Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons…
Month: February 2025
This Free NSA Tool Just Became the Ultimate Reverse Engineering Weapon!
The National Security Agency (NSA) has officially released Ghidra 11.3, the latest iteration of its open-source Software Reverse Engineering (SRE) suite. This update delivers significant…
Best Practices for Preparing and Automating Security Questionnaires
Security questionnaires serve as essential tools for building connections and trust in the digital realm. They help in identifying potential vulnerabilities to protect data privacy…
Secure software procurement in 2025: A call for accountability
The software security landscape is at an interesting juncture. As Jen Easterly, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), pointed out,…
US lawmakers move to ban DeepSeek AI tool
US lawmakers in Washington DC have this week moved to enact a national ban on the use of DeepSeek, the breakout Chinese generative artificial intelligence…
A Novel Defense Against Backdoor Attacks
Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is transmitted by focusing on the meaning of data rather than raw…
Ransomware payment value fell over 30% in 2024
The total value of payments made to cyber criminal ransomware gangs fell dramatically in the back half of 2024, and according to statistics released this…
US health system notifies 882,000 patients of August 2023 breach
Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information.…
Real-World AD Breaches and the Future of Cybersecurity
Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning and automation capabilities to simulate sophisticated cyberattacks. Recent research demonstrates how…
20 Million OpenAI accounts offered for sale
A cybercriminal acting under the monicker “emirking” offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen…
Self-healing networks: The next evolution in network management
While artificial intelligence (AI) poses many risks for networks of all sizes, it also highlights the pitfalls of traditional network management in addressing real-time demands…
Cybercriminals Target IIS Servers to Spread BadIIS Malware
A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services (IIS) servers by threat actors deploying the BadIIS malware. This campaign,…