OPSEC lapse reveals hub for amateur cybercriminals

Laura FrenchApril 4, 2025

DomainTools discovered the group “Horrid” while investigating a bulletproof hosting service.

RESOURCES

Identity
Securing critical infrastructure: The path to phishing-resistant authentication
Identity
Embracing platformization in cybersecurity: Enhancing agility and user experience
IoT
The compliance clock is ticking: How IoT manufacturers can prepare for the Cyber Resilience Act
Ransomware
Ransomware resurgence: Why stealth tactics demand a shift in security priorities
MDR
How two organizations beat the cyber insurance maze

PODCASTS

Vulnerability Management
Not-So-Secure Boot – Rob Allen – PSW #868
Vulnerability Management
Vulnerability Prioritization Can Produce Better Business Outcomes – Greg Fitzgerald, Steve Lodin – BSW #389
Vulnerability Management
Schrodinger, Lucid, Crocodilus, WordPress, Ivanti, Oracle, Android, Josh Marpet… – SWN #464
Application security
Avoiding Appsec’s Worst Practices – ASW #324
Government Regulations
The toughest decisions CISOs have to make, MCP servers, Napster’s comeback – ESW #400

FEATURED

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Government Regulations

Top Dems, industry pros, express concerns over firing of NSA Director Timothy Haugh

Steve ZurierApril 4, 2025

The firing of NSA Director Gen. Timothy Haugh will make the nationa "less safe," say top Dems.

Threat Intelligence

Update: Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat

Shaun NicholsApril 3, 2025

A previously unknown remote code execution vulnerability in the Ivanti Connect Secure VPN platform is being actively exploited in the wild by Chinese threat actors, prompting alerts from Google’s Mandiant team

Phishing

Multiple backdoors spread through fake AI, business tools

Laura FrenchApril 3, 2025

Sites mimicking DeepSeek, AutoCAD, UltraViewer and more lead to remote system access.

Network Security

NSA: ‘Fast Flux’ DNS evasion technique now a national security threat

Steve ZurierApril 3, 2025

Fast flux lets attackers set up complete C2 ops inside an enterprise network, prompting security pros to say it’s a “big-time wakeup call.”

Data Security

CISA warns of critical flaws in industrial control systems

Shaun NicholsApril 2, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is sounding the alarm over a series of high-risk vulnerabilities present in industrial control systems

AI/ML

Microsoft touts bug finds from Security Copilot

Laura FrenchApril 2, 2025

Twenty bugs in GRUB2, U-boot and Barebox were found in an AI-assisted process.

Ransomware

Threat actor using vishing, MS QuickAssist and Teams can potentially drop ransomware

Steve ZurierApril 2, 2025

The bad actor’s TTPs closely align to the Storm-1811 threat group identified last year by Microsoft, say Ontinue researchers.

Vulnerability Management

24,000 unique IP addresses target PAN-OS GlobalProtect gateways

Steve ZurierApril 1, 2025

Attackers aim to find zero-days in the PAN-OS gateways they can exploit.

Cybersecurity News, Awards, Webinars, eSummits, Research

OPSEC lapse reveals hub for amateur cybercriminals

RESOURCES

PODCASTS

FEATURED

Perspectives Spotlight: Expert Insights

Get daily email updates

Perspectives

How security teams can manage shadow APIs

The front lines at home: Small business cybersecurity must be a national priority

How attackers exploit Microsoft 365 from the inside – and what to do about it

The Oracle Breach: Data exposure, denial, and cloud security lessons

CIOs and CISOs need a common strategy around AI copilots

In Brief

Report: Human red teams outdone by AI agents in phishing

Cyberattacks to thrive amid Trump tariffs, says expert

Data compromise confirmed by Highline Public Schools

Separate breaches reported by Texas city’s utility payment site, state bar

Massive trove of underage deepfakes leaked by misconfigured GenNomis database

More Resources

Why your cyber insurance may not cover everything: Finding and fixing blind spots

Killing CAPTCHA: Blueprint for a more secure and frictionless future

Securing the identity attack surface: Strategies for closing identity security gaps

Automating vulnerability management: The key to overcoming persistent challenges

The evolution of SOAR: From legacy to next-gen platforms

Top Dems, industry pros, express concerns over firing of NSA Director Timothy Haugh

Update: Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat

Multiple backdoors spread through fake AI, business tools

NSA: ‘Fast Flux’ DNS evasion technique now a national security threat

CISA warns of critical flaws in industrial control systems

Microsoft touts bug finds from Security Copilot

Threat actor using vishing, MS QuickAssist and Teams can potentially drop ransomware

24,000 unique IP addresses target PAN-OS GlobalProtect gateways

EVENTS

Zero Trust in Action: Redefining Security for a Borderless World

Beyond the Perimeter: Securing Identity in a Threat-Filled Landscape.

Security Without Speed Bumps: Using WAF Simulator to Transform DevSecOps Workflows

Less is More: Simplify to Modernize the SOC

Mastering Attack Surface Management: Strategies for Securing the Expanding Digital Frontier