Scattered Spider uses social engineering techniques to target high-privileged accounts like IT service desk administrators, compromising cloud services and launching ransomware attacks.

Researchers exploited an expired WHOIS domain, discovering that major organizations and Certificate Authorities unknowingly queried their WHOIS server, risking mis-issued TLS/SSL certificates and potential malicious exploitation.

Threat actors are infecting publicly exposed Selenium Grid servers to utilize victims' internet bandwidth for cryptomining, proxyjacking, and potentially more harmful activities.

Dr. Sreedhara Panicker Somanath, chairman of the Indian Space Research Organization, emphasized the importance of cybersecurity for the entire system during the recent inauguration of a cybersecurity training center.

A recent report by Command Zero highlights the struggles CISOs and their teams are dealing with, including navigating the skills gap in the cyber field and operating commonly used tools effectively.

Microsoft recently revealed four zero-day vulnerabilities in its September update, part of the Patch Tuesday release containing 79 vulnerabilities, making it the fourth-largest release of the year.

Checkmarx researchers discovered two XSS vulnerabilities on Gallup's polling site, which could allow attackers to access sensitive data, execute arbitrary code, or take over accounts.

CISA has identified vulnerabilities in industrial control system products from Baxter and Mitsubishi that are commonly used in healthcare and critical manufacturing sectors. Both the firms have released advisories with mitigation measures.

TIDrone, linked to Chinese-speaking groups, deploys advanced malware through ERP software or remote desktop tools. Trend Micro identified the threat actor as actively pursuing military and satellite industrial supply chains in Taiwan.

The fake landing pages closely mimicked the real Lowe's portal, prompting employees to enter their sales numbers, passwords, and security question answers, which then were sent to attackers.