Cybersecurity researchers have discovered a concerning trend of PDF exploitation targeting users of Foxit Reader, a popular PDF software, with sophisticated attack chains and malware families being utilized in real-world scenarios.

The threat actor, likely located in the Commonwealth of Independent States (CIS), strategically targeted a spectrum of operating systems and computer architectures in the credential harvesting campaign, including Windows and macOS.

According to Comparitech, data breaches in US schools have exposed over 37.6 million records since 2005, with a significant surge in 2023 due to vulnerabilities in the MOVEit file transfer software affecting over 800 institutions.

The publication Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society is designed to provide high-risk communities with actionable steps to bolster their cybersecurity defenses.

Microsoft has released a Patch Tuesday update that addresses three zero-day flaws, two of which are actively being exploited in the wild, including an elevation of privilege flaw that could provide system-level access and compromise systems.

Upon analyzing Mallox samples, researchers identified two distinct affiliates using different approaches. One focused on exploiting vulnerable assets, while the other aimed at broader compromises of information systems on a larger scale.

The Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024, according to a new report from several US government agencies.

The platform, called Inspect, is set to pave the way for the safe innovation of AI models, according to the AI Safety Institute and Department for Science, Innovation and Technology (DIST).

Cybersecurity experts at the RSA Conference highlighted the growing sophistication of cyber threats, including the expanding attack surface, identity-based attacks leveraging AI-generated deepfakes, and the use of generative AI to create malware.

Security researchers have discovered a major new Russian disinformation campaign using generative AI (GenAI) to “plagiarize and weaponize” content from major news organizations, in a bid to influence Western voters.