vulnerabilities“B”-grade security: three vulnerabilities in Sitecore CMS
Researchers have found several vulnerabilities in the Sitecore CMS platform that enable unauthenticated remote code execution (RCE).
Business
727 articles
CVE-2025-6019: time to update Linux
Researchers have found a vulnerability that allows attackers to get root privileges on most Linux distributions.
open-sourceHow to choose open-source solutions for your organization
How to assess all the complexities of open-source application integration in advance, and choose the most efficient solutions.
CVE-2025-33053: a good reason to update Windows
Internet Explorer sends its regards: a vulnerability in the HTTP protocol extension allows attackers to run malicious code — even on a modern operating system.
wordpressDollyWay World Domination: attack on WordPress websites
Since 2016, a threat actor has been exploiting insecure plugins and themes to infect WordPress websites and redirect traffic to malicious websites.
Lessons learned from the trojanized KeePass incident
A popular password manager was modified to allow attackers to steal passwords and encrypt users’ data. How to protect home computers and corporate systems from this threat?
phishingScammers exploiting Microsoft business notifications to launch attacks
This post examines a hybrid email-and-phone scam in which attackers send emails from a genuine Microsoft email address.
Cyber-resilienceThe ABCs of cyber-resilience
Businesses reaching the “acceptance stage”: given inevitable breaches — how to prepare for them?
Fake websites popping up in Google search ads
Scammers are using Google ads to push fake versions of real websites – and they’re after business accounts and company data.
ransomwareHow Interlock attacks IT specialists with fake CAPTCHAs and ClickFix
We explore how cybercriminals are targeting IT specialists searching for a popular network scanner, using the Interlock ransomware attack as an example.
Zero TrustMigration to zero trust in practice – including the pitfalls
How organizations implement zero-trust principles, and what CISOs advise for project success.
Five new reasons not to pay ransoms
How the situation with ransomware attacks on companies has changed, and why paying a ransom has become an even worse and more useless idea in 2025.
ClickFix technique: what it is and why it’s dangerous
An infection tactic called ClickFix is becoming increasingly popular among cybercriminals. We explain how such attacks work and how to protect your company against it.
How AI creates “slopsquatting” supply-chain risks
Popular AI code assistants try to call non-existent libraries. But what happens if attackers actually create them?
Critical vulnerability in PyTorch framework
Researchers have found a way to exploit a security mechanism in a popular machine-learning framework.
Security measures for handling archive files in organizations
Archives are being used in targeted phishing and other attacks on organizations. What tools, settings, and policies can mitigate the threat?
Scammers exploiting GetShared for phishing attacks
Scammers are exploiting GetShared to bypass email security.
When files are not what they seem
Attackers use the polyglot technique to disguise malware. We explain what it is and how to protect your company against attacks.
A ransomware attack through an IP camera
Fending off ransomware attacks that exploit corporate IoT devices.
