US telecom networks have reportedly been compromised through China's Salt Typhoon hacking group using the Communications Assistance for Law Enforcement Act systems that allow for automatic wiretapping at government request.
As a result, official Jeff Greene at the Cybersecurity and Infrastructure Security Agency (CISA) has recommended stronger end-user encryption as a solution for safe communications.
Another researcher’s creation — the new tool Brainstorm uses AI to search for non-obvious HTTP/S endpoints on the public site, which it then uses to detect any vulnerabilities.
An advanced threat actor, believed to be APT28 out of Russia, developed and deployed an impressive attack campaign that took advantage of the username/password authentication of WiFi networks in a very unique and creative way.
Solana, a blockchain platform, published solana-web3.js on npm to enable web3 and smart contracts and this week that library was compromised, with a pair of malicious versions uploaded to node package manager.
It has been revealed that genuine surveillance equipment can contain security flaws that could be exploited by attackers, something the security community has been warning for years.
Ukrainians experienced wide-spread blackouts in 2016 that were caused by a piece of Russian malware known as Industroyer.
A security researcher has found a way to hijack an Amazon Echo, either a first- or second-generation device, using a ClickJacking technique.
An exploit against authorisation service OAuth that would allow an attacker access to protected resources has been released, describing how an attacker could take advantage of a vulnerability when a human interacts with your application and is coerced into clicking an external link.
Microsoft has discovered that 44 million Microsoft account usernames and passwords have been leaked online, although the company believes most are not still valid.