Log4j

Here's a comprehensive look at some of the lesser-known, but no less serious, types of software supply chain attacks.

The U.S. government’s cybersecurity agency says hackers backed by the Iranian government compromised a federal agency that failed to patch against Log4Shell, a vulnerability fixed almost a year

Security researchers have linked a new cyber espionage campaign targeting U.S., Canadian and Japanese energy providers to the North Korean state-sponsored Lazarus hacking group. Threat intelligence co

Ax Sharma Contributor Share on Twitter Ax Sharma is a security researcher and reporter. His areas of interest include open source software security, malware analysis, data breaches and scam investigat

Considering recent APT41 attacks, organizations that continue to leave the Log4Shell flaw unaddressed are hitting the snooze button when it comes to the wake-up calls from attackers.

The prolific China APT41 hacking group, known for carrying out espionage in parallel with financially motivated operations, has compromised multiple U.S. state government networks, according to cybers

Companies need to put many elements in place to use OSS in production smoothly. Here’s how to get started.

Bug bounty and penetration testing startup HackerOne has raised a $49 million Series E following a year of massive cloud adoption fueled by work-from-home orders. The company — which mediates betwee

We keep calling every new zero-day exploit a “wake up call,” but all we have been doing is collectively hitting the snooze button.