A newly uncovered phishing campaign is exploiting the growing popularity of CapCut, a video editing tool developed by ByteDance. The attackers are utilizing a technique known as reputational hijacking, which allows them to embed malware within a legitimate-looking package, bypassing Smart App Control (SAC) and leaving users vulnerable to data theft and system compromise. This campaign represents a significant escalation in the tactics used by threat actors to evade detection.

From early Bitcoin-exchange hacks to today's multi-million-dollar DeFi exploits, crypto heists are becoming more frequent, and the stakes are higher than ever. Today's report explores some of the biggest heists, what makes them possible, and why Web3 security is more critical than ever.

American businesses are on the front line of the nation’s looming conflicts with China and other adversaries like Russia and Iran, the U.S. spy chief Director of National Intelligence Avril Haines warned last week. Learn why the relationship between the private sector and the intelligence community needs to outgrow the confines of the customer/vendor nexus and go beyond its current information-sharing paradigm.

A vulnerability allowing malicious files to be uploaded to the Versa Director GUI by users with System Admin credentials is being exploited. Stay informed with CyberWatch.

In May of 2024, a national association for amateur radio was hit by a severe ransomware attack that encrypted multiple internal systems, including desktops, laptops, and both Windows and Linux servers. The attack was coordinated by organized criminals and enabled by information purchased on the dark web. Learn how their response can help your organization avoid becoming a casualty of the ransomware trend.

Chief among the multi-layered strategies companies use to safeguard their sensitive data is network segmentation. This approach, which involves dividing a network into smaller, isolated segments, goes a long way toward stymying the efforts of malicious actors. The significance of network segmentation and subnetting, along with their many benefits are discussed ahead.

New threats emerge daily, but some old network vulnerabilities stubbornly refuse to fade away. One such vulnerability is Log4j, better known as Log4Shell. Discovered nearly three years ago, this critical flaw continues to wreak havoc across industries. Dive into the details and explore why this vulnerability remains such a persistent threat.

The Blast-RADIUS incident is a wake-up call for the cybersecurity industry, regulatory bodies, and enterprises to urgently transition to modern, more secure standards and protocols.

Google Chrome and Microsoft Edge have released updates for an actively exploited Zero Day Vulnerability. Google is aware that an exploit for this CVE is circulating publicly.