A researcher tells CyberScoop that up to 80% of enterprises could be vulnerable to the zero-day Microsoft patched in its June update.

Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.

The 20-year bureau pro wants to see what it’s like to fight ransomware from the private sector.

The lawmakers say the January purge has left the United States blind on the nature of the historic Salt Typhoon telecommunications breach.

Laundry Bear, a group recently identified by Dutch intelligence and security services, stole work-related contact details on the Netherlands’ national police force in September 2024, Microsoft researchers…

Global law enforcement authorities and Microsoft seized or disrupted the prolific infostealer’s central command infrastructure, malicious domains and marketplaces where the malware was sold.

The company has addressed zero-day vulnerabilities for eight consecutive months without deeming any of them critical at the time of disclosure.

The allegations, supported by the foreign ministry, are more specific and aggressive than usual and say the U.S. sought to disrupt the Asian Winter Games.

Microsoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia.

Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.