Researchers at Pentera discovered that a successful login is recorded only if the process passes both the authentication and the authorization steps; otherwise, FortiClient VPN will log a failed authentication.

New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures.

Ransomware gangs are increasingly targeting weekends and holidays, when cybersecurity teams are typically less staffed, according to a new report. 86% of study participants who experienced a ransomware attack were targeted on a weekend or holiday.

FrostyGoop is the ninth reported OT-centric malware, but the first that used Modbus TCP communications to impact the power supply to heating services for over 600 apartment buildings.

Threat actors are actively seeing pen testers to join various ransomware affiliate programs, including Apos, Lynx and Rabbit Hole. Now, ransomware gangs are hiring people with the same level of expertise.

Google has stated that scammers are using tactics such as cloaking to impersonate legitimate websites and conduct scams. Cloaking involves showing different content to search engines and users to manipulate search rankings and deceive people.

A security researcher from Imperva found a new way for attackers to target Chrome users without needing zero-day vulnerabilities. Using the File System Access API, websites can read and write to local files when users give permission.

A study by Trend Micro, Japanese authorities, and universities exposed a network of SEO malware families behind fake e-commerce scams targeting Japanese users. Nearly 50,000 fake e-commerce sites were reported in 2023.

According to Perception Point, hackers are increasingly using a technique called ZIP file concatenation to hide malicious payloads in compressed archives in a way that security solutions might miss.

Cyberattacks linked to Russia targeting South Korea have increased after North Korean troops were deployed to Ukraine. It mainly involves DDoS attacks on government websites and private companies, with some sites experiencing temporary outages.