The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails.

ProtonMail has introduced an enhanced email tracking protection system for its web-based email solution that prevents senders from being tracked by recipients who open their messages.

The U.S. Treasury Department announced today sanctions against Volodymyr Oliynyk, a former Ukrainian official, for collecting and sharing info on critical Ukrainian infrastructure with Russia's Federal Security Service (FSB).

The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan.

Researchers have uncovered several spyware campaigns that target industrial enterprises, aiming to steal email account credentials and conduct financial fraud or resell them to other actors.

Microsoft released a list of twenty-five group policies that admins should not use in Windows 10 and Windows 11 as they do not provide optimal behavior or cause unexpected results.

Microsoft has started the forced rollout of Windows 10, version 21H2 to more devices approaching the end of service (EOS) as part of a first machine learning (ML) training phase.

Following a stream of customer reports that started yesterday evening, security hardware manufacturer SonicWall has provided a temporary workaround for reviving next-gen firewalls running SonicOS 7.0 stuck in a reboot loop.

McAfee Enterprise (now rebranded as Trellix) has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges.

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites.

​Microsoft has announced that Excel 4.0 (XLM) macros will now be disabled by default to protect customers from malicious documents.

A new phishing campaign using fake shipping delivery lures installs the STRRAT remote access trojan on unsuspecting victim's devices.

Microsoft has backpedaled its decision to forcefully redirect users from the Network Connections (ncpa.cpl) control panel to the Advanced Network Settings screen.

It has been quite a busy week with ransomware, with law enforcement making arrests, data-wiping attacks, and the return of the Qlocker ransomware.

In a warning issued on Thursday, the Dutch National Cybersecurity Centre (NCSC) says organizations should still be aware of risks connected to Log4j attacks and remain vigilant for ongoing threats.

Bloomington School District 87 in Illinois has published its cyber-insurance renewal details, and the cost has jumped from $6,661 in 2021 to $22,229 this year.

This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog.

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info.

Microsoft is testing a new hidden feature in the latest Windows 11 preview build that rejuvenates the user interface for Task Manager with a new design and modern appearance.

Bandai Namco has deactivated the online PvP mode for the Dark Souls role-playing game, taking its servers offline to investigate reports about a severe security issue that may pose a risk to players.

Since December 2021, a growing trend in phishing campaigns has emerged that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans.