News

The future of MFA is clear – but is it here yet?

Bys s March 20, 2025

Not all authentication is equal to the task in 2025, but there is a best choice within reach

News

U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback
Bys s August 19, 2025

The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have enabled access to the protected data of U.S. citizens. U.S. Director of National Intelligence (DNI) Tulsi Gabbard, in a statement posted on X, said the U.S. government had been working with its partners…

Read More U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback
News

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?
Bys s December 8, 2025

The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak shopping events, especially the weeks around Black Friday and Christmas. Why holiday peaks

Read More How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?
News

Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries
Bys s October 10, 2025

A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. “Storm-2657 is actively targeting a range of U.S.-based organizations, particularly employees in sectors like higher education, to gain access to third-party human resources (HR) software as a service (SaaS) platforms like Workday,”…

Read More Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries
News

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
Bys s November 22, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated

Read More CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
News

Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic
Bys s November 8, 2025

Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protections under certain circumstances. This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to

Read More Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic
News

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
Bys s January 29, 2025

The North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. “Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API,” SecurityScorecard’s

Read More Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

Similar Posts