Threats

Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.

  • New Highly-Evasive Linux Malware Infects All Running Processes

    Intezer Labs security researchers have identified a sophisticated new malware that targets Linux devices. Dubbed OrBit, the malware can gain persistence quickly, evade detection and hide its presence in network activity by manipulating logs. The module hooks functions called in shared libraries, which is pretty common for malware, but it also implements “advanced evasion techniques”…

  • 25 Most Dangerous Software Vulnerabilities & Flaws Identified by MITRE

    MITRE has released its latest list of the top 25 most exploited vulnerabilities and exposures found in software. The MITRE CWE list is different from the product-specific CVE lists from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other agencies and instead focuses on more generic software development weaknesses, similar to the OWASP list…

  • Highly Sophisticated Malware Attacks Home and Small Office Routers

    Security researchers have uncovered an unusually sophisticated malware that has been targeting small office/home office (SOHO) routers for nearly two years, taking advantage of the pandemic and rapid shift to remote work. Such routers are rarely monitored or up-to-date, making them attractive targets for hackers to reach adjacent corporate networks. According to Lumen’s Black Lotus…

  • CISA Urges Exchange Online Authentication Update

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is recommending that government agencies and private organizations that use Microsoft’s Exchange cloud email platform migrate users and applications to Modern Auth before Basic Auth is deprecated in October. CISA noted that Basic authentication is simple and pretty convenient but unsecured by design. It’s relatively easy for…

  • Kubernetes Security Issues: Nearly a Million Instances Exposed on Internet

    Cybersecurity researchers have found more than 900,000 instances of Kubernetes consoles exposed on the internet. Cyble researchers detected misconfigured Kubernetes instances that could expose hundreds of thousands of organizations. The researchers found a number of indicators of exposure in the open source container orchestration platform: KubernetesDashboard Kubernetes-master Kubernetes Kube K8 Favicon:2130463260, -1203021870 The threat-hunting exercise…

  • Cybersecurity Agencies Release Guidance for PowerShell Security

    PowerShell is one of the most common tools used by hackers in “living off the land” attacks, when malicious actors use an organization’s own tools against itself. This week, U.S. cybersecurity agencies joined their counterparts in the UK and New Zealand to offer guidance so organizations can use PowerShell safely. PowerShell is a command line…

  • Microsoft 365 Research Highlights Cloud Vulnerabilities

    In a sequence that suggests cloud services may be more vulnerable than many think, Proofpoint researchers have demonstrated how hackers could take over Microsoft 365 accounts to ransom files stored on SharePoint and OneDrive. Microsoft services are widely used in enterprises for cloud-based collaboration, and the Proofpoint research report revealed that cloud infrastructures are not…

  • What is a Cyberattack? Types and Defenses

    A cyberattack is any action taken by a cyber criminal in an attempt to illegally gain control of a computer, device, network, or system with malicious intent. Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Cyberattacks are on the rise, with cyber criminal trends…

  • Millions of MySQL Servers are Publicly Exposed

    More than 3.6 million MySQL servers are publicly exposed on the internet, security researchers noted this week. Shadow Server Foundation researchers reported that they simply issued a MySQL connection request on default port 3306 to see if a server responded with a MySQL Server Greeting, rather than intrusive requests that pentesters use to break into…

  • Microsoft Leads in Exploited Vulnerabilities; Office is Latest Target

    With nearly $200 billion in annual sales, Microsoft is the world’s largest software and information technology (IT) vendor, its products widely used by both companies and consumers. That also makes it the biggest source of vulnerabilities targeted by hackers. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), more than a third of all…

Get the free newsletter

Subscribe to Cybersecurity Insider for top news, trends & analysis

This field is required This field is required

IT Security Resources

Top Cybersecurity Companies

See Full List