Enterprise Security Tech

A wave of LinkedIn phishing attacks is exploiting the platform’s own public comment sections, blurring the line between legitimate support messages and outright fraud in a way that security researchers say marks a new phase in social engineering. The campaign surfaced earlier this week when researchers and targeted users began warning that bot-like accounts were replying directly to posts while impersonating LinkedIn itself. The fake comments claim the recipient has violated

The University of Hawaii Cancer Center is facing growing scrutiny after quietly navigating a ransomware attack that compromised decades old cancer research data, then waiting months to inform regulators and affected individuals. According to a report filed with the Hawaii state legislature in December, attackers gained unauthorized access to servers supporting cancer research operations in late August. The intruders encrypted systems, disrupted access to research files, and

As the cybersecurity industry closes the books on 2025, the year is already solidifying around a familiar but unsettling conclusion: attackers didn’t need radically new malware to cause outsized damage. They needed people, timing, and a growing catalog of quietly catastrophic infrastructure flaws. That’s the throughline emerging from a year-end review by incident response specialists at LevelBlue , which absorbed digital forensics heavyweight Stroz Friedberg earlier this year

A new malware campaign dissected by the Securonix  Threat Research team underscores an uncomfortable truth for defenders: some of the most effective modern intrusions still rely on decades-old Windows scripting, dressed up with just enough obfuscation and in-memory trickery to stay ahead of automated detection. Tracked as SHADOW#REACTOR , the operation delivers a familiar end goal—a fully functional Remcos remote access trojan—but the path it takes to get there is anything bu

The University of Phoenix has become the latest high profile casualty in a sweeping ransomware and data extortion campaign that is reshaping how attackers target higher education and enterprise software at scale. In a disclosure that surfaced quietly in early December, the for profit university confirmed that attackers gained unauthorized access to sensitive systems months earlier and ultimately exfiltrated personal and financial data tied to nearly 3.5 million people. The a

Apple has pushed out a rare round of urgent security updates after confirming that two previously unknown flaws were actively exploited in what the company describes as an extremely sophisticated campaign aimed at specific individuals. The vulnerabilities affect WebKit, the browser engine that quietly underpins much of Apple’s software ecosystem, from Safari to in app browsers embedded across iOS. In a security bulletin released this week , Apple said the flaws were used agai