022. (Photo by ANTHONY WALLACE/AFP via Getty Images)

Lazarus Group deceives developers with 6 new malicious npm packages

Socket researchers said the malware-ridden packages were collectively downloaded over 330 times. GitHub removed all of the malicious packages Wednesday.

14 hours ago By Matt Kapko

The Stop CSAM Act, first introduced in 2023 by Sens. Josh Hawley, R-Mo., (above) and Dick Durbin, D-Ill., would impose several new requirements on companies to prevent the hosting and distribution of child sexual abuse material on their platforms.

Legislative push for child online safety runs afoul of encryption advocates (again)

The Stop CSAM Act would compel companies to curb online child sexual abuse material, but critics argue it would also weaken encrypted services for all users.

15 hours ago By Derek B. Johnson

Red Hat’s Adam Clater on navigating zero trust’s unknowns

Adam Clater | Chief Architect for Civilian Agencies | Red Hat

22 hours ago By Scoop News Group

A view of the Microsoft corporate logo in front of the Microsoft Office building on 41st street and 8th avenue on July 19, 2024 in New York City. (Photo by Craig T Fruchtman/Getty Images)

Microsoft patches 57 vulnerabilities, including 6 zero-days

More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update are high-severity flaws.

2 days ago By Matt Kapko

The Apple logo is seen on a window of the company’s store in Bangkok on March 5, 2021. (Photo by Mladen ANTONOV / AFP) (Photo by MLADEN ANTONOV/AFP via Getty Images)

Apple discloses zero-day vulnerability, releases emergency patches

Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine. Tracked as CVE-2025-24201, an attacker can potentially…

2 days ago By Greg Otto

External researchers can’t determine the originating IP addresses for the flood of malicious traffic that hit X’s servers without direct access to X’s systems. (Photo by KIRILL KUDRYAVTSEV/AFP via Getty Images)

X suffered a DDoS attack. Its CEO and security researchers can’t agree on who did it.

X’s wave of outages resembled a DDoS attack and Dark Storm Team, a prolific threat group specializing in such attacks, claimed responsibility.

2 days ago By Matt Kapko

National General, an insurance company Allstate acquired for $4 billion in 2021, failed to notify almost 12,000 people their driver’s license numbers were compromised. (Getty Images)

New York sues Allstate and subsidiaries for back-to-back data breaches

A pair of data breaches in late 2020 and early 2021 exposed driver’s license numbers of almost 200,000 people.

2 days ago By Matt Kapko

Sean Plankey picked by Trump to be CISA director

Plankey’s nomination fills the biggest remaining gap among cyber leaders in the second Trump administration.

2 days ago By Tim Starks

CISA, DHS, Department of Homeland Security, RSA 2019 — The DHS and CISA booth at the 2019 RSA conference in San Francisco. (Scoop News Group photo)

CISA completed its election security review. It won’t make the results public

Critics said the decision creates broad uncertainty among other stakeholders who work to protect elections.

6 days ago By Derek B. Johnson Colin Wood

U.S. Postal Service (USPS) trucks are parked at a post office on Aug. 23 in Glendale, California. (Photo by Mario Tama/Getty Images)

Ransomware poseurs are trying to extort businesses through physical letters

The FBI is warning business leaders about the scam perpetrated by an unidentified threat group.

6 days ago By Matt Kapko