All posts in Security News

The US Department of Commerce’s National Institute of Standards and Technology (NIST) announced the first group of encryption tools that will become part of its post-quantum cryptographic standard.

A widespread campaign uses more than 24 malicious NPM packages loaded with JavaScript obfuscators to steal form data from multiple sites and apps, analysts report.

Company says it is making changes to its security controls to prevent malicious insiders from doing the same thing in future; reassures bug hunters their bounties are safe.

The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.

As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.

Running Chrome? Do the “Help-About-Update” dance move right now, just to be sure…

Companies need to consider the cost to disengage from the cloud along with proactive risk management that looks at governance issues resulting from heavy use of low- and no-code tools.

A pro-China influence campaign singled out rare earth mining companies in Australia, Canada, and the U.S. with negative messaging in an unsuccessful attempt to manipulate public discourse to China’s benefit. Targeted firms included Australia’s Lynas Rare Earths Ltd, Canada’s Appia Rare Earths & Uranium Corp, and the American company USA Rare Earth, . . . Read more

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that . . . Read more

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.