There were nearly 29,000 vulnerabilities published in 2023, amounting to over 3,800 more common vulnerabilities and exposures (CVEs) being issued last year than in 2022. More troubling than the sheer volume of vulnerabilities in 2023 is that over half of them were given a CVSS score indicating high or critical severity — an increase of 57% YoY.

Suppose someone left their home, got in their car, and drove to the grocery store. Much like data packets that travel over Internet highways, the car will use various pathways to reach its destination; however, once the car gets to the store, a question remains: what happened between the generating point and the destination? If nothing happened, the driver (our data) traveled safely and without incident.

A new string of multi-factor authentication (MFA) attacks targeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more. A recent post on Twitter/X from entrepreneur Parth Patel outlines his experience when his phone became inundated with requests to reset his Apple ID password – to the tune of over 100.

New data shows that the attacks IT feels most inadequate to stop are the ones they’re experiencing the most. According to Keeper Security’s latest report, The Future of Defense: IT Leaders Brace for Unprecedented Cyber Threats, the most serious emerging types of technologies being used in modern cyber attacks lead with AI-powered attacks and deepfake technology. By itself, this information wouldn’t be that damning.

An attack vector, also known as a threat vector, is a way for cybercriminals to gain access to an organization’s network or system. Some common types of attack vectors that organizations need to defend against include weak and compromised credentials, social engineering attacks, insider threats, unpatched software, lack of encryption and misconfigurations. Organizations must identify all of the potential attack vectors and protect their network against them to avoid security breaches.

If over 40 major banks can be the target of JavaScript injection attacks, let’s be honest – so can you. In 2023, a malware campaign using this attack method affected 50,000 user sessions across more than 40 financial institutions worldwide, leaving many dev teams in pure damage-control mode. 67.9% of professional developers use JavaScript more often than any other programming language. Its popularity is understandable, given its versatile and interactive capabilities.

A contributor to the liblzma library (a compression library that is used by the OpenSSH project, among many others) submitted malicious code that included an obfuscated backdoor. Since the maintainers had no reason to suspect foul play, they accepted and merged the contribution. The malicious code made it into the compression library release, and later on to the OpenSSH server, which relies on the library in question.

Over the years, we have seen a substantial amount of cyberattacks happening around the globe. The most infamous of them is the RaaS attack, which is taking over organizations of all sizes. An employee’s sheer negligence and lack of cybersecurity solutions put organizations at higher risk. In this article, we will share some tips that every organization needs to know in order to stay away from cyberattacks. Ransomware attacks have become prevalent in recent years and can happen to any organization.

Organizations usually rely on remote work capabilities, leading them to use cloud systems. But with increased use of cloud infrastructure, the vulnerability to cyberattacks increases. One such is the Privilege Escalation attack, a complex threat to any network. Multiple defense strategies are required to detect and prevent privilege escalation attacks, but understanding what this attack means is important even before that.