Twilio, the cloud communications provider, has disclosed a security breach affecting its Authy app, exposing users' phone numbers due to an exploit in an unauthenticated endpoint. Understanding the Authy App Breach Twilio confirmed unauthorized access to an endpoint within Authy, leading to the exposure of data linked to Authy accounts, specifically users' cell phone numbers.

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has issued a temporary ban on Meta from processing personal data of users to train its artificial intelligence (AI) algorithms. This decision stems from concerns over inadequate legal justification, lack of transparency, and potential risks to privacy rights, particularly for children and adolescents.

A newly identified ransomware group, "Volcano Demon," has emerged, targeting executives directly with threatening phone calls instead of the typical data leak sites. Over the past two weeks, this group has carried out several attacks, deploying a unique ransomware variant known as “LukaLocker,” according to a report from Halcyon. LukaLocker Ransomware Attack Overview Volcano Demon’s ransomware, LukaLocker, encrypts files with a.nba extension.

Researchers at Menlo Security discovered three state-sponsored phishing campaigns that have targeted 40,000 important individuals over the past three months.

As social media becomes more intertwined with our daily routines, cybercriminals are using it to trick people with fake job offers. What are these social-media recruitment scams, and how can you spot the red flags? With unemployment surging in many countries around the world, in particular countries like South Africa, which is currently at the top of the highest unemployment list in the world at over 32%, it’s no wonder that scams targeting job seekers are becoming more common.

A new phishing campaign tries to trick email recipients into pasting and executing malicious commands on their system that installs DarkGate malware. Security researchers at Ahnlab have discovered a new phishing campaign that leverages a unique user interaction. Normally, phishing campaigns simply need users to open an HTML attachment.

Two vulnerabilities—stored XSS and insecure file upload— have been detected in the Alpha 0.5 version of CervantesSec. This article will outline what CervantesSec does, the vulnerabilities found, and its current status.

One of the most important aspects of modern cybersecurity is managing access to IT systems and data. Indeed, organizations that lack robust access management are putting a lot on the line, from customer trust to business revenue. This article explains access control management, explores its key components, and provides best practices for implementation.

TL; DR – Multiple versions of OpenSSH are vulnerable to remote code execution. There is no working public PoC, and researchers have only been able to exploit the vulnerability under unique lab conditions. Cato Sockets by default do NOT have a publicly exposed SSH interface, it is always recommended to keep Cato Sockets LAN interface exposed only internally and use comprehensive network access controls to manage SSH access.