When one person on your IT team is VMware certified, that’s a win. But when your entire team is certified? That’s a force multiplier for innovation, retention, and your security posture. Organizations that invest in team-wide certification build high-performing environments that are more collaborative, secure, and future-ready. The result: smoother rollouts, fewer errors, faster incident
What if Russia invades the Baltic? A tabletop game offers answers
As NATO prepares for a potential Russian invasion of the Baltic region, there are many questions. In an era of drones, hypersonic missiles and kill chains, how might combat go amid the fields, forests and islands of the area? Some answers may be found in a new tabletop wargame. “Littoral Commander: The Baltic” isn’t just
Stop waiting on NVD — get real-time vulnerability alerts now
In today’s fast-paced digital environment, cybersecurity is no longer optional – it’s essential. Vulnerability management has become a core component of every security strategy and keeping track of vulnerability alerts is an issue facing many businesses. It doesn’t take much for even a small business to have hundreds, if not thousands of software across their
New VoidProxy phishing service targets Microsoft 365, Google accounts
A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta. The platform uses adversary-in-the-middle (AitM) tactics to steal credentials, multi-factor authentication (MFA) codes, and session cookies in real time. VoidProxy was discovered by Okta Threat Intelligence researchers, who describe it
Learn about a high-speed drone smasher that uses its nose cone to ram enemy UAVs
Learn about a high-speed drone smasher that uses its nose cone to ram enemy UAVs Explosive charges? Net-firing guns? Aerial anti-drone interceptors use a number of complicated methods. But what about just ramming them at high velocity? 34 hours ago
‘WhiteCobra’ floods VSCode market with crypto-stealing extensions
A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The campaign is ongoing as the threat actor continuously uploads new malicious code to replace the extensions that are removed. In a public post, core Ethereum developer Zak Cole
The first three things you’ll want during a cyberattack
The moment a cyberattack strikes, the clock starts ticking. Files lock up, systems stall, phones light up and the pressure skyrockets. Every second counts. What happens next can mean the difference between recovery and catastrophe. In that moment, you need three things above all else: clarity, control and a lifeline. Without them, even the most
Army mismanaged CENTCOM stockpiles of troop supplies modules: Audit
The Army failed to properly maintain Force Provider modules for U.S. Central Command, a DOD IG audit found. Here, DOD IG conducts an audit of FP modules at Camp Arifjan, Kuwait, on May 20, 2024. (Joseph Kumzak) The U.S. Army mismanaged equipment stockpiles for U.S. Central Command, according to a recent Department of Defense Inspector
The Buyer’s Guide to Browser Extension Management
While most enterprises lock down endpoints, harden networks, and scan for vulnerabilities, one of the riskiest vectors often slips through unmonitored: browser extensions. These small, user-installed applications can execute privileged code, access sensitive DOM elements, intercept network requests, and even exfiltrate data, all within the context of enterprise-approved browsers. Keep Aware’s new Buyer’s Guide to Browser
Can I have a new password, please? The $400M question.
Back in August 2023, attackers tied to the Scattered Spider group didn’t exploit a zero-day vulnerability to hack Clorox. They simply called the service desk (run by Cognizant), claimed to be locked-out employees, and asked for password and MFA resets. According to court filings and reporting, the attacker repeatedly phoned Cognizant’s service desk, obtained repeated