Latest Cybersecurity News and Articles

---

Even Great Companies Get Breached — Find Out Why and How to Stop It

Even the best companies with the most advanced tools can still get hacked. It’s a frustrating reality: you’ve invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen. So, what’s going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticed—even in well-prepared organizations. The good

---

Joint Advisory: Exploitation of Accellion File Transfer Appliance

Cyber security organisations in the UK, USA, Australia, New Zealand, and Singapore publish advice to defend against malicious cyber actors.

---

Advisory: COVID-19 exploited by malicious cyber actors

Practical advice for individuals and organisations on how to deal with COVID-19 related malicious cyber activity.

---

NCSC consolidates advice on secure home learning

Three tailored blogs to help manage remote education technology safely.

---

NCSC lifts lid on three random words password logic

The logic of using three random words for strong passwords and why the NCSC advises the approach.

---

Big brands urged to 'scam-proof' messages to public

The NCSC launches new guidance for organisations on securely communicating with customers via SMS and phone calls.

---

Schoolgirls across the UK poised to battle for crown of cyber champions

The CyberFirst Girls Competition's finals will take place across the UK.

---

Tech-savvy schools gain recognition from UK experts for championing cyber skills

Eight more schools and colleges receive CyberFirst schools award for first-rate cyber security teaching.

---

Nation of digital defenders blow the whistle on over 10 million suspect emails

Milestone number of suspect emails reported by the British public marks launch of new Cyber Aware campaign.

---

Schools offered free cyber defence tools to help keep out attackers

UK education settings can sign up for the NCSC's Web Check and Mail Check services to protect their websites and email servers from cyber attacks.

---

NCSC joins industry to offer unprecedented protection for public from scams

Data sharing collaboration will allow ISPs to instantly block access to fraudulent sites.

---

Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint

---

5 Practical Techniques for Effective Cyber Threat Hunting

Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel.  To avoid this, use these five battle-tested techniques that are

---

58,000 individuals’ data exposed after Bitcoin ATM operator hack

A United States Bitcoin ATM operator, Byte Federal, recently disclosed a cyber incident. 

---

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday. The attacks make use of fake update alerts that employ

---

The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets

---

CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted

---

27 DDoS-for-hire operations shut down by law enforcement

Law enforcement agencies across 15 countries have shut down 27 DDoS-for-hire operations. 

---

DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. "Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over

---

5 Cybersecurity trends in 2024

2024 has seen a number of cybersecurity incidents, including high-profile cyberattacks and rapidly-developing artificial intelligence (AI).