Phishing attacks top 260,000 in Q3 2021
An APWG’s report reveals that it saw 260,642 phishing attacks in July 2021 – the highest monthly total observed since APWG began its reporting program in 2004. …
CVE-2021-40444 exploitation: Researchers find connections to previous attacks
The recent targeted attacks exploiting the (at the time) zero-day remote code execution vulnerability (CVE-2021-40444) in Windows via booby-trapped Office documents have been …
Cyware and RiskIQ provide threat intelligence necessary to stay ahead of attackers
Cyware announced a partnership with RiskIQ. The partnership combines advanced global threat intelligence automation with enriched, high-fidelity threat intelligence data to …
Phishing maintained near-record levels in the first quarter of 2021
The APWG’s new Phishing Activity Trends Report reveals that phishing maintained near-record levels in the first quarter of 2021, after landmark increases of 2020 in …
Successful BEC attacks become 56% more costly
The number of phishing attacks grew through 2020, fully doubling over the course of the year. Attacks peaked in October 2020, with a high of 225,304 new phishing sites …
Stop thinking of cybersecurity as a problem: Think of it as a game
COVID-19 changed the rules of the game virtually overnight. The news has covered the broader impacts of the pandemic, particularly the hit to our healthcare, the drops in our …
The global cost of cybercrime per minute to reach $11.4 million by 2021
Cybercrime costs organizations $24.7, YOY increase of more than $2 every minute, a RiskIQ report reveals. It will also have a per-minute global cost of $11.4 million by 2021, …
Content farms develop and spread fake news about COVID-19 for profit
RiskIQ released a research report revealing a large-scale digital scam advertisement campaign spread through fraudulent news sites and affiliate ad networks that cater to …
Attackers exploit Twilio’s misconfigured cloud storage, inject malicious code into SDK
Twilio has confirmed that, for 8 or so hours on July 19, a malicious version of their TaskRouter JS SDK was being served from one of their AWS S3 buckets. “Due to a …
High-profile Twitter accounts hijacked to push Bitcoin scam. How did it happen?
The Twittersphere went into overdrive on Wednesday as a bunch of prominent, verified Twitter accounts were hijacked and started promoting a COVID-19 cryptocurrency giveaway …
What is the true extent of the modern corporate digital attack surface?
RiskIQ released a report analyzing the company’s internet-wide telemetry and massive internet data collection to reveal the true extent of the modern corporate digital …
NSA warns about Sandworm APT exploiting Exim flaw
The Russian APT group Sandworm has been exploiting a critical Exim flaw (CVE-2019-10149) to compromise mail servers since August 2019, the NSA has warned in a security …
Don't miss
- Commix: Open-source OS command injection exploitation tool
- Review: The Chief AI Officer’s Handbook
- How QR code attacks work and how to protect yourself
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)
- OSPS Baseline: Practical security best practices for open source software projects