Google Wants to Transition to Post-Quantum Cryptography by 2029
Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantu...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1598 — Phishing for Information (Reconnaissance)
Clear filter136 articles found
ResokerRAT Hijacks Telegram API to Command Infected Windows PCs
A newly identified Windows malware dubbed ResokerRAT abuses Telegram’s Bot API as its main command-and-control (C2) channel to remotely monitor and control i...
CISOs grapple with AI demands within flat budgets
Security spending continues to edge upward across large organizations, though the changes remain gradual and tightly managed. The 2026 RH-ISAC CISO Benchmark...
Top 10 Best Identity And Access Management (IAM) Companies 2026
In the rapidly evolving digital landscape of 2026, Identity and Access Management (IAM) has transcended its traditional role to become the foundational pilla...
TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
This is the sixth update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0;"When the Security Scanner Became the Weap...
Simplifying MBA obfuscation with CoBRA
Mixed Boolean-Arithmetic (MBA) obfuscation disguises simple operations like x + y behind tangles of arithmetic and bitwise operators. Malware authors and sof...
Click, wait, repeat: Digital trust erodes one login at a time
Sign-up forms that drag on, login steps that repeat, and access requests that take longer than expected have become a normal part of using digital services. ...
French Senate passes bill that would ban children under 15 from social media
If the French effort becomes law, it would make France the first European country to follow Australia’s lead by banning social media for young teenagers.
CISA Issues Alert on Chrome Zero-Day Under Active Exploitation
The U.S.
Cybersecurity in the age of instant software
AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant...
Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished
A cannabis-growing, beekeeping, gyrocopter-flying Irishman invested his drug money in Bitcoin back in 2011 - and now sits on a fortune worth $400 million. Th...
New EvilTokens service fuels Microsoft device code phishing attacks
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced feat...
Cyberattacks powered by stolen credentials on the rise
Cybersecurity incidents are increasingly centered on identity abuse, where stolen login credentials serve as the primary entry point for attackers, and the g...
Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Co...
TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)
This is the fifth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026).
Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
Today, most malware are called “fileless†because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they ne...
Security awareness is not a control: Rethinking human risk in enterprise security
Organizations have been responding to phishing, business email compromise, and credential theft in essentially the same manner for over ten years. They essen...
New compliance guide available: ISO/IEC 27001:2022 on AWS
We’re excited to announce the release of our latest compliance guide, ISO/IEC 27001:2022 on AWS, which provides practical guidance for organizations designin...
Illicit LNK files deploy Russian CTRL toolkit
Illicit LNK files deploy Russian CTRL toolkit The Hacker News reports that malicious Windows LNK files masquerading as private key folders have been tapped t...
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild
A vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentic...