GitHub Enterprise Server 3.20.3 Addresses Critical Security Flaws
GitHub has released Enterprise Server (GHES) version 3.20.
Financial
20 articles
The NSA, ‘Mythos’ and the quiet emergence of AI cyber doctrine
For most of my career running security operations, the shape of cyber conflict has been defined by who could move faster than the other side. Faster at ident...
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing mal...
Jetico expands BestCrypt Data Shelter with zero-trust file access controls
Jetico has announced the extension of BestCrypt Data Shelter to include centrally managed enterprise data access control for sensitive files. The solution al...
Coinflow CISO on crypto payments security under AI pressure
Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Mal...
European AI adoption hits 99% with regulated data driving most policy violations
Generative AI tools operate inside nearly every European workplace, embedded in meeting transcription services, writing assistants, coding copilots, and sear...
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with malicious sites also surfaced through A...
North Korea's Lazarus Group uses new RemotePE malware against financial targets
RemotePE is deployed through a multi-stage attack chain involving two loaders, DPAPILoader and RemotePELoader.
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continent...
Lazarus APT unveils fileless remote access Trojan designed to evade detection
North Korea-linked Lazarus APT Group is using a stealthy memory-only RAT that leaves almost no forensic traces behind.
Jailbroken Gemini AI Abused in Credential Theft and Crypto Wallet Heist
Jailbroken Gemini AI has been weaponised in a long-running campaign that combined political influence, credential theft, and a cryptocurrency wallet heist, a...
Product showcase: F-Secure Internet Security blocks phishing sites, fake stores, and SMS scams
F-Secure Internet Security protects against viruses, ransomware, spyware, infected email attachments, and other cyber threats. It focuses on securing devices...
Telegram Channels Fuel Sale of Verified Bank Mule Accounts
Cybercriminal groups are increasingly using Telegram channels and encrypted platforms to sell verified bank and fintech mule accounts, signaling a major shif...
Italian Authorities Dismantle CINEMAGOAL App Enabling Unauthorised Access to Streaming Platforms
Italian law enforcement agencies have dismantled a sophisticated piracy operation centered around the CINEMAGOAL application, which enabled unauthorized acce...
DocketWise Data Breach Impacts 143,000
Hackers accessed names, addresses, Social Security numbers, financial information, and medical data from third-party partner repositories. The post DocketWis...
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in att...
Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation
Dutch authorities arrested two suspects and seized 800 servers tied to Stark Industries, a hosting firm linked to cyberattacks and disinformation. Dutch fina...
Hackers Compromise 34 npm, PyPI, and Crates Packages in Major Supply Chain Attack
Hackers have launched a large-scale software supply chain attack targeting developers across npm, PyPI, and Crates.io, compromising at least 34 open-source p...
Boards want cyber risk in dollars, not CVE counts
In this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for s...
Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers
Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to ...