Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
News
20 Aug 2025
How outer space became the next big attack surface
VisionSpace Technologies' Andrzej Olchawa and Milenko Starcik discussed a set of vulnerabilities capable of ending space missions at the Black Hat USA 2025 News Desk. Continue Reading
-
News
20 Aug 2025
AI agents access everything, fall to zero-click exploit
Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has "grown arms and legs" -- and what that means for cyber-risk. Continue Reading
-
News
05 Jun 2020
Chinese, Iranian hackers targeted Trump and Biden campaigns
Shane Huntley, director of Google's Threat Analysis Group, announced that two state-backed APT groups targeted campaign staff for both Joe Biden and President Donald Trump. Continue Reading
-
Podcast
05 Jun 2020
Risk & Repeat: Are ransomware groups joining forces?
This week's Risk & Repeat podcast discusses the prospect of ransomware gangs working together and what it could mean for enterprises and the overall threat landscape. Continue Reading
-
News
04 Jun 2020
Attacks on Exim vulnerability continue one year later
Though the Exim mail transfer agent vulnerability was publicly disclosed in June 2019, a significant number of unpatched versions remain online and are at risk of attacks. Continue Reading
-
Tip
01 Jun 2020
12 Microsoft 365 security best practices to secure the suite
Migrating to or operating cloud-based Microsoft 365 can bring with it a host of problems and misconfigurations. Check out 12 best practices to tighten Microsoft 365 security. Continue Reading
-
News
26 May 2020
StrandHogg 2.0 allows attackers to imitate most Android apps
A new elevation-of-privilege vulnerability on Android, dubbed StrandHogg 2.0, allows threat actors to gain access to most apps, according to Norwegian mobile security firm Promon. Continue Reading
-
News
26 May 2020
Mandiant dishes on notorious Maze ransomware group
Mandiant threat researchers navigate the tools, tactics and procedures of the Maze ransomware group, which has become notorious for "shaming" victims with stolen data. Continue Reading
-
News
22 May 2020
Ragnar Locker ransomware attack hides inside virtual machine
Threat actors have developed a new type of attack method by hiding Ragnar Locker ransomware inside a virtual machine to avoid detection. Continue Reading
-
News
18 May 2020
Texas struck by two ransomware attacks in one week
The Texas Department of Transportation was hit with a ransomware attack last Thursday, marking the second ransomware incident on a state agency in less than a week. Continue Reading
-
News
14 May 2020
CISA identifies malware from North Korean hacking group
The Cybersecurity and Infrastructure Security Agency, in conjunction with the FBI and DoD, has identified three variants of malware used by the North Korean government. Continue Reading
-
Feature
08 May 2020
How a security researcher spots a phishing email attempt
When security expert Steven Murdoch spotted a phishing email in his inbox, the researcher in him decided to investigate. Here's what he learned about criminal phishing tactics. Continue Reading
-
Tip
08 May 2020
How to protect the network from ransomware in 5 steps
Stronger network security could be the key to preventing a ransomware infection. Follow these five steps to protect your network from ransomware. Continue Reading
-
Tip
07 May 2020
Prevent spyware through user awareness and technical controls
Find out how to protect devices from spyware and educate users to avoid the most common traps from which spyware infections might come, including phishing attacks and rogue apps. Continue Reading
-
News
06 May 2020
Healthcare organizations sitting on 'unexploded' ransomware
While threat reports show ransomware attacks against healthcare organizations are down, experts say threat actors may be lurking in networks and waiting to strike at a later date. Continue Reading
-
Answer
06 May 2020
The risks and effects of spyware
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix infected devices. Continue Reading
-
News
05 May 2020
Research finds ransomware payments, demands increasing
Research from incident response vendor Coveware and national law firm BakerHostetler show massive increases in both ransomware demands and payments from victims. Continue Reading
-
Opinion
01 May 2020
Why nation-state cyberattacks must be top of mind for CISOs
Even though organizations face threats coming from many sources, one type of cyberattack should be top of mind for CISOs: those backed by nation-states. Here's why. Continue Reading
- 01 May 2020
-
News
01 May 2020
Shade ransomware decryptor released with 750,000 keys
Kaspersky Lab released a decryptor tool after operators behind the ransomware variant announced a shutdown of operations and issued an apology for any harm caused. Continue Reading
-
Feature
30 Apr 2020
Words to go: Types of phishing scams
IT teams must take proactive measures to address security awareness when it comes to email. Learn about the types of phishing scams to mitigate risk. Continue Reading
-
Feature
29 Apr 2020
Mitigating ransomware and phishing attacks during a pandemic
Where most see crisis, cybercriminals see opportunity. Learn how security leaders can meet the challenges of mitigating ransomware threats and phishing attacks during a pandemic. Continue Reading
-
Feature
24 Apr 2020
Coronavirus phishing threats force heightened user awareness
As coronavirus phishing threats ramp up, organizations must turn to user education, in addition to traditional network security, as their best defense. Continue Reading
-
News
24 Apr 2020
Emsisoft: U.S. ransomware attacks declined during pandemic
In the first quarter of 2020, the number of successful ransomware attacks on government and healthcare organizations in the U.S. decreased to a level unseen in years, Emsisoft said. Continue Reading
-
News
22 Apr 2020
New spear phishing campaign targets oil and gas industry
Bitdefender researchers identified new spear phishing campaigns against the oil and gas industry that include emails with no typos and perfect usage of industry terminology. Continue Reading
-
Tip
22 Apr 2020
How to prepare for ransomware and phishing attacks
Follow these best practices to properly prepare for ransomware and phishing attacks, as well as further steps to stay secure in the face of a pandemic or widespread health event. Continue Reading
-
News
22 Apr 2020
Ransomware, cloud attacks more than doubled in 2019
New research by Trustwave shows 2019 saw huge increases in ransomware and cloud services attacks, as well as a big shift from spam toward business email compromise. Continue Reading
-
News
20 Apr 2020
Cognizant discloses Maze ransomware attack
Cognizant was attacked by the Maze ransomware gang, the company confirmed Saturday. It's unclear whether Cognizant clients were also breached or infected with ransomware. Continue Reading
-
News
17 Apr 2020
Ransomware attacks see 148% surge amid COVID-19
VMware Carbon Black saw a 148% increase in ransomware attacks in March over baseline levels in February, plus a massive spike in attacks on financial institutions. Continue Reading
-
News
16 Apr 2020
Hackers embrace cryptocurrency laundering to evade the law
Cybercriminals are turning to cryptocurrency laundering methods to hide illicit proceeds as law enforcement agencies find success in tracing bitcoin transactions. Continue Reading
-
News
15 Apr 2020
Malware found on 45 percent of home office networks
New research by BitSight compared malware infections on home office networks versus corporate networks, and the results were unsettling for remote enterprise users. Continue Reading
-
News
14 Apr 2020
Russian threat group suspected of hacking SFO
San Francisco International Airport disclosed a data breach affected employees and third-party contractors, and ESET researchers said a Russian APT was likely behind the attack. Continue Reading
-
News
09 Apr 2020
APTs infiltrated Linux servers undetected for nearly 10 years
New BlackBerry research shows how five APT groups operating on behalf of the Chinese government infiltrated enterprise Linux environments undetected for nearly a decade. Continue Reading
-
News
03 Apr 2020
Microsoft warns hospitals of impending ransomware attacks
Microsoft warned "dozens" of hospitals with vulnerable gateway and VPN software that an infamous ransomware group known as REvil is scanning the internet for such flaws. Continue Reading
-
News
02 Apr 2020
Beazley: Ransomware attacks on clients 'skyrocketed' in 2019
The 2020 Beazley Breach Briefing reported a 131% increase in reported attacks against clients last year, and the insurance giant isn't expecting the trend to slow down. Continue Reading
-
News
30 Mar 2020
Coronavirus phishing lures continue to dominate threat landscape
Overall cybercrime activity isn't necessarily going up amid COVID-19, experts say. However, coronavirus-themed emails are becoming the dominant form of phishing attacks. Continue Reading
-
News
27 Mar 2020
Cyberinsurance carrier Chubb investigating possible data breach
Insurance giant Chubb confirmed it is investigating an incident that may involve the Maze ransomware group, which claims to have stolen sensitive data from the company. Continue Reading
-
Podcast
27 Mar 2020
Risk & Repeat: COVID-19 boosting social engineering attacks
This episode of the Risk & Repeat podcast looks at how social engineering attacks have become more successful by taking advantage of the coronavirus pandemic. Continue Reading
-
Feature
26 Mar 2020
Coronavirus phishing scams increase amid pandemic's spread
Organizations must account for a sharp uptick of coronavirus phishing scams in their pandemic and business continuity plans. Learn about the trend here, with steps for mitigation. Continue Reading
-
News
25 Mar 2020
China's APT41 attacks Citrix ADC flaws in cyberespionage campaign
A dual cyberespionage and cybercrime group known as APT41 exploited vulnerabilities in Citrix NetScaler/ADC and other products in an extensive, global threat campaign. Continue Reading
-
News
19 Mar 2020
Deepfakes: Security experts undecided on the threat level
Deepfakes may seem like a scary new threat in today's world, but should the world be worried? SearchSecurity asked numerous experts to weigh in at RSA Conference 2020. Continue Reading
-
News
19 Mar 2020
Maze ransomware gang pledges to stop attacking hospitals
The infamous Maze gang announced it has stopped ransomware attacks on healthcare and medical facilities because of the seriousness of the coronavirus pandemic. Continue Reading
-
Podcast
19 Mar 2020
Risk & Repeat: Coronavirus-themed threats on the rise
This week's Risk & Repeat podcast looks at the disruption caused by COVID-19, as well as the sharp increase in cyberthreats designed to exploit the pandemic. Continue Reading
-
News
17 Mar 2020
Ransomware attacks poised to disrupt coronavirus response efforts
Experts fear that coronavirus-themed threats will escalate to ransomware attacks, and such attacks will disrupt response efforts at hospitals and city, state and local governments. Continue Reading
-
News
13 Mar 2020
Ransomware attack hits Champaign-Urbana Public Health District
A ransomware attack shut down Champaign-Urbana's public health website, hindering the city's ability to provide information and updates on the Coronavirus pandemic. Continue Reading
-
News
11 Mar 2020
Microsoft leads takedown of Necurs botnet
Microsoft, BitSight and other partners used legal and technical steps to take control of one of largest botnets in the world that infected more than 9 million systems. Continue Reading
-
Tip
10 Mar 2020
How nation-state cyberattacks affect the future of infosec
Any company can be a nation-state cyberattack victim. Brush up on the latest and most common nation-state techniques and their implications on the threat landscape of tomorrow. Continue Reading
-
Tip
10 Mar 2020
5G network slicing security benefits IoT, mobile
The fifth generation of mobile cellular technology offers a unique benefit its predecessors don't: network slicing. Learn more about these virtual slices and their security benefits. Continue Reading
-
News
09 Mar 2020
Researchers develop new side channel attacks on AMD chips
Security researchers behind the Meltdown and Spectre flaws discovered new side channel attacks on AMD processors, but the chipmaker has opted not to patch them. Continue Reading
-
News
06 Mar 2020
Intel CSME flaw deemed 'unfixable' by Positive Technologies
Positive Technologies researchers discovered a previously disclosed vulnerability in the Intel Converged Security and Management Engine is worse than originally reported. Continue Reading
-
News
05 Mar 2020
Risky ransomware payments on the rise, attacks increasing
Making payments to threat actors to retrieve data was once viewed in black-and-white terms. But RSA Conference attendees say attitudes about paying up have changed drastically. Continue Reading
-
News
05 Mar 2020
With BEC/EAC threats rising, Proofpoint offers a new approach
Business email compromise and email account compromise attacks are increasing and evolving. To keep up with threat actors, Proofpoint says a new approach is required. Continue Reading
-
News
28 Feb 2020
RSA Conference panel tackles Huawei security risks
Four panelists discussed the ban on the world's largest telecommunications equipment manufacturer in relation to to supply chain risk. Continue Reading
-
News
27 Feb 2020
CrowdStrike founder: China hacking indictments are working
During his RSA Conference keynote, CrowdStrike co-founder Dmitri Alperovitch explains why the U.S. Department of Justice's indictments against Chinese hackers has been effective. Continue Reading
-
Tip
26 Feb 2020
Stop business email compromise with three key approaches
Why is BEC such a popular attack? Because it works, unfortunately, tempting hackers with huge potential payouts. Learn how to keep them from lining their pockets with your assets. Continue Reading
-
News
25 Feb 2020
FBI: $144 million in ransomware payments made over 6 years
In an RSA Conference 2020 session, FBI agent Joel DeCapua revealed how much money has been paid in ransoms, what the most pervasive ransomware variants are and more. Continue Reading
-
Tip
12 Feb 2020
How to handle nation-state cyberattacks on the enterprise
It's only a matter of time before nation-state cyberattacks that threaten government entities today target the enterprise. Follow our expert's tips to prepare in time. Continue Reading
-
Feature
10 Feb 2020
Beat common types of cyberfraud with security awareness
Hackers are taking deception to a new level, but security awareness programs are instrumental in helping employees detect various types of cyberfraud. Continue Reading
-
News
10 Feb 2020
Chinese military personnel charged in Equifax breach
Four members of China's military have been charged for hacking Equifax following a 2017 breach that compromised nearly 150 million Americans' personal information. Continue Reading
-
Quiz
06 Feb 2020
Try this cybersecurity quiz to test your (threat) intelligence
Check out our latest issue, and then test your understanding of the material. By passing this quiz, you'll solidify your knowledge and earn CPE credit, too. Continue Reading
-
News
05 Feb 2020
Threat actors combining data exposure with ransomware attacks
New Cisco Talos research shows an increase in ransomware attacks that double the pressure on victims by threatening them with the exposure of their sensitive data. Continue Reading
-
Feature
03 Feb 2020
CISOs face a range of cybersecurity challenges in 2020
Every company is unique, of course, but certain challenges are widely shared. Learn what security concerns other CISOs and security leaders are focused on in 2020. Continue Reading
- 03 Feb 2020
-
Opinion
03 Feb 2020
Fresh thinking on cybersecurity threats for 2020
It's a good time to take a clear-eyed view of the likely security threats facing your organization. But then what? Experts suggest getting creative with your threat responses. Continue Reading
- E-Zine 03 Feb 2020
-
News
28 Jan 2020
'CacheOut': Researchers unveil new attack on Intel chips
Researchers unveiled a new speculative execution attack that leaks data from most Intel microprocessors and gives attackers greater control over what data is leaked. Continue Reading
-
News
28 Jan 2020
3 Magecart suspects arrested in Interpol operation
Three alleged cybercriminals suspected of being associated with Magecart were arrested in Indonesia via an Interpol-assisted operation called Operation Night Fury. Continue Reading
-
Feature
28 Jan 2020
'Computer Security Fundamentals:' Quantum security to certifications
New topics, from security engineering to quantum computing, are covered in 'Computer Security Fundamentals,' but the book's author suggests readers review some basic topics, too. Continue Reading
-
Tip
27 Jan 2020
Protect against evolving data security threats
As data security threats evolve, knowing how to protect your data is more important than ever. Learn about the latest security threats and how to ward them off. Continue Reading
-
Tip
27 Jan 2020
How does antimalware software work and what are the detection types?
Virus detection techniques used by antimalware tools can be a huge boost to enterprise cybersecurity programs. Learn how antimalware software works and its benefits in this tip. Continue Reading
-
News
24 Jan 2020
Proofpoint: Ransomware payments made in half of U.S. attacks
According to Proofpoint's 2020 'State of the Phish' report, 51% of U.S. organizations surveyed opted to pay threat actors after being hit with a successful ransomware attack. Continue Reading
-
News
08 Jan 2020
Experts weigh in on risk of Iranian cyberattacks against U.S.
Cybersecurity experts weigh in on the risks of potential nation-state cyberattacks from Iran following a DHS warning and heightened tensions between the country and the U.S. Continue Reading
-
News
07 Jan 2020
Pulse Secure VPN vulnerability targeted with ransomware
Threat actors appear to be exploiting vulnerable Pulse Secure VPN servers to hit enterprises with ransomware attacks, even though a patch has been available since April 2019. Continue Reading
-
News
19 Dec 2019
Two attacks on Maze ransomware list confirmed
Another confirmed ransomware attack, this time against Busch's Fresh Food Markets, was added to the Maze gang's ransomware shaming list after the company refused to pay the ransom. Continue Reading
-
News
17 Dec 2019
Maze gang outs ransomware victims in shame campaign
The threat actors behind Maze ransomware started a campaign to pressure victims into paying ransom by publicly listing successful attacks and threatening to leak data. Continue Reading
-
News
16 Dec 2019
Latest city ransomware attack: New Orleans
The city of New Orleans declared a state of emergency as the government tries to get systems back online following a ransomware attack Friday morning. Continue Reading
-
News
10 Dec 2019
Ryuk ransomware change breaks decryption tool
The threat actors behind Ryuk ransomware made changes to their code that have made the official decryption tool unreliable, according to security researchers. Continue Reading
-
News
19 Nov 2019
Louisiana ransomware attack hits government systems
A ransomware attack on Louisiana government systems has been contained, according to Governor John Bel Edwards, and experts are praising the state's response. Continue Reading
-
Feature
19 Nov 2019
Rise in ransomware attacks prompts new prevention priorities
Officials predict that already widespread ransomware attacks will only grow in scale and influence, while urging organizations to act now to guard against them. Continue Reading
-
News
12 Nov 2019
Application Guard to block malicious attachments in Office 365
Microsoft is bringing the Application Guard security container to Office 365 ProPlus this year, which could limit the threat of malicious Office documents for subscribers. Continue Reading
-
News
08 Nov 2019
ConnectWise ransomware attacks affecting Automate customers
ConnectWise warned that ransomware attacks are targeting open ports for its Automate on-premises application, but the company has offered few details about the nature of the attacks. Continue Reading
-
News
07 Nov 2019
Trend Micro insider threat steals, sells customer data
A Trend Micro employee stole and sold customer support data, which was used by a malicious third-party actor to scam consumer customers of the cybersecurity company. Continue Reading
-
Quiz
04 Nov 2019
Test your grasp of AI threats, privacy regulations and more
Test your grasp of current security topics like AI in cybersecurity and what privacy regulations require. Then receive CPE credit by passing this quiz. Continue Reading
-
Opinion
01 Nov 2019
When cyberthreats are nebulous, how can you plan?
Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination. Continue Reading
- 01 Nov 2019
- E-Zine 01 Nov 2019
-
News
21 Oct 2019
Malware detection methods struggle to keep up with evolving threats
Experts discuss the increasingly complex methods of malware detection needed when dealing with everything from low-level attackers to advanced persistent threat groups. Continue Reading
-
News
16 Oct 2019
Exposed Docker hosts open the door for cryptojacking
Security researchers discovered a new Docker worm that has been targeting exposed hosts in order to spread cryptojacking malware to other containers. Continue Reading
-
News
08 Oct 2019
Experts expect hospital ransomware attacks to continue
One week after being hit by a ransomware attack, hospitals in Alabama are turning away patients while working on recovery, and experts warn of similar attacks in the future. Continue Reading
-
Podcast
04 Oct 2019
Risk & Repeat: Trump takes aim at DNC hack and CrowdStrike
This week's Risk & Repeat podcast looks at President Trump's recent comments about CrowdStrike and the DNC 'server' and the misinformation around Russian election interference. Continue Reading
-
News
02 Oct 2019
Hospital ransomware attacks lead to patients being turned away
Ransomware attacks hit seven hospitals in Australia and three in Alabama, with the Alabaman hospitals being forced to turn away patients because of the attacks. Continue Reading
-
News
25 Sep 2019
Trump pushes debunked DNC hack conspiracy in call with Ukraine
In a call with the Ukrainian president that is now the focus of an impeachment inquiry, President Trump discussed CrowdStrike and asked for help with finding a 'server.' Continue Reading
-
Tip
23 Sep 2019
How to shore up your third-party risk management program
A third-party risk management program has to go beyond questionnaires and poorly designed policies. Learn what you should do to protect yourself against vendor security flaws and core risks. Continue Reading
-
News
20 Sep 2019
Broken WannaCry variants continuing to spread
Researchers are still seeing surprisingly high WannaCry detection rates and they worry this points to high risks because systems still aren't being patched against threats. Continue Reading
-
News
18 Sep 2019
Global cryptomining attacks use NSA exploits to earn Monero
Security researchers tracked a very active threat group launching cryptomining attacks around the world against organizations in banking, IT services, healthcare and more. Continue Reading
-
Feature
18 Sep 2019
New evasive spear phishing attacks bypass email security measures
Researchers identified a new email security threat: evasive spear phishing attacks, which take months of investigation and social engineering to coordinate. Continue Reading
-
Tip
17 Sep 2019
RPA security best practices include access control, system integration
Robotic process automation can revolutionize enterprise workflows, but if RPA security risks aren't controlled, bots could end up doing more harm than good. Continue Reading
-
News
11 Sep 2019
FBI says $26B lost to business email compromise over last 3 years
On the same day that 281 suspects were arrested in business email compromise stings, the FBI said worldwide losses from BEC attacks reached $26 billion over the last three years. Continue Reading
-
News
05 Sep 2019
Insecure Android provisioning could lead to phishing attacks
Researchers say many -- if not most -- Android smartphones are at risk of SMS-based phishing attacks that trick users into installing malicious OTA provisioning settings. Continue Reading
-
News
05 Sep 2019
Chronicle: Crimeware group takedowns 'increasingly ineffectual'
Law enforcement takedowns of cybercrime operations may not be producing the desired results, according to an extensive, five-year study from Alphabet Inc.'s Chronicle. Continue Reading
-
Answer
21 Aug 2019
The difference between zero-day vulnerability and zero-day exploit
A zero-day vulnerability isn't the same as a zero-day exploit. Learn the difference between these two zero-day terms, as well as why they should be high priority on any CISO's patching list. Continue Reading
-
News
20 Aug 2019
KNOB attack puts all Bluetooth devices at risk
Security researchers discovered a way to force Bluetooth devices to use easy-to-crack encryption keys, which could lead to man-in-the-middle attacks and information leaks. Continue Reading
