Application Attack Matrix is a community effort designed to help defenders and organizations better understand and define how attackers use and exploit weaknesses in applications.

Experts told CyberScoop the research 'doesn’t pass a sniff test' and detracts from needed conversations around credential abuse and information stealers.

To defend “target rich, resource poor” critical infrastructure from cyberattacks, the U.S. must expand its patchwork volunteer system, a new report concludes. 

Some browser extension permissions are too broad, and owners can quickly repurpose pre-approved capabilities for malicious intent, a security researcher told CyberScoop.

Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high.

Ransomware groups last year achieved lateral movement within an average of 48 minutes after gaining initial access to targeted environments, threat intelligence experts said.

Federal prosecutors accuse Cameron Wagenius of searching how to defect to Russia before he tried to sell stolen data to a foreign intelligence service.

The vulnerability, described by a researcher as “bad programming,” allows an attacker to send unlimited connection requests through ChatGPT’s API.

The credentials are likely for future phishing and spam campaigns, Sysdig researchers said.

The Qilin ransomware operation first emerged in July 2022 after rebranding a previous variant known as Agenda and rewriting the malware in Rust.