Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet.

Enterprises typically use the Java-like programming language to customize their Salesforce instances, but attackers are hunting for vulnerabilities in the apps.

While furiously trying to put out one fire — fake news — the social media giant is dealing with another growing threat: spies for hire.

Operation Cronos, a collab between authorities in the US, Canada, UK, Europe, Japan, and Australia — seizes data and website associated with the prolific cybercriminal organization and its affiliates.

Users have already downloaded droppers for the malware from Google's official Play store more than 100,000 times since last November.

A surging bank malware campaign abuses Google Cloud Run and targets Latin America, with indications that it's hitting other regions as well, researchers warn.

Improper content filtering in a core function allows multiple paths to exploitation for CVE-2024-21726.

About 13,000 users received camera images and feeds that weren't theirs. This cyber incident takes place only five months after the company experienced a similar issue and failed to be transparent with users about the issues it was facing.

A catastrophic cyber event hasn't yet come to pass, but vast amounts of personal data have been compromised. We need to be prepared for worst-case scenarios.

Iran has taken a page from the Russian playbook: Passing off military groups as civilians for the sake of PR and plausible deniability.

The now-disrupted LockBit gang outpaced its competitors in volume in 2023, as ransom amounts spiked 20% year-over-year.

Understand the CIS Benchmarks'™ community-consensus development process that helps ensure they provide comprehensive guidance on Internet security.