This blogpost introduces an operation that we named RoundPress, targeting high-value webmail servers with XSS vulnerabilities, and that we assess with medium confidence is run by the Sednit cyberespionage group. The ultimate goal of this operation is to steal confidential… Read More "Operation RoundPress targeting high-value webmail servers"
Indiana-based pharmaceutical research firm Inotiv has confirmed that its systems were compromised in a ransomware attack earlier this month, disrupting parts of its business operations. According to a filing with the US Securities and Exchange Commission (SEC), the company detected… Read More "Pharmaceutical Company Inotiv Confirms Ransomware Attack"
The financial industry is no stranger to data breaches. Financial institutions have access to millions of personally identifiable information (PII) records, which they must secure to the highest standard. The value of this data is open knowledge – hackers will… Read More "6 Ways Finance Companies Can Prevent Data Breaches"
United States Custom and Border Protection officials have sweeping powers to search anyone’s phone when they are entering the country—including US citizens. Newly released figures show that over the past three months, CBP officials have been searching more phones and… Read More "Phone Searches at the US Border Hit a Record High"
Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number of risks, along with an increase in their frequency, variety, complexity, severity, and potential business impact. The… Read More "Turning BIA Insights Into Resilient Recovery"
Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU 15 May 2025 ESET researchers have discovered a cyberespionage operation that abuses cross-site scripting (XSS) vulnerabilities,… Read More "Sednit abuses XSS flaws to hit gov’t entities, defense companies"
In an industry-first, TRM Labs has launched Beacon Network, an intelligence-sharing platform designed to prevent illicit funds from leaving the blockchain and build a real-time crypto crime response network. The initiative was announced on August 20 on the heels of… Read More "TRM Launches Industry-Wide Platform to Fight Crypto Crimes"
Information security or infosec is concerned with protecting information from unauthorized access. It’s part of information risk management and involves preventing or reducing the probability of unauthorized access, use, disclosure, disruption, deletion, corruption, modification, inspect, or recording. If a security… Read More "What is Information Security? | UpGuard"
Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into carrying out intended actions by embedding the malicious instruction inside a fake CAPTCHA check on a web page. Described by… Read More "Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts"
When Lenovo’s Lena received the malicious prompt, the researchers noted that “people-pleasing is still the issue that haunts large language models, to the extent that, in this case, Lena accepted our malicious payload, which produced the XSS vulnerability and allowed… Read More "Lenovo chatbot breach highlights AI security blind spots in customer-facing systems"
