Digital attackers are now abusing the 16Shop phishing kit to target Amazon users for the purpose of stealing access to their accounts.
If you saw a coworker browsing through a database they weren't supposed to have access to, would you report it? New research suggests that employees often underreport such security incidents.
An Astaroth attack leveraged only living-off-the-land techniques to run the backdoor directly in memory on Windows machines.
While the cybersecurity skills gap is a years-old challenge, organizations are facing a new conundrum: The cyber kill chain is getting shorter. How can the industry address these dual problems?
Sodinokibi ransomware affiliates have added malvertising campaigns to the growing list of attack vectors used to infect victims, according to reports.
Beyond the obvious benefit of proactively identifying application security incidents, threat modeling gives security leaders opportunities to educate developers and foster a DevSecOps culture.
Threat intelligence reveals that highly targeted social engineering attacks are growing. Here's what you need to know to defend your organization.
A security firm released an updated decryption tool that enables victims of GandCrab ransomware version 5.2 and below to recover their stolen files for free.
The security industry does a thorough job of conveying the latest cybersecurity news, albeit sometimes to the detriment of the people whose job it is to set security priorities.
When it comes to social engineering training, make sure every employee learns the names of specific attacks.