The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS) infrastructure to deliver a malware family called More_eggs. “By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group builds rapport with recruiters before deliveringRead More »FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware

A new executive order from the Trump Administration rewrites cybersecurity policy, and security leaders are sharing their thoughts. 

Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that’s being propagated via fraudulent gaming websites. “Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background,” Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan

Research reveals 6 widely used Google Chrome extensions unintentionally transmit user data over simple HTTP.

Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs — including application secrets, API keys, service accounts, and OAuth tokens — haveRead More »The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier