Threats

Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.

  • New GIFShell Attack Targets Microsoft Teams

    A cybersecurity consultant has discovered a new attack chain that leverages GIF images in Microsoft Teams to execute arbitrary commands on the target’s machine. The exploit uncovered by Bobby Rauch is dubbed “GIFShell,” and the main component is a GIF image that contains a hidden Python script. This crafted image is sent to a Microsoft…

  • CVSS Vulnerability Scores Can Be Misleading: Security Researchers

    Vulnerability management systems based on the Common Vulnerability Scoring System (CVSS) v2 scoring system may be misguided, as a new report found that roughly half of the most critical vulnerabilities may be scored incorrectly. “Looking at the past 10 years, in the same midyear period, we see that on average, 51.5 percent of all known…

  • Top Network Detection & Response (NDR) Solutions

    In the race to offer comprehensive cybersecurity solutions, the product known as network detection and response (NDR) is a standalone solution as well as a central component of XDR. Whereas older solutions like antivirus, firewalls, and endpoint detection and response (EDR) have long focused on threats at the network perimeter, the intent of NDR is…

  • GitLab Patches Critical RCE in Community and Enterprise Editions

    The widely-used DevOps platform GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE).  The vulnerability was reported for a number of versions of GitLab CE/EE: all versions starting from 11.3.4 before 15.1.5 all versions starting from 15.2 before 15.2.3 all versions starting from 15.3 before 15.3.1 Affected versions allow…

  • New Linux Exploit ‘Dirty Cred’ Revealed at Black Hat

    A new Linux kernel exploitation called Dirty Cred was revealed at last week’s Black Hat security conference. Zhenpeng Lin, a PhD student, and a team of researchers worked on an alternative approach to the infamous Dirty Pipe vulnerability that affected Linux kernel versions 8 and later. Dity Pipe is a major flaw that allows attackers…

  • Cobalt Strike Inspires Next-generation Crimeware

    Cobalt Strike is a legitimate vulnerability scanning and pentesting tool that has long been a favorite tool of hackers, and it’s even been adapted by hackers for Linux environments. And now it’s inspiring imitators. Cisco Talos researchers have disclosed a new toolset used in the wild by threat actors as an alternative to Cobalt Strike…

  • Hackers Find Alternatives to Microsoft Office Macros

    Hackers have been exploiting macros in Microsoft Office products for years, but now their tactics are changing as Microsoft has begun blocking macros by default. The typical attack scenario involves phishing via email attachments, such as Word, Excel or PowerPoint documents containing malicious macros infected with malware. Such documents are common in enterprises, and the…

  • New Linux Malware Surges, Surpassing Android

    Linux malware is skyrocketing and now surpasses both macOS and Android, according to a new report, suggesting that cybercriminals are increasingly targeting the open source operating system. The Atlas VPN report said the number of new Linux malware samples collected soared by 646% from the first half of 2021 to the first half of 2022,…

  • Lilith: The Latest Threat in Ransomware

    Discovered by malware hunter JAMESWT on Twitter, Lilith is ransomware designed to lock Windows machines. The malware exfiltrates data before encrypting the targeted devices to provide additional means of extortion. The ransom note contains the following ultimatum and instructions: Victims have three days to contact the threat actors on a hidden Onion website to pay…

  • How One Company Survived a Ransomware Attack Without Paying the Ransom

    The first signs of the ransomware attack at data storage vendor Spectra Logic were reports from a number of IT staffers about little things going wrong at the beginning of the day. Matters steadily worsened within a very short time and signs of a breach became apparent. Screens then started to display a ransom demand,…

Get the free newsletter

Subscribe to Cybersecurity Insider for top news, trends & analysis

This field is required This field is required

IT Security Resources

Top Cybersecurity Companies

See Full List