We need secure products as much as we need security products

A recent survey of 500 U.S. law firms by Proton reported that one in five law firms were targeted in a cyberattack in the past year, and 8% of law firms  (39% of those who reported a cyberattack) reported losing data or suffering exposure.  To make matters even worse, Proton found that 65% weren’t familiar with…

Delta County Memorial Hospital District (Delta Health) in Colorado was the victim of a cyberattack at the end of May 2024. Whatever happened — and the details still haven’t been disclosed — resulted in the provider notifying HHS on July 29 that it had suffered a breach, but the number was not yet known. The…

“From logging in and connecting to Entra ID to seeing our first actionable findings — it took less than 45 minutes.”

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution.  The flaws, per watchTowr Labs, are listed below – CVE-2025-53693 – HTML cache poisoning through unsafe reflections CVE-2025-53691 – Remote code execution (RCE) through insecure deserialization CVE-2025-53694 –

In March 2023, Conor Brian Fitzpatrick, aka “Pompompurin,” was arrested at his home in New York. As a member of the former RaidForums, and as the owner and active participant in BreachForums, he was charged with one count each of: 18 U.S.C. § 1029(b)(2) and 3559(g)(1) Conspiracy to Commit Access Device Fraud; 18 U.S.C. §……

Dan Black of Google’s Threat Intelligence Group writes: Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia’s intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government…