The FBI is warning that criminals are using business email compromise (BEC) tactics to target vendors in a variety of industries, including computer hardware vendors, to obtain their products without paying. 

Executive order bans U.S. agencies from purchasing or using certain commercial spyware programs, but exceptions for spyware testing and research are built in.

WooCommerce Payments runs on more than 220,000 websites, so security teams that use the platform need to patch immediately or risk unauthenticated administrative takeover of their websites.

CISA’s Untitled Goose Tool aims to support network defenders with finding and detecting malicious activity in Microsoft Azure, Active Directory, and Microsoft 365 environments.

New research reveals a potential post-exploitation attack method in Okta that enables adversaries to read users’ passwords in Okta audit logs.

Less than three weeks after the RansomHouse incident against the Hospital Clinic of Barcelona, a cyberattack is causing drug distribution issues at Alliance Healthcare of Spain.

A ransomware attack that disrupted Dole food delivery systems is now tied to a breach of employee data.

An unsecured database with nearly 50,000 invoice records tied to Encore Support Services was found online, containing the data of students with special education needs.

Abnormal Security identified and stopped a vendor email compromise scam from escalating for one of its clients, a well-known real estate company.

A breach report was filed with HHS by Independent Living Systems in September, amid an investigation.