The Malsmoke attack group is behind a campaign that has exploited the Microsoft e-signature verification tool to target 2,100 victims.
Severe flaws in Microsoft Exchange and Windows Print Spooler stood out amid a wide range of vulnerabilities security teams were forced to prioritize in 2021.
Researchers found an insecure default behavior in Azure App Service exposing source code of some customer applications deployed using "Local Git."
Scraping bugs and scraped databases are two new areas of research for the company's bug-bounty and data-bounty programs.
The December rollout includes 67 security patches and addresses one zero-day and five more publicly known vulnerabilities.
Outlook features intended to improve collaboration and productivity may make social engineering attacks more effective, researchers find.
Clusters of activity associated with the attack group behind last year's supply chain breach reveal novel techniques, researchers say.
Startup founders who previously served in the military share the lessons that have helped them build cybersecurity careers and companies.
APT actors from Russia, China, and India have been observed using the RTF-template injection technique that researchers say is poised for wider adoption.
The company seeks to hold Israeli firm NSO Group liable for the targeting of Apple users and requests a permanent injunction to ban its use of Apple products and services.