The Week in Security: OpenSSL danger downgraded but still real, GitHub exposed

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

The Week in Security: Pro-China cyber operation Dragonbridge targets U.S. elections

Welcome to the latest edition of The Week in Security, which brings you top stories from both the world and our team, across the full stack of security: software security, cybersecurity, and beyond.

The pandemic turned out to be a boon for public-private cybersecurity cooperation

The shift to remote work punched holes in government networks. But it also fostered a transformation in public-private cooperation, one NSA official noted at LABScon.

The Week in Security: Is Lapsus$ back in action?

The famous hacking group Lapsus$ appears to be back in action. Also: Russian cyber spies are targeting Ukraine by posing as internet providers.

The Week in Cybersecurity: U.S. mandates federal agencies use secure third-party software tools

A new U.S. federal government memo mandates the federal use of secure third-party software products and services. Also, Twitter whistleblower Mudge Zatko reveals new details of the company’s security practices (or lack thereof) with Congress.

The Week in Cybersecurity: Cyber espionage operation fueled for months by targeted phishing attacks

A China-linked cyber espionage campaign targets critical entities in Australia and the South China Sea, password manager LastPass gets hacked (again), and more

The Week in Cybersecurity: French hospital hit with ransomware attack

Cybercriminals are continuing to target medical facilities, Twitter’s alleged lack of cybersecurity measures, and more.

The Week in Cybersecurity: Cybercrime growth outpaces the security industry

Evidence has surfaced of cybercrime’s fast-paced growth in 2022, a new Google Chrome zero-day vulnerability is being exploited, and more.

The Week in Cybersecurity: MFA shortcomings paved the way for Cisco breach

MFA’s shortcomings paved the way for Cisco’s data breach

The Week in Cybersecurity: Meet Manjusaka, 'the Chinese sibling of Sliver and Cobalt Strike'

A new Chinese offensive framework may be abused by threat actors, hackers steal $190 million from Nomad Token Bridge, and more.

Three decades later, ransomware's first act still resonates

More than 30 years after the AIDS computer virus spread via infected floppy disks, ransomware has taken the world by storm. But echoes of that first attack can still be heard today.

The Week in Cybersecurity: Austrian hackers-for-hire KNOTWEED serve up Subzero malware

Austrian group KNOTWEED spreads malware via Microsoft products, new malware-infested apps pop up in the Google Play store, and mo

Microsoft disables Excel, Office macros by default. Will it matter?

ReversingLabs data shows that attachments that use decades-old scripting languages like XLM and VBA are often malicious. Still, Microsoft’s move to harden Excel and other Office apps may not move the security needle.

Here’s what happened with Log4Shell while you were out

The Week in Security: Wiper malware rains down on 2022, Microsoft certificates abused

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.