Navigate
Home
Blog
Dashboard
Feeds
Articles
Search
Overview
Topics
Assistant
Home
Blog
Dashboard
Feeds
Articles
Search
Overview
Topics
Assistant
Login
Lazarus Group Malware Targets Legitimate Software
Zero-Day WhatsApp Hacking Vulnerabilities Worth Millions
Windows 11 22H2 breaks provisioning with 0x800700b7 errors
Hackers spent 2+ years looting secrets of chipmaker NXP before being detected
SonicWall: Y2K22 bug hits Email Security, firewall products
Signal Pours Cold Water on Zero-Day Exploit Rumors
Researchers Find New Android Spyware Campaign Targeting Uyghur Community
Attackers Exploiting Critical F5 BIG-IP Vulnerability
Microsoft releases out-of-band update to fix Kerberos auth issues caused by a patch for CVE-2022-37966
Pirated Software Likely Cause of Airbus Breach
What is Contact Key Verification and how is it used?
Newly found Lightning Framework offers a plethora of Linux hacking capabilities
Microsoft Names Russian Threat Actor
Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions
LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender
Automotive supplier breached by 3 ransomware gangs in 2 weeks
Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day
Kali Linux 2022.2 released with 10 new tools, WSL improvements, and more
How to password-protect a file in Apple Pages (and when you might want to)
Chinese Cyberspies Targeted Japanese Political Entities Ahead of Elections
A big bet to kill the password for good
Bah scumbugs, “Scrooge4lyf” is back… -
FCC bans imports of telecom gear from China-based companies
Iran-linked APT42 is behind over 30 espionage attacks
Microsoft Teams, Windows 11 hacked on first day of Pwn2Own
Ransomware Attack Hits US Marshals Service
APT35 Develops Mac Bespoke Malware
10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack
Governments intentionally shut down internet 182 times across 34 countries in 2021: report
Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts
Keralty ransomware attack impacts Colombia's health care system
Fake PoC with data-stealing malware discovered on GitHub
Cyber Mercenary Group Void Balaur Continues Hack-For-Hire Campaigns
EU governments accused of using spyware ‘to cover up corruption and criminal activity’
Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws
Cyber authorities have a plan to defend remote monitoring tools
Most cloud moves found rushed as adopters underrate associated risks: Report
Suspected China-linked hackers target Guyana government with new backdoor
Telegram ‘hosting crooks who spoof Microsoft’ | Cybernews
Apple 'Find My' network can be abused to steal keylogged passwords
105 million Android users targeted by subscription fraud campaign
Windows 11 KB5031354 cumulative update released with new features
Malicious app in the Play Store spotted distributing <a href=
VMware warns of critical vulnerabilities in multiple products
Citrix and NSA urge admins to fix actively exploited zero-day in Citrix ADC and Gateway
Cyber Skills Gap Reaches 4 Million, Layoffs Hit Security Teams
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
Record Numbers of Ransomware Victims Named on Leak Sites
Boeing systems hit in reported Lockbit cyberattack
Convincing Twitter 'quote tweet' phone scam targets bank customers
Cisco to Acquire Splunk for $28 Billion
FBI warns that BEC attacks now also target food shipments
US Government Ordered to Urgently Patch Apple Zero-Day Bugs
Web3 Platform Mixin Network Hit by $200m Crypto Hack
EvilProxy Attacking Microsoft 365 Users Abusing Open Redirection With Indeed.com
Dollar Tree hit by third-party data breach impacting 2 million customers
Supershell - Open-Source Botnet That Obtain SSH Shell Access
Atlassian Confluence Hit by Newly Actively Exploited Zero-Day – Patch Now
MikuBot - Steals Sensitive Data and Launches Hidden VNC Sessions
Crooks are increasingly targeting DeFi platforms to steal cryptocurrency
New critical AI vulnerabilities in TorchServe put thousands of AI models at risk
Mirai-based botnet updates ‘arsenal of exploits’ on routers, IoT devices
Cisco routers abused by China-linked hackers against US, Japan companies
Wireshark 4.0.10 Released: What’s New!
Windows 11 21H2 and Windows Server 2012 reach end of support
Google leaking 2FA secrets – researchers advise against new “account sync” feature for now
Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters
Windows 11 23H2 now rolling out to Release Preview Insiders
Palo Alto Networks to acquire Israeli enterprise browser security firm Talon
Password-stealing and keylogging malware is being spread through fake downloads | ZDNet
The US confirms seizing RaidForums website, its owner - arrested | CyberNews
Microsoft Zero-Days, Wormable Bugs Spark Concern
Researchers find bugs allowing access, remote control of cars
Rackspace says ransomware disrupted its Hosted Exchange business
These ten hacking groups have been targeting critical infrastructure and energy | ZDNet
Cyber espionage campaign targets Asian countries since 2021
Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs
Google ads push malicious CPU-Z app from fake Windows news site
Multiple Critical Adobe Security Flaws Let Attacker to Execute Arbitrary Code
Apple iPhone factory workers clash with police in China
Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine
MGM still responding to wide-ranging cyberattack as rumors run rampant
Canada Cops Arrests Teen Cyber-Attack Suspect
China accuses U.S. of hacking earthquake monitoring equipment
Meta blocks Russian state-media accounts in Ukraine
Russia, Ukraine and the Danger of a Global Cyberwar
Anonymous takes down Iranian government websites amid protests following death of Mahsa Amini
Microsoft, American Express most spoofed brands in financial services phishing emails
The Truth About False Positives in Security
Meet Ghostwriter, a haunted AI-powered typewriter that talks to you
The top security and tech conferences to attend in 2023
Hackers steal data of 45,000 New York City students in MOVEit breach
Prolific ransomware gang takes credit for Seiko data breach
Exploit released for MOVEit RCE bug used in data theft attacks
Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million
Wave of MageCart attacks target hundreds of outdated Magento sites
The Week in Ransomware - June 16th 2023 - Wave of Extortion
Report: Air-Gapped Networks Vulnerable to DNS Attacks
Austria investigates DSIRF firm for allegedly developing Subzero spyware
Malicious QR Codes Used in Phishing Attack Targeting US Energy Company
Hackers Change Tactics for New Post-Macro Era
Top 5 Security Vulnerabilities of 2023: Apache and OpenSSH Are The Most Vulnerable
US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications
Pennsylvania water facility hit by Iran-linked hackers
Russia-Based Hackers FIN11 Impersonate Zoom to Conduct Phishing Campaigns
Germany Shuts Down Darknet Platform Specializing in Drugs
New AeroBlade hackers target aerospace sector in the U.S.
Phishers Use Blank Images to Disguise Malicious Attachments
Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability
Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild
Conti Ransomware Gang's Internal Chats Leaked Online After Siding With Russia
Google Patches Seventh Chrome Zero-Day of 2023
New Research reveals 187% Increase in Sophisticated Attacks Against Mobile Devices
Half of Cyber-Attacks Go Unreported
T-Mobile says it blocked 21 billion scam calls this year
California city warns of data breach after ransomware attack claims
Kansas Court Hack: Attackers Stole Sensitive Data From Systems
Chinese PostalFurious Gang Strikes UAE Users with Sneaky SMS Phishing Scheme
Ivanti Patches Zero-Day Bug Used in Norway Attacks
Australian Police Make First Arrest in Optus Hack Probe
Adware cleaner apps promoted on Facebook sneaked into the Play Store
Escanor Malware delivered in Weaponized Microsoft Office Documents
Cyber Extortionists Seek Out Fresh Victims in LatAm and Asia
The role of automation in done-for-you email marketing campaigns
95% of OpenAI employees have threatened to quit in standoff with board
Europol Announces Operation to Hit Russian Sanctions-Evaders
Top 6 e-signature software tools
AuKill Malware Actively Used To Disable EDR In Ongoing Attacks
Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now
Google: To stop phishing and malware we're changing our comment notifications | ZDNet
CISA orders govt agencies to patch MOVEit bug used for data theft
Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware
DHS to host Latin American cyber summit as region faces an onslaught of digital attacks
Hackers Exploit Critical Remote Code Execution in VMware
Qualcomm Sys Hackers Actively Exploit 3 new Zero-Days - Patch Now
Health care IT workers report increased cyberattacks affecting patient care
Two-Thirds of European Firms Have Started Zero Trust
11 Best Cloud Access Security Broker Software (CASB) - 2023
Qakbot malware’s creators ride again, despite FBI takedown
Sony Confirms Data Stolen in Two Recent Hacker Attacks
Hackers use in-house Zoho ServiceDesk exploit to drop webshells
F5 expands security portfolio with App Infrastructure Protection
Cynomi Study Reveals Number of MSPs Providing Virtual CISO Services Will Grow Fivefold By Next Year
Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach
Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware
[eBook] A Step-by-Step Guide to Cyber Risk Assessment
UK’s Top 10 Universities Failing on DMARC
New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity
New APT34 Malware Targets The Middle East
Hackers drain bitcoin ATMs of $1.5 million by exploiting 0-day bug
Russian National Arrested in Canada Over LockBit Ransomware Attacks
Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions
FTC Looking at Rules to Corral Tech Firms' Data Collection
SGX, Intel’s supposedly impregnable data fortress, has been breached yet again
Pakistan-Origin SideCopy Linked to New Cyberattack on India's Ministry of Defence
Cyberpion rebrands as Ionix, offering new EASM visibility improvements
GitHub launches new 2FA mandates for code developers, contributors | ZDNet
Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO
US and UK expose new Russian malware targeting network devices
Iranian APT Targets US With Drokbk Spyware via GitHub
Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards
It's past time you started using a password manager (whether you like it or not) | ZDNet
SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs
Exfiltrator-22 Post-Exploitation Toolkit Nips At Cobalt Strike's Heels
Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus
Email is our greatest productivity tool. That's why phishing is so dangerous to everyone
Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
Cyberattack Causes Chaos in Costa Rica Government Systems
A New Security Category Addresses Web-borne Threats
How to boost Security with Self-Service Password Resets
NCSC Publishes New Guidance on Shadow IT
CISA adds two Zabbix flaws to its Known Exploited Vulnerabilities Catalog
QNAP warns customers to patch Linux Sudo flaw in NAS devices
Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies
What enterprise leaders can divine from software bills of materials
How to check if your VPN is working (and what to do if your VPN won't connect)
Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks
Privacy regulators tell social media companies to fear the scrapers
How to Apply MITRE ATT&CK to Your Organization
U.S., allies provide 'comprehensive' overview of Russia cyber threats
MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows
Fearing “loss of control,” AI critics call for 6-month pause in AI development
Best Web Security Scanners For Vulnerability Scanning - 2023
Report: New ransomware gang emerges in Vietnam
ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution
ChatGPT Browser Extension Hijacks Facebook Business Accounts
LogoFAIL - Critical UEFI Vulnerabilities Exposes Devices to Stealthy Malware Attack
Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes
Watch Out For This AnyDesk Phishing Campaign That Delivers Vidar Info Stealer
This new ransomware has simple but very clever tricks to evade PC defenses | ZDNet
Hawai'i's Gemini North observatory suspends operations following cyberattack
Robin Banks phishing-as-a-service platform continues to evolve
Hackers Behind Cuba Ransomware Attacks Using New RAT Malware
City of Philadelphia Releases Cyber-Breach Notice
Ukrainian gov't sites, banks disrupted by DDoS amid invasion fears | ZDNet
Kinsing Cyberattackers Debut 'Looney Tunables' Cloud Exploits
Extradited Russian Hacker Behind 'NLBrute' Malware Pleads Guilty
Make API Management Less Scary for Your Organization
GitHub explains the cause behind the past week's outages
OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers
Splunk RCE Vulnerability Let Attackers Upload Malicious File
It's a Zero-day? It's Malware? No! It's Username and Password
Twitter Hacker Sentenced: A look into the 2020 Twitter Crypto Scam
MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel
Spy Trojan SpyNote Unveiled in Attacks on Gamers
3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say
Cisco Emergency Responder Vulnerability Let Remote Attacker Login as Root User
iOS 12 Update for Older iPhones Patches Exploited Vulnerability
Minneapolis school district says data breach affected more than 100,000 people
59.4 million compromised payment card records posted for sale on dark web in 2022: report
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
CISA Warns Against Royal Ransomware in New Advisory
Adobe Patched Critical ColdFusion Zero-Day Flaw Under Attack
Study: 84% of Companies Use Breached SaaS Applications - Here's How to Fix it for Free!
Cyberattack hits Mr. Cooper, blocks millions of mortgage payments
Twilio hackers hit over 130 orgs in massive Okta phishing attack
Apple Patched Two iOS Zero-Day Flaws Exploited In BLASTPASS
CISA Flags 8 Actively Exploited Flaws in Samsung and D-Link Devices
CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required
US car dealer admits data breach
‘Malsmoke’ Exploits Microsoft’s E-Signature Verification
Limited data sets a hurdle as China plays catch-up to ChatGPT
Cybersecurity agencies reveal top exploited vulnerabilities of 2021
Finnish intelligence warns of Russia’s cyberespionage activities
LockBit Ransomware Now Targeting Apple macOS Devices
Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update
Forgepoint Capital Places $15M Series A Bet on Converge Insurance
SpaceX’s 2nd-generation Starlink satellites start launching as soon as today
Cheerscrypt ransomware linked to a Chinese hacking group
NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders
Federal prosecutors going after alleged Russian hacker mistakenly turn over unrelated case documents, lawyer says
Receipt for €8M iOS Zero-Day Sale Pops Up on Dark Web
US cryptocurrency coder gets 5 years for North Korea sanctions busting
Torrent of image-based phishing emails are harder to detect and more convincing
CISA launches new phase of Secure by Design to push global industry on software security
State-Backed APT Group Activity Continuing Apace
Biden-Harris Administration Unveils Smart Device Cyber Program
Q&A: At MIT event, Tom Siebel sees ‘terrifying’ consequences from using AI
CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
Man Gets Four Years for Stealing Bitcoin Seized by Feds
Hospital hallway robots get patches for potentially serious bugs
Over 1,300 fake AnyDesk sites push Vidar info-stealing malware
Cyble Raises $24 Million for AI-Powered Threat Intelligence Platform
C-suite leaders to boost cybersecurity compliance amid SEC disclosure rule: Deloitte
43 Android apps in Google Play with 2.5M installs loaded ads when a phone screen was off
Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own
Cybersecurity experts say the west has failed to learn lessons from Ukraine
Metabase Critical Flaw Permit Attackers to Act as Servers - Critical Update
Minecraft rushes out patch for critical Log4j vulnerability
Purple Fox rootkit discovered in malicious Telegram installers | ZDNet
Windows, hardware, Xbox sales are dim spots in a solid Microsoft earnings report
Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
New Rilide Malware Attacking Enterprise Employees to Steal Credentials
Rockwell Automation Warns Customers of Cisco Zero-Day Affecting Stratix Switches
Sandbox blockchain game breached to send emails linking to malware
Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023
Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!
Red Cross Publishes Rules of Engagement for Hacktivists During War
Mitigate the LastPass Attack Surface in Your Environment with this Free Tool
Hackers accessed 16 years of Colorado public school student data in June ransomware attack
US offers $10 million for Russian military hackers behind NotPetya attacks | CyberNews
SSL Stats: Why is an SSL Certificate So Important for Your Website?
New Zerobot Malware Exploiting Apache Vulnerabilities to Launch DDoS Attack
DXC Technology says global network is not compromised following Latitude Financial breach
Apple patches zero-day holes – even in the brand new iOS 16
New data illustrates time’s effect on hard drive failure rates
Apple Zero-Day Flaws Exploited For Predator Spyware Attacks
Cybersecurity firm executive pleads guilty to hacking hospitals
UK government announces crackdown on cryptocurrency adverts | ZDNet
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon
China-linked cyberspies backdoor semiconductor firms with Cobalt Strike
Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
Holiday Cybersecurity Staffing Levels a Difficult Balancing Act for Companies
Where from, Where to — The Evolution of Network Security
Manchester Police Officers’ Data Breached in Third-Party Attack
Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines
Lawmakers Risk Cyberattacks, Physical Harm After DC Health Link Breach
Vietnamese-Origin Ransomware Operation Mimics WannaCry Traits
New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products
Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams
New York proposes ‘nation-leading’ hospital cybersecurity regulations
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack
DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks
Cybersecurity agencies published a joint LockBit ransomware advisory
Intel Sued Over 'Downfall' CPU Vulnerability
55 zero-day flaws exploited last year show the importance of security risk management
MS-SQL servers hacked to steal bandwidth with proxyware
CISA: Prepare now for quantum computers, not when hackers use them
Ukraine: Volunteer IT Army is going to hit tens of Russian targets from this list
Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud
The sign-in menu is the latest frontier for Microsoft ads in Windows 11
Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates
Stark#Mule Malware Campaign Targets Koreans, Uses US Army Documents
AWS: Security Not a Priority For a Third of SMBs
Hackers Steal Over $600M in Major Crypto Heist
EvilExtractor malware activity spikes in Europe and the U.S.
Fortinet urges to patch a critical RCE flaw in Fortigate firewalls
#CRESTCon: White House Shifts US Cybersecurity Strategy Towards International Cooperation
Now this password-stealing Android malware wants to grab your bank details too
Google fixed the second actively exploited Chrome zero-day of 2023
Royal Ransomware Threat Takes Aim at U.S. Healthcare System
ESET APT Report: Attacks by China-, North Korea-, and Iran-aligned Threat Actors; Russia Eyes Ukraine and the EU
VMware fixes critical vulnerabilities in vRealize network analytics tool
Stealthy 'SockDetour' Backdoor Used in Attacks on U.S. Defense Contractors
Cyberattack on North Carolina county allowed hackers to access data
Cybersecurity M&A Roundup: 23 Deals Announced in June 2023
Email marketing firm hacked to steal crypto-focused mailing lists
14 odd and interesting gift ideas for hackers in 2022
New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network
Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure
Russian APT Primitive Bear attacks Western gov't department in Ukraine through job hunt | ZDNet
Hackers use new, fake crypto app to breach networks, steal cryptocurrency
Beyond Trump, Twitter welcomes back purveyors of far-right disinformation
Microsoft Fixed A Windows 0-Day Along With 96 Other Vulnerabilities
Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability
Crypto exchange Bitzlato founder arrested for allegedly serving crooks
Law enforcement seizes $9M in crypto stolen during romance scams
MGM Resorts says ransomware attack cost $100 million, data stolen
Zyxel Customers Urged to Patch Exploited Bug
PyPI open-source code repository deals with manic malware maelstrom
Bandit Malware Attacks 17 Browsers, FTP & Email Clients to Steal Credentials
The Week in Ransomware - May 5th 2023 - Targeting the public sector
BlackCat (ALPHV) ransomware linked to BlackMatter, DarkSide gangs
Google is phasing out ad personalization for some AdSense products
Man linked to multi-million dollar ransomware attacks gets 66 months in prison for online fraud | ZDNet
VMware SD-WAN Vulnerability Let Attacker Bypass Authentication
CISA targets software identification in push to boost supply chain security
Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity
Hackers target hotel and travel companies with fake reservations
Linux version of AvosLocker ransomware targets VMware ESXi servers
RedLine Malware Steals Sensitive Data and Installs More Malware
CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild
SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack
Securing Your Move to the Hybrid Cloud
DangerousPassword Attacks Targeting Windows, macOS, and Linux Software Developers
Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code
Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library
Apple backports BLASTPASS zero-day fixes to older iPhones
Skyhawk adds ChatGPT functions to enhance cloud threat detection, incident discovery
Initial Access Broker Market Booms, Posing Growing Threat to Enterprises
Old Roblox Data Leak Resurfaces, 4000 Users' Personal Information Exposed
Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap
Germany’s national bar association investigating ransomware attack
New OS Tool Tells You Who Has Access to What Data
Cloud Security Alerts Take Six Days to Resolve
Ukraine says it thwarted attempt to breach military tablets
Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug
BIND DNS Software High-Severity Flaws Let Hackers Remotely Trigger DoS Attack
How to export your Bitwarden vault for safekeeping
Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol
Stop vaping: Major e-cigarette store hacked to steal credit cards
4 Zero-Day Bug in Microsoft Exchange Let Attackers Execute Arbitrary Code
China's Offensive Cyber Operations in Africa Support Soft Power Efforts
FTC Accuses Data Broker of Selling Sensitive Location Data
Sandworm APT targets Ukraine with new SwiftSlicer wiper
Okta Source Code Stolen by Hackers
Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks
Tired of shortages, OpenAI considers making its own AI chips
‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History
Quantifying ROI in Cybersecurity Spend
Cloudflare thwarts ‘sophisticated’ phishing attack strategy that bruised Twilio
Russia Coordinating Cyberattacks With Military Strikes in Ukraine: Microsoft
Companies urged to patch critical vulnerability in Fortinet FortiNAC
Microsoft Patches Three Zero-Day Bugs This Month
Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware
Google Chrome Urgent Security Update to Patch Zero-Day Flaw
StripedFly malware framework infects 1 million Windows, Linux hosts
Ardent Health Ransomware Attack: Multiple Hospitals Affected
New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines
Qakbot hackers now pushing Cyclops/Ransom Knight ransomware, Cisco says
Android malware apps with 2 million installs spotted on Google Play
CISA director: Critical infrastructure cyber incident reporting rules almost ready
GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack
OpenAI introduces GPT-4 Turbo: Larger memory, lower cost, new knowledge
Apple Issues Emergency Patches for More Zero-Days
MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web
Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites
Boeing Investigating Ransomware Attack Claims
FCC partners with four states on privacy and data protection enforcement
Earth Preta Updated Stealthy Strategies
Second largest U.S. school district LAUSD hit by ransomware
How to set up a VPN on your router
Foxit Patches Several Code Execution Vulnerabilities in PDF Reader
Google now blocks Workspace account hijacking attempts automatically
Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data
Why cybersecurity needs a conference like mWISE
Vulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS Devices
Google Pixel phones had a serious data leakage bug – here’s what to do!
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
Microsoft releases new, faster Teams app for Windows and Mac PCs
Profile Stealers Spread via LLM-themed Facebook Ads
WordPress plugin installed on 1 million+ sites logged plaintext passwords
New powerful Prynt Stealer malware sells for just $100 per month
New BunnyLoader threat emerges as a feature-rich malware-as-a-service
Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments
New Botnet Campaign Exploits Ruckus Wireless Flaw
The Irish DPC fined WhatsApp €5.5M for violating GDPR
Do You Really Trust Your Web Application Supply Chain?
Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims
Beware of the new phishing technique “file archiver in the browser” that exploits zip domains
Russian state hackers lure Western diplomats with BMW car ads
How Continuous Pen Testing Protects Web Apps from Emerging Threats
Xenomorph Android Banking Trojan Targeting Users in US, Canada
Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
Ransomware Attack Forces Canadian Mining Company to Shut Down Mill
Zabbix vulnerabilities added to CISA catalog | ZDNet
White House unveils consumer labeling program to strengthen IoT security
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state
RSA: Cisco launches SASE, offers roadmap for other cloud-based services
U.S., allies warn of rising recent and future attacks on managed service providers
New Stealer-as-a-Ransomware Delivered Through Fake Updates
Chinese MirrorFace APT group targets Japanese political entities
Government Agencies Release Blueprint for Secure Smart Cities
Panaseer Launches Guidance on Security Controls Ahead of EU’s New Legislation
Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong.
Hackers Meddle With Bing Chat Ads To Promote Malicious Links
Hundreds of Microsoft SQL servers backdoored with new malware
White House launches AI cyber competition to fix software vulnerabilities
Researchers release exploit details for Backstage pre-auth RCE bug
STARK#MULE Targets Koreans with U.S. Military-themed Document Lures
18-year-old charged with hacking 60,000 DraftKings betting accounts
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules
Underworld trends: criminals adopt DDoS attacks for extortion - report | CyberNews
Lazarus hackers breach aerospace firm with new LightlessCan malware
Meta’s AI-powered audio codec promises 10x compression over MP3
Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis
Canada bans WeChat, Kaspersky apps on government mobile phones
3 Steps to Automate Your Third-Party Risk Management Program
BEC Attackers Spoof CC'd Execs to Force Payment
Largest switching and terminal railroad in US investigating ransomware data theft
Alarming lack of cybersecurity practices on world’s most popular websites
Resecurity warns about cyber-attacks on data center service providers
Oracle Patches 185 Vulnerabilities With October 2023 CPU
CISA orders agencies to patch Backup Exec bugs used by ransomware gang
Ongoing supply chain attack targets Python developers with WASP Stealer
Chrome Browser Gets Major Security Update
Four common password mistakes hackers love to exploit
Motel One Discloses Ransomware Attack Impacting Customer Data
US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack
Until further notice, think twice before using Google to download software
Cisco fixes privilege escalation bug in Cisco Secure Client
Does the Free World Need a Global Cyber Alliance?
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining
SEC sues SolarWinds for misleading investors before 2020 hack
Log4j RCE activity began on December 1 as botnets start using vulnerability | ZDNet
Google to Pay $391 Million Fine For Silently Tracking User's Location
'Ransomed.Vc' Group Attacking Japanese Giants in New operations
LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities
US data compromises hit all-time high
LockBit Claims TSMC Hack, Demands $70m Ransom
Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations
Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw
Oracle Critical Security Update: 387+ New Security Vulnerabilities Patched
Lack of Breach Info on Notices Surges in Q1
Building automation giant Johnson Controls hit by ransomware attack
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
The growth in targeted, sophisticated cyberattacks troubles top FBI cyber official
TeamTNT's Silentbob Botnet Infecting 196 Hosts in Cloud Attack Campaign
Google Cloud blocks largest HTTPS DDoS attack ever
Nvidia’s Stolen Code-Signing Certs Used to Sign Malware
EU Wants to Toughen Cybersecurity Rules for Smart Devices
T-Mobile denies rumors of a breach affecting employee data
Moxa MXview Vulnerabilities Expose Industrial Networks to Attacks
White House rolls out millions in funding to combat K-12 cyberattacks
AWS kicks off cloud race to mandate MFA by default
Ransomware gang leaks data stolen from City of Oakland
Websites Hosting Fake Cracks Spread Updated CopperStealer Malware
Abcbot botnet has now been linked to Xanthe cryptojacking group | ZDNet
TSMC Targeted by LockBit via Supplier Breach
CISA and NSA Publish Top 10 Misconfigurations
Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks
Apple slaps hard against ‘mercenary’ surveillance-as-a-service industry
Sophos Firewall Password Disclosure Vulnerability: Patch Now!
Progress Software facing dozens of class action lawsuits, SEC investigation following MOVEit incident
DHS warns of critical flaws in Emergency Alert System devices
ICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches
Zimbra patches zero-day vulnerability exploited in XSS attacks
7 Steps to Kickstart Your SaaS Security Program
Detecting Windows AMSI Bypass Techniques
Congressman ‘coming for answers’ after ‘no-fly list’ hack
Windows CE, Microsoft’s stunted middle child, reaches end of support at 26 years
India Faces Surge in IM App Attacks With Trojan Campaigns
New 10 Best Web Application Firewall (WAF) - 2023
Apple issues emergency patches for spyware-style 0-day exploits – update now!
Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise
#InfosecurityEurope: Breaches Down and Security Culture Improving
UK Gun Owners May Be Targeted After Rifle Association Breach
Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group
Microsoft Patches 'Follina' Zero-Day Flaw in Monthly Security Update
Security Affairs newsletter Round 430 by Pierluigi Paganini – International edition
How Google Authenticator made one company’s network breach much, much worse
North Korean Hackers Bag Another $100m in Crypto Heists
North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist
CoinsPaid blames Lazarus hackers for theft of $37,300,000 in crypto
CoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency Heist
Samsung data breach: Lapsus$ gang stole Galaxy devices’ source code
Humans Need to Rethink Trust in the Wake of Generative AI
US Government Issues Open-Source Security Guidance for Critical Infras
CoinsPaid blames North Korea-linked APT Lazarus for theft of $37M worth of cryptocurrency
EU Officials Targeted with Pegasus Spyware
Rhysida ransomware gang claims attacks on governments in Portugal, Dominican Republic
In Other News: Funding Increase, Abuse of Smartphone Location Data, Legal Matters
Julenisserne Overvåger Brun Bjørn
Twitter account of FBI's fake chat app, ANOM seen trolling today
VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products
A Penetration Testing Buyer's Guide for IT Security Teams
Small drones are giving Ukraine an unprecedented edge
US law to compel firms to report cyber attacks
Cybrary Raises $25 Million to Tackle Cybersecurity Workforce Training
FBI Leads International Effort to Seize Domains for Notorious Genesis Market
Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams
A widespread logic controller flaw raises the specter of Stuxnet
Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition
ChatGPT, FraudGPT, and WormGPT Plays A Vital Role in Social Engineering Attacks
5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms
Iran-linked threat actors compromise US Federal Network
Former Navy IT Manager Sentenced to Prison for Hacking, Selling PII
SEC demands four-day disclosure limit for cybersecurity breaches
Ransomware: Conti gang is still in business, despite its own massive data leak | ZDNet
China to disclose secret US ‘global reconnaissance system,’ claims official
Changing cyber insurance guidance from Lloyd’s reflects a market in turmoil
#InfosecurityEurope: Cyber Leaders’ Plea to Tackle the Industry’s Mental Health Crisis
Stanford University investigating cyberattack after ransomware claims
Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
Open Source Flaws Found in 84% of Codebases
S3 Ep140: So you think you know ransomware?
FBI: State hackers exploiting new Zoho zero-day since October
China-based spies are hacking East Asian semiconductor companies, report says
Zero trust and why it matters to the Apple enterprise
Debit card fraud leaves Ally Bank customers, small stores reeling
How to manage a mass password reset due to a ransomware attack
Clorox resumes normal plant operations in the wake of cyberattack
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Biden Issues Executive Order on Safe, Secure AI
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
Serving startup nation: How Israel's cyber specialists work amid war
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website
New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise
Fifth of Government Workers Don't Care if Employer is Hacked
MGM Resorts says cyberattack cost $100 million, resulted in theft of customer info
Exploit Code Published for Critical VMware Security Flaw
North Korean hackers mix code from proven malware campaigns to avoid detection
CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities
Blockchain engineers’ Macs are targets of North Korea-linked malware
North Korean gov’t hackers targeted aerospace company in Spain
Cisco identifies another IOS XE vulnerability, with patches coming this weekend
Interpol Shuts Down Phishing Service '16shops'
Critical updates for Microsoft Office and Visual Studio drive September's Patch Tuesday
Too Rich To Ransomware? MGM Brushes Off $100M in Losses
Examining the Activities of the Turla APT Group
CISA orders federal agencies to update iPhones, Macs until Feb 25th
Zyxel Firewall Vulnerability lets Attackers Inject OS Commands
Aspen Cyber Summit 2023 — Live Coverage
Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates
Want to boost you cybersecurity? Here are ten steps you can take to improve your defenses now | ZDNet
Zoom patches critical vulnerability again after prior fix was bypassed
Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign
New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
Thanks, dad: jammer used to stop kids going online, wipes out a town's internet by mistake | ZDNet
Organizations tempt risk as they deploy code more frequently
New PaperCut critical bug exposes unpatched servers to RCE attacks
IT managers uneasy with snooping software: report
Emotet growing slowly but steadily since November resurgence
Amazon's AppStore is getting more apps and games on Windows 11
Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
Brave and DuckDuckGo Browsers Block Google AMP Tracking
Roaming Mantis uses new DNS changer in its Wroba mobile malware
How does Privileged Access Management work?
Pentagon moves closer to picking leader for top cyber job
Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System
NCSC Issues First-Ever Cybersecurity Guidance for the Construction Industry
Facebook to Pay $725 Million to Resolve Cambridge Analytica Scandal Case
European Bank Customers Targeted in SpyNote Android Trojan Campaign
Dallas: Royal ransomware gang infiltrated networks weeks before striking
Over 80,000 Unpatched Hikvision Cameras Exposed to Takeover
Morgan Stanley agrees to $60 million settlement in data breach lawsuit | ZDNet
Multiple Flaws Found in the Avada WordPress Theme and Plugin
Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group
Fake Chat App On Android Steals Signal and WhatsApp Data
Cloud computing security: New guidance aims to keep your data safe from cyberattacks and breaches | ZDNet
Critical Security Patches Issued by Microsoft, Adobe and Other Major Software Firms
FTC tracking developments at Twitter with 'deep concern' after CISO resigns
Multiple Vulnerabilities In Yellowfin BI Could Allow RCE Attacks
Guardz debuts with cybersecurity-as-a-service for small businesses
Prynt - Stealthy Malware Written in C/C++ Steal Directories, Credentials Using Process Injection
Apple Releases Update for iOS 12 to Patch Exploited Vulnerability
YouTube Users Targeted By RedLine Self-Spreading Stealer
TikTok Fined Over $5m for Cookie Violations
CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop
Socks5Systemz proxy service infects 10,000 systems worldwide
Microsoft CARs Deprecation in Exchange Online platform
New Linux botnet RapperBot brute-forces SSH servers
Rhysida ransomware group hacked King Edward VII’s Hospital
Hackers use fake crypto job offers to push info-stealing malware
73% of consumers trust what generative AI wants us to see
Microsoft previews new endpoint security solution for SMBs
New CISO appointments 2023
Software Patches Flaw on macOS Could Let Hackers Bypass All Security Levels
SAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANA
The Rise of the Rookie Hacker - A New Trend to Reckon With
Google researchers expose Iranian hackers' tool to steal emails from Gmail, Yahoo and Outlook
Security researchers take a look at Google's VPN by Google One app
Biden cyber officials see auto, food safety as models for security overhaul
8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses
ChatGPT’s new personalization feature could save users a lot of time
SAP's First Security Updates for 2023 Resolve Critical Vulnerabilities
SpecterOps Closes Series A Extension From Ballistic Ventures, Bringing Funding Round Total to $33.5M
Emergency Patch Released For GoAnywhere MFT Zero-Day Vulnerability
NPM packages found containing the TurkoRat infostealer
Holiday Hackers: How to Safeguard Your Service Desk
Microsoft says Russia hit Ukraine with hundreds of cyberattacks
Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw
Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials
Iranian hackers lurked in Middle Eastern govt network for 8 months
Kali Linux 2022.2 Released With 10 New Tools and Other Enhancements
W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts
University of Manchester says hackers ‘likely’ stole data in cyberattack
InQuest Labs: Man + Machine vs Business Email Compromise (BEC)
Demystifying Zero Trust
Police are sending messages to 70,000 people who may have fallen victim to phone scammers
U.S. No Fly list shared on a hacking forum, government investigating
Uber Drivers' Data Exposed in Breach of Law Firm's Servers
CISA touts ‘tremendous growth’ in vulnerability disclosure platform
Google fixed critical zero-click RCE in Android
SideCopy Using Action RAT and AllaKore RAT to infiltrate Indian Organizations
Threat actors abuse valid accounts using manual tactics, CrowdStrike says
Hackers Behind Twilio Breach Also Targeted Cloudflare Employees
BlueNoroff hackers steal crypto using fake MetaMask extension
FBI: Scammers likely to target US Student Loan Debt Relief applicants
North Korean hackers exploit critical TeamCity flaw to breach networks
200 Canon Printer Models May Expose Wi-Fi Connection Data
Critical Vulnerabilities Patched in Veeam Data Backup Solution
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks
Major Mississippi hospital system takes services offline after cyberattack
Security Affairs newsletter Round 427 by Pierluigi Paganini – International edition
COVID-19 data put for sale on Dark Web
10 Best Cloud Security Tools - 2023
QNAP fixes critical bug letting hackers inject malicious code
Apple and Google Join Forces to Stop Unauthorized Tracking Alert System
This stealthy hacking campaign uses a new trick to deliver its malware
Back to business: Cl0p ransomware gang is back | CyberNews
Mac Malware MacStealer Spreads as Fake P2E Apps
AhRat Android RAT was concealed in iRecorder app in Google Play
RTM Locker Ransomware Targets Linux Architecture
While Russian tanks attack, Ukrainian supporters hack back
ChatGPT Leveraged to Enhance Software Supply Chain Security
From the front lines of ‘the first real cyberwar’
A Google Cloud Build Vulnerability Could Aid Supply-Chain Attacks
Experts warn against ransomware complacency
WormGPT, the generative AI tool to launch sophisticated BEC attacks
Nearly 300 Vulnerabilities Patched in Huawei's HarmonyOS in 2022
Trulioo enhances identity verification with “person match” intelligent routing
Attackers exploiting critical flaw in many Zoho ManageEngine products
Google tackles open source security with vulnerability rewards program
Beep, a new highly evasive malware appeared in the threat landscape
Water sector in the US and Israel still unprepared to defeat cyber attacks
E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse
'Cities: Skylines' Gaming Modder Banned Over Hidden Malware
Open-source supply chain attacks expand to the banking sector
Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!
$1.3 billion lost to romance scams in the past five years: FTC | ZDNet
Indonesia's central bank confirms ransomware attack, Conti leaks data
Chinese hacking operation puts Microsoft in the crosshairs over security failures
15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack
Redditor creates working anime QR codes using Stable Diffusion
Ukrainian Police Bust Crypto Fraud Call Centers
Security Concerns Scupper Deals for Two-Thirds of Firms
World's tweeting wrong Liz Truss | Cybernews
Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition
NSA, CISA Issue Guidance on 5G Network Slicing Security
Using XDR to Consolidate and Optimize Cybersecurity Technology
Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation
Mysterious Mystic Stealer Spreads Like Wildfire in Mere Months
Security Affairs newsletter Round 384
Dropbox Hacked - Attackers Stolen 130 GitHub Repositories
How Ukrainians are using pirated movies to bring war's reality to Russian viewers
US counterintelligence shares tips to block spyware attacks
Apache Releases Log4j 2.17.1 Fixing Another Code Execution Flaw
Windows devices with newest CPUs are susceptible to data damage
23andMe's data incident.
$1.89B stolen from crypto investors in 2023
Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign
US Government Has Three Weeks to Patch Cyclops Blink Bug
SAP Patches Spring4Shell Vulnerability in More Products
Fraud Prevention Firm Fingerprint Raises $33 Million
Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update
University of Michigan warns that personal information was leaked during cyberattack
Google: Record Year for Zero Days in 2021
APT28 relies on PowerPoint Mouseover to deliver Graphite malware
Israeli hospital redirects new patients following ransomware attack
Titan Stealer: A New Golang-Based Information Stealer Malware Emerges
Chinese Hackers Targeting European Entities with New MQsTTang Backdoor
Chinese Hacker Group Deploy WinDealer Backdoor
The Alarming Rise of Infostealers: How to Detect this Silent Threat
Leveraging Wazuh to combat insider threats
Fake crypto giveaways steal millions using Elon Musk Ark Invest video
Microsoft enhances Windows 11 Phishing Protection with new features
Microsoft fixes Windows zero-day exploited in ransomware attacks
HPE, Extreme Networks working to address five vulnerabilities in widely used network switches
AuditBoard adds new AI and analytics capabilities for risk and compliance
91% of Cyber Pros Experience Mental Health Challenges at Work
TeslaGun Primed to Blast a New Wave of Backdoor Cyberattacks
Unusual Microsoft 365 Phishing Campaign Spoofs eFax Via Compromised Dynamics Voice Account
Stability AI releases Stable Diffusion XL, its next-gen image synthesis model
Microsoft finds macOS bug that lets hackers bypass SIP root restrictions
Pixiv, DeviantArt artists hit by NFT job offers pushing malware
German government warns of APT27 activity targeting local companies
FBI’s Qakbot operation opens door for more botnet takedowns
New ransomware LokiLocker bundles destructive wiping component
Microsoft Sinkholes Russian Hacking Group's Domains Targeting Ukraine
New York Power Authority to beef up cybersecurity with new IronNet, AWS deal | ZDNet
OpenSSL Fixed Two High Severity Vulnerabilities That Can be Exploited Remotely
Microsoft fixes Windows 10 search issues in Outlook desktop app
Vietnam Post exposes 1.2TB of data, including email addresses
Cyber Risk Index (2H’ 2021): An Assessment for Security Leaders
BleepingComputer's most popular cybersecurity and tech stories of 2021
Google Cloud Build bug lets hackers launch supply chain attacks
VMware Patches Five Critical Vulnerabilities in Workspace ONE Access
Global network of fake news sites push Chinese propaganda, researchers find
CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers
Schneider Power Meter Vulnerability Opens Door to Power Outages
Microsoft Sounds Alarm Over English-Speaking Octo Tempest
New Windows Meduza Stealer targets tens of crypto wallers and password managers
How to hack an unpatched Exchange server with rogue PowerShell code
Cyclops Ransomware Gang Offers Go-Based Info Stealer to Cybercriminals
XSS Vulnerabilities in Azure Services Let Attackers Execute Malicious Scripts
Trojan-Proxy Threat Expands Across macOS, Android and Windows
Atlassian patches critical RCE flaws across multiple products
Debate rages over Microsoft vulnerability practices after Follina, Azure issues
New ChatGPT Attack Technique Spreads Malicious Packages
White House Allocates $3.1bn to Cybersecurity in New Budget
FSF: Chrome’s JPEG XL killing shows how the web works under browser hegemony
NordVPN makes its Meshnet private tunnel free for everyone
FCC wants new data breach reporting rules for telecom carriers
Windows 10 KB5010342 & KB5010345 updates released
American Express down in outage: users report login and payment issues
The GTA 6 Map Leaked by Rockstar Employee’s Son: What’s Disclosed?
Cybercriminals bypass Windows security with driver-vulnerability exploit
Honeypot-Factory: The Use of Deception in ICS/OT Environments
Critical SAP vulnerabilities spur CISA, researcher pleas for urgent patching
VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products
I’m a security reporter and got fooled by a blatant phish
High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks
Guardz Launches AI-Powered Multilayered Phishing Protection To Secure SMEs
PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability
12 odd and interesting gift ideas for hackers in 2022
Security Affairs newsletter Round 364 by Pierluigi Paganini
Security firm Blumira discovers major new Log4j attack vector | ZDNet
SAP's December 2022 Security Updates Patch Critical Vulnerabilities
Two spyware sending data of more than 1.5M users to China were found in Google Play Store
GodFather Android malware targets 400 banks, crypto exchanges
Cisco looks to Splunk for security business growth
Google explains how Android malware slips onto Google Play Store
Amazon RDS Vulnerability Led to Exposure of Credentials
Sensitive records of over 280m Indian citizens exposed | Cybernews
Oracle Releases 520 New Security Patches With April 2022 CPU
Comm100 Chat Service Hacked In A Supply-Chain Attack
BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
Zoho urges fixing a critical SQL Injection flaw in ManageEngine
North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware
Cyber experts and officials raise alarms about exploits against Citrix and Apache products
CISA adds TP-Link, Apache, and Oracle bugs to its Known Exploited Vulnerabilities catalog
ViperSoftX info-stealing malware now targets password managers
Industry 4.0: CNC Machine Security Risks Part 2
Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers
Microsoft shares workaround for Outlook freezes, slow starts
New 'Carderbee' APT Targeted Chinese Security Software in Supply Chain Attack
The Different Methods and Stages of Penetration Testing
Study Reveals Inaudible Sound Attack Threatens Voice Assistants
New Windows 11 policy lets admins control optional updates installation
SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5
Global Retailers Must Keep an Eye on Their SaaS Stack
Bumblebee Malware Loader's Payloads Significantly Vary by Victim System
KeePass Exploit Allows Attackers to Recover Master Passwords from Memory
New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability
Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities
FoxBlade malware targeted Ukrainian networks hours before Russia’s invasion
Twilio, a texting platform popular with political campaigns, reports breach
Intel fixes high-severity CPU bug that causes “very strange behavior”
SAP Patches Information Disclosure Vulnerabilities in BusinessObjects
Microsoft Releases Patches for 130 Vulnerabilities, Including 6 Under Active Attack
Get 20% off Emsisoft's Enterprise Security EDR solution for the holidays
Cybersecurity M&A Roundup: 35 Deals Announced in February 2022
A new SharkBot variant bypassed Google Play checks again
Security Vulnerability In Dahua IP Cameras Could Allow Device Takeover
Critical SAP CVEs leave broad exposure, fixes require downtime
D-Link Hacked: Hackers Steal Source Code and Customer Personal Information
CISA and SAP warn about major vulnerability
Dope Security wants to help CISOs get a handle on shadow IT
Google Removes Dangerous Banking Malware From Play Store
Zoom for Mac patches sneaky “spy-on-me” bug – update now!
Inside the IT Army of Ukraine, ‘A Hub for Digital Resistance’
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job
Organizations Struggle to Fend Off Cloud and Web Attacks: Proofpoint Research
EU Officials Reportedly Targeted with Israeli Pegasus Spyware
Hackers Use Shapeshifting Tactics to Steal Information Stealing Malware
Office 365 phishing campaign that can bypass MFA targets 10,000 organizations
Experts warn of an emerging Python-based credential harvester named Legion
Chinese Hackers Expanding Cyber Capabilities to Exploit Zero-Day Vulnerabilities
Avaya sysadmin indicted for illegally generating, selling VoIP licenses
Exploitation of Control Web Panel Vulnerability Starts After PoC Publication
Meta’s new AI image generator was trained on 1.1 billion Instagram and Facebook photos
Iran hits Pennsylvania water utility.
Riot Games receives ransom demand from hackers, refuses to pay
First Windows 11 on Arm laptops arrive with Microsoft's Pluton chip. Here's why it matters | ZDNet
2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign
Atlassian addressed four new RCE flaws in its products
Navy contractor Austal USA confirms cyberattack after data leak
Cyber scammers are scamming each other, and revealing dark web secrets along the way
PlugX Trojan disguised as a legitimate Windows open-source tool in recent attacks
MoustachedBouncer hackers use AiTM attacks to spy on diplomats
Fedora ditches 'No Rights Reserved' software over patent concerns
Experts devised a new exploit for the PaperCut flaw that can bypass all current detection
FBI seized 13 domains linked to DDoS-for-hire platforms
U.S. Govt offers $10 Million Bounty on Info About Cl0p Ransomware Gang
Legion: New hacktool steals credentials from misconfigured sites
Chrome Security Update: 15 Critical Vulnerabilities Fixed, Over $60,000 Rewarded
Docker servers hacked in ongoing cryptomining malware campaign
ALPHV/BlackCat ransomware gang starts publishing victims’ data on the clear web
Myrocket HR platform’s data leak turns into privacy nightmare for employees
Cyber Command shares bevy of new malware used against Ukraine
The Ukrainian war has shaken up the cybercrime ecosystem, Google says
Hackers Can Use Emojis To Deliver Exploit To The Target
Ukraine’s top two cybersecurity officials axed amid embezzlement probe
Dark Web Revenue Down Dramatically After Hydra's Demise
AWS, Other Cloud Services Affected by Flaws in Eltima SDK
SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack
FTC to force ISP to deploy fiber for 60K users to match speed claims
Cisco warns of critical switch bugs with public exploit code
Microsoft Defender no longer flags Tor Browser as malware
New BotenaGo variant specifically targets Lilin security camera DVR devices
Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails
CacheWarp : A New Flaw in AMD's SEV Let Attackers Hijack Encrypted Virtual Machines
Telstra reminds organisations that managing cyber risks is not having 'bank-level security'
Chinese Researchers Detail Linux Backdoor of NSA-Linked Equation Group
Apple is sneaking around its own privacy policy — and will regret it
FBI Warns of Cryptocurrency Heists by North Korea's Lazarus Group
FIDO Alliance certifies security of edge nodes, IoT devices
Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer
Malware Targets People Looking to Pirate Oscar-Nominated Films
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
IBM is helping these schools build up their ransomware defenses | ZDNet
Hackers Use Fake Browser Updates to Install Malware on Users' Computer
US Agencies Warns of 'Vice Society' Ransomware Gang Targeting Education Sector
F5 warns its customers of tens of flaws in its products
What is Managed Device Attestation on Apple platforms?
A New Malware "Prynt" Comes Up As A Lethal Stealer, Keylogger, Clipper
EU data protection authority raises alarm over UN cybercrime treaty negotiations
Western Digital struggles to fix massive My Cloud outage, offers workaround
New ransomware attacks in Ukraine linked to Russian Sandworm hackers
10 Best Linux Vulnerability Scanners to Scan Linux Servers - 2023
Phishing goes KISS: Don’t let plain and simple messages catch you out!
New PaperCut Vulnerability Allows Remote Code Execution
HackerOne apologizes to Ukrainian hackers for mistakenly blocking payouts
Tens of Thousands of Websites Vulnerable to RCE Flaw in WordPress Plug-in
Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps
Oreo Cookie Maker Hacked - Over 50K-plus Employees' Personal Info Leaked
Russian-linked Android malware records audio, tracks your location
US CISA warns of a Samsung vulnerability under active exploitation
Israeli cybersecurity firm launches managed services offering for MSPs
New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprises Devices
China would consider attacks on US railroads, pipelines if it invades Taiwan, Easterly says
CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities
Packet Reflection Threats in Private 5G Networks
HP fixes severe bug in pre-installed Support Assistant tool
Check your SPF records: Wide IP ranges undo email security and make for tasty phishes | ZDNet
ASUS routers vulnerable to critical remote code execution flaws
Windows 11’s new kiosk mode lets admins limit available apps
US Govt launches Artificial Intelligence Cyber Challenge
Hacker leaks millions of new 23andMe genetic data profiles
Kaspersky Relocates Cyberthreat-Related Data Processing for Users in Latin America and Middle East to Switzerland
FIN7 hacking group member sentenced to five years behind bars | ZDNet
Microsoft accuses China of abusing vulnerability disclosure requirements
Cyberattacks pivot from large health systems to smaller hospitals, specialty clinics
W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA
Threat Actors Use Abnormal Certificates to Deliver Info-stealing Malware
Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws
SpecterOps Updates BloodHound Active Directory Mapping Tool
Cisco warns of bug that lets attackers break traffic encryption
Windows is in Moscow’s crosshairs, too
DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors
Supermicro's BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities
A deeper insight into the CloudWizard APT’s activity revealed a long-running activity
General Motors credential stuffing attack exposes car owners info
Deepfake celebrities begin shilling products on social media, causing alarm
Avoid Using Atlas VPN Until A Fix Arrives For The Zero-Day
Danni Brooke, to Spotlight the Role of Women in Cyber at Infosecurity Europe 2023
Cisco urges admins to fix IOS software zero-day exploited in attacks
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
New Malware Dubbed Mélofée Attacking Linux Servers
Twitter Blue Badge email scams – Don’t fall for them!
Hardcoded Accounts Allow Full Takeover of Technicolor Routers
Australia retailer's customer data compromised in third-party breach
OpenAI announces GPT-4, its next-generation AI language model
A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices 
New QakNote attacks push QBot malware via Microsoft OneNote files
Hackers Selling Malware on Dark Web Underground Market
Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem
Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
QakBot Malware Operators Expand C2 Network with 15 New Servers
Palo Alto Networks’ largest customers get no-cost incident response
Norway issues warning after ‘important businesses’ affected by Cisco zero-days
New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors
Rust-Based Botnet P2Pinfect Targets MIPS Architecture
Investigating APT36 or Earth Karkaddans Attack Chain and Malware Arsenal
Adobe Acrobat will soon power Microsoft Edge's PDF reader
BlackBerry to Split Cybersecurity, IoT Business Units
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs
Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks
TF-CSIRT – What is it all about? -
Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment
FBI: Email fraud keeps getting worse. Here's how to protect yourself | ZDNet
Kazakhstan-based hackers targeting gov’t websites in Central Asia, Cisco says
Researchers Demonstrate New Browser-Powered Desync Attack
CircleCI warns of security breach — rotate your secrets!
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign
New Matanbuchus Campaign drops Cobalt Strike beacons
Hacktivist Group 'Mysterious Team Bangladesh' Goes on DDoS Rampage
AP Stylebook Breach May Have Hit Hundreds of Journalists
Feds warn about right Royal ransomware rampage that runs the gamut of TTPs
Researchers Spot Novel “Deadglyph” Backdoor
The race towards renewable energy is creating new cybersecurity risks | ZDNet
WatchGuard Report: Malware Decreases but Encrypted Malware Up in Q2 2022
New Privilege Escalation Bug Class Found on macOS and iOS
Department of Justice seized $3 billion in Bitcoin found in underground safe and popcorn tin after Silk Road fraud
Microsoft Tightens OneNote Security by Auto-Blocking 120 Risky File Extensions
Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms
Abnormal Security expands threat protection to Slack, Teams and Zoom
Zoom’s AI terms overhaul sets stage for broader data use scrutiny
Indonesian Cybercriminals Exploit AWS for Profitable Crypto Mining Operations
PJCIS concerned TSSR's 'do your best' requirements are not enough anymore | ZDNet
VMware warns admins to patch ESXi servers, disable OpenSLP service
Conti Ransomware Group Poses $20 Million Threat to Costa Rican Government
Better Phishing, Easy Malicious Implants: How AI Could Change Cyberattacks
Uptycs launches agentless cloud workload scanning
Social Blade Confirms Breach After Hacker Offers to Sell User Data
Coalition to give NGOs free access to cybersecurity services to protect against attacks
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices
Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data
Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now
SSH Servers Hit in 'Proxyjacking' Cyberattacks
Experts spotted a backdoor that borrows code from CIA’s Hive malware
Second data wiper attack hits Ukraine computer networks
DHS undersecretary: Log4j problem is not over, may take ‘a decade or longer’
11 Best Compliance Management Software in 2023
Microsoft Teams Targeted in Midnight Blizzard Phishing Attacks
Sensitive data is being leaked from servers running Salesforce software
Vast majority of organizations are no longer vulnerable to MOVEit
Russia-linked Sandworm APT targets energy facilities in Ukraine with wipers
Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit
Microsoft Defender Bounty Program: Rewards up to $20,000 USD
Notorious cybercrime gang Conti 'shuts down,' but its influence and talent are still out there
Corporate website contact forms used to spread BazarBackdoor malware
Why Telecoms Struggle with SaaS Security
Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government
Adobe, Microsoft and Citrix vulnerabilities draw warnings from CISA
Israeli officials are being catfished by AridViper hackers | ZDNet
FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware
Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report
Europol arrested cryptocurrency scammers that stole millions from victims
WhatsApp Enhances Call Security With Location Hiding, Unknown Call Block
Procter & Gamble confirms data theft via GoAnywhere zero-day
Acer Firmware Flaw Lets Attackers Bypass Key Security Feature
India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First
RedEyes Hacking Group Uses Steganography Technique to Deploy Malware on PC & Mobile Phones
Lazarus group exploits Windows IIS servers to distribute malware
Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions
Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second
Breach at Flagstar Bank impacts more than 1.5M customers
University of Chicago researchers seek to “poison” AI art generators with Nightshade
Cyberattacks Rage in Ukraine, Support Military Operations
Will new EU crypto rules change how ransomware is played?
Yet another zero-day (sort of) in Windows “search URL” handling
Microsoft disrupts Russia-linked hacking group targeting defense and intelligence orgs
A Look Into Purple Fox’s Server Infrastructure
How safe is society’s critical infrastructure from infosec attacks?
PoS malware can block contactless payments to steal credit cards
Debunking the top five Bitcoin misconceptions
HPE OneView Vulnerability Let Attacker Bypass Authentication
Europol: ‘Key target’ in Ragnar Locker ransomware operation arrested in Paris
Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks
Microsoft removes Windows 11 update block for PCs with gaming issues
Malware dev says they can revive expired Google auth cookies
Hackers Exploit Zimbra and Roundcube Email Servers to Attack Government Organizations
Intel boosts VM security, guards against stack attacks in new Xeon release
Cyber venture capital funding on pace to hit four-year low
Critical Vulnerability in Oracle Cloud Infrastructure Allowed Unauthorized Access
China-based Fangxiao group behind a long-running phishing campaign
QNAP Extends Security Updates for Some EOL Devices
Do svidaniya, Kaspersky — goodbye
Windows 10 KB5031445 preview update fixes ctfmon.exe memory leak, 9 issues
Best Cyber Monday VPN deals 2022: Save on Surfshark, Atlas, and more
Grandoreiro banking malware targets Mexico and Spain
Pegasus Spyware Targeted UK Prime Minister, Say Researchers
Beware: Onyx ransomware destroys files instead of encrypting them
“Dirty Pipe” Linux kernel bug lets anyone write to any file
VirusTotal now has an AI-powered malware analysis feature
FTC Accuses CafePress of Data Breach
UPS discloses data breach after exposed customer info used in SMS phishing
Ukraine: Sandworm hackers hit news agency with 5 data wipers
Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid
Ilya Sachkov versus the Kremlin
US govt agencies released a joint alert on the Lockbit 3.0 ransomware
Previously unknown hacking group targets Hong Kong organizations in supply chain cyberattack
US Critical Infrastructure Targeted by AvosLocker Ransomware
Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories
Rebel offensive in Myanmar takes aim at online scam industry
Adobe Acrobat Sign abused to push Redline info-stealing malware
Snort Flaw Let Attacker to Trigger DoS Condition & Pass Malicious Traffic
Familiar names top 2021's most-exploited vulnerabilities list
New Android 14 Security Feature: IT Admins Can Now Disable 2G Networks
New Windows PowerToy OCR tool will let you copy text from images
Fake in-browser Windows updates push Aurora info-stealer malware
Colorado warns 4 million of data stolen in IBM MOVEit breach
Exploit released for critical VMware SSH auth bypass vulnerability
Google: Former Conti cybercrime gang members now targeting Ukraine
2 Years After Colonial Pipeline, US Critical Infrastructure Still Not Ready for Ransomware
Florida hospital takes IT systems offline after cyberattack
3CX hack highlights risk of cascading software supply-chain compromises
Darknet drug markets move to custom Android apps for increased privacy
Apple patches everything, finally reveals mystery of iOS 16.1.2
How Shady Code Commits Compromise the Security of the Open-Source Ecosystem
New PowerDrop Malware Targeting U.S. Aerospace Industry
Open Source Security Foundation Now Counts 60 Members
New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools
Security Affairs newsletter Round 423 by Pierluigi Paganini – International edition
Microsoft Patch Tuesday for October 2022 doesn’t fix Exchange Server flaws
Qualys now supports macOS in its cloud security tools
Medusa ransomware gang picks up steam as it targets companies worldwide
Free Download Manager releases script to check for Linux malware
Police Insider Tipped Off Criminal Friend About EncroChat Bust
US OMB releases guidance on federal agency software security requirements
Iran law ‘will force tech firms to spy on citizens’
Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor
Dad takes down town's internet by mistake to get his kids offline
NCSC Announces New Standard For Indicators of Compromise
Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels
Critical Cisco IOS XE vulnerability gives attackers control of devices
Atlassian fixes critical command injection bug in Bitbucket Server
September Android updates fix zero-day exploited in attacks
Famed Hacker Kevin Mitnick Dead at 59
Amazon Rolls Out Independent Cloud for Europe to Address Stricter Privacy Standards
FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors
Atlassian Confluence Vulnerabilities Exploited To Deploy Effluence Backdoor
Researchers Discover Malware Actively Targeting Digium VoIP Phones
Atlassian announces 0-day hole in Confluence Server – update now!
18 Best Web Filtering Solutions - 2023
New tool exploits Microsoft Teams bug to send malware to users
Sorting Through Haystacks to Find CTI Needles
New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector
Chinese hackers target European embassies with HTML smuggling technique
Chinese Hacker Steals Microsoft Signing Key, Spies on US Government
Espionage Attacks in North Africa Linked to
Ransomware affects the entire retail supply chain this holiday season | ZDNet
Cybercrime: Dark web carding forum users are getting worried after a string of shutdowns | ZDNet
North Korean Cyberspies Target GitHub Developers
Microsoft releases Windows 11 23H2 as an enablement package
Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw
Hackers stole $3 million worth of cryptocurrency from BTC.com
Bloomberg Crypto X account snafu leads to Discord phishing attack
Ransomware Deals Deathblow to 157-year-old College
Experts Discover Flaw in U.S. Govt's Chosen Quantum-Resistant Encryption Algorithm
SolarWinds ready to move past breach and help customers manage theirs | ZDNet
A man has been charged with a cyber attack on the Discovery Bay water treatment facility
Ransomware Leak Site Victim Numbers Fall by 25% in Q1 2022
Stolen Data on 80K+ Members of FBI-Run InfraGard Reportedly for Sale on Dark Web Forum
How to Fix a Hacked Computer - Guide To Secure Your Computers - 2023
Apple discloses 2 new zero-days exploited to attack iPhones, Macs
Anonymous Arabia Targets UAE’s Largest Bank FAB in Cyberattack
Why Choose When You Can Have Both? IT Management OR IT security
Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?
HYAS Unveils New Tool for Continuous DNS Monitoring
Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches
Google Bard launches in EU, overcoming data privacy concerns in the region
The Week in Ransomware - October 27th 2023 - Breaking Records
Cyberspace Solarium Commission calls for sustained investment in defense
Half of Security Leaders Consider Quitting
In Other News: Cybersecurity Funding Rebounds, Cloud Threats, BeyondTrust Vulnerability
Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign
Russian Influence Duo Targets Politicians, CEOs for Embarrassing Video Calls
Severe Security Flaw in Microsoft Teams Desktop App
LOLBAS in the Wild: 11 Living-Off-The-Land Binaries Used for Malicious Purposes
Scammers hijack YouTube channels to promote Elon Musk-themed crypto schemes
Vectra AI unveils XDR platform with real-time attack signal intelligence
Meta Proposes Revamped Approach to Online Kill Chain Frameworks
T-Mobile to Pay $350m Settlement in Breach Case
Chainguard Bags Massive $50M Series A for Supply Chain Security
Cisco joins long list of security companies supporting Ukraine
Legal Practice Fined £100k After Hacker Stole Court Info
New Microsoft Azure AD CTS feature can be abused for lateral movement
Microsoft Teams stores cleartext auth tokens, won’t be quickly patched
Stealc, a new advanced infostealer appears in the threat landscape
Convergence Ahoy: Get Ready for Cloud-Based Ransomware
White House to roll out array of cyber initiatives to bolster K-12 defenses
Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization
Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs
Mass exploitation of critical MOVEit flaw is ransacking orgs big and small
Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities
New Jailbreak Attacks Uncovered in LLM chatbots like ChatGPT
Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability
TA2541: APT Has Been Shooting RATs at Aviation for Years
US Cyber Command Team Helps Lithuania Protect Its Networks
Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023
OpenAI board attempts to hit “Ctrl-Z” in talks with Altman to return as CEO
ChatGPT For Penetration Testing - An Effective Reconnaissance Phase of Pentest
Phishing attacks are getting scarily sophisticated. Here's what to watch out for
Australia sees rise in cybercrimes on back of 'destructive' ransomware, state actors
Windows 11 is getting a built-in passkey manager for Windows Hello
S3 Ep135: Sysadmin by day, extortionist by night
ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric
Wireshark 4.0.4 Release - What's New!
Nvidia wants to speed up data transfer by connecting data center GPUs to SSDs
The Week in Ransomware - December 9th 2022 - Wide Impact
BlackCat Ransomware Strikes Ho Chi Minh City Power Corporation
AP News Site Hit by Apparent Denial-of-Service Attack
Federal privacy legislation is the ‘foundation for any AI efforts,’ key lawmaker says
CISA discovered a new backdoor, named Whirlpool, used in Barracuda ESG attacks
Ransomware attacks are increasing with more dangerous hybrids ahead
White House Unveils Cybersecurity Labeling Program for Smart Devices
Nearly 70% of tested ServiceNow instances leaking data
Pro-Palestinian group GhostSec hacked Berghof PLCs in Israel
Password-stealing “vulnerability” reported in KeePass – bug or feature?
More than 2,000 cybersecurity patent applications filed since 2010: report
Hackers Use Fake Update Page Mimicking Victim's Browser to Deliver NetSupport RAT
Samsung Galaxy S22 hacked again on second day of Pwn2Own
New NCUA Rule Requires Swift Cyber Incident Reporting
Experts warn of a surge in NetSupport RAT attacks
How the FBI nuked Qakbot malware from infected Windows PCs
Hackers Infect Linux Machines with Rootkits via Apache ActiveMQ Vulnerability
GCHQ Reveals Details of State-Backed Breach
Rackspace scrambles to assist customers as ransomware probe continues
Mixin Network suspends operations following $200 million hack
Probing Weaponized Chat Applications Abused in Supply-Chain Attacks
Dragon Breath APT uses double-dip DLL sideloading strategy
5 Phases of Russian Cyber Playbook in Attacks Against Ukraine
Neuberger: New global initiatives will include information sharing, ransomware payment tracking
A Data Exfiltration Attack Scenario: The Porsche Experience
Microsoft Confirms: Lapsus$ Compromised One Employee's Account
Botnets, Trojans, DDoS From Ukraine and Russia Have Increased Since Invasion
Basic home office hacks: 8 things you need to elevate your workspace
US surprises Nvidia by speeding up new AI chip export ban
Microsoft announces Security Copilot early access program
Amazon adds passkey support as new passwordless login option
Qakbot Is Back With a New Trick: DLL Sideloading
Five Eyes Agencies List Top 15 Most Exploited Bugs of 2021
Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor
Ronin Crypto Heist of $618m Traced to North Korea
New Tsunami botnet targets Linux SSH servers
Microsoft Patches Two Zero Days This Month
New ‘White Rabbit’ Ransomware May Be New FIN8 Tool
Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks
COSMICENERGY - New OT Malware Causes Electric Power Disruption
Biden gives defense, intel agencies 180 days to apply MFA, encryption
REvil prosecutions reach a 'dead end,' Russian media reports
Serious Security: Why learning to touch-type could protect you from audio snooping
Serious Security: Browser-in-the-browser attacks – watch out for windows that aren’t!
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day
Zyxel Firewalls Under Attack! Urgent Patching Required
Dark Web Drug Peddler Gets Nine Years
Smart Mobility has a Blindspot When it Comes to API Security
Microsoft Exchange Online outage blocks access to mailboxes worldwide
State-Sponsored Sidewinder Hacker Group's Covert Attack Infrastructure Uncovered
Okta hit by third-party data breach exposing employee information
Ransomware Business Models: Future Pivots and Trends
Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability
New Truebot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm
Five easy steps to keep your smartphone safe from hackers
NSA Publishes ICS/OT Intrusion Detection Signatures and Analytics
Mideast governments accused of using fake dating profiles in arrests of LGBT people
New Mirai Variant Campaigns are Targeting IoT Devices
New BBTok Banking Malware Server-Side Software Generates Victim-Specific Payload
Xiaomi's MIUI now flags Telegram as dangerous in China
AI Boosts Malware Detection Rates by 70%
Russian Sandworm hackers pose as Ukrainian telcos to drop malware
CrowdStrike to Acquire Cloud-Native App Security Startup Bionic for $350 Million
ParaSiteSnatcher How Malicious Chrome Extensions Target Brazil
How to use Google passkeys for stronger security on Android
WannaCry ransomware impersonator targets Russian "Enlisted" FPS players
How to Combat the Biggest Security Risks Posed by Machine Identities
Microsoft warns of emerging 'ice phishing' threat on blockchain, DeFi networks | ZDNet
Clorox CISO departs months after cyberattack
Twitter confirms zero-day used to expose data of 5.4 million accounts
"PowerDrop" PowerShell Malware Targets US Aerospace Industry
Massive ransomware attack hinders services in 70 German municipalities
US probing federal court records system breach | Cybernews
“Do not open robots,” warns Oregon State amid college food delivery bomb prank
Okta hit by another breach, this one stealing employee data from 3rd-party vendor
Meta Cripples China's Signature 'Spamouflage' Influence Op
Here's how hackers used the Log4j flaw to gain access before moving across a company's network | ZDNet
Google Bard AI Causes $100 Billion Loss With Wrong Answers
AI to Create Demand for Digital Trust Professionals, ISACA Survey Find
SEC cyber disclosure rules: What’s the role of the CIO?
SAP releases security updates fixing five critical vulnerabilities
New York man defrauded thousands using credit cards sold on dark web
Atlassian & Bamboo RCE Flaw Let Attacker Execute Arbitrary Code
ICO Slashes Government Data Breach Fine
Divided oversight panel recommends new limits for Section 702 searches
CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs
Organizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of Exploited Flaws
Google Fixes 26 Bugs Amid Fake Update Warning
The Psychology of Ransomware Response
Top 10 Best Zero Trust Security Vendors - 2023
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away
Will the Crypto Crash Impact Cybersecurity in 2023? Maybe.
We interviewed Linux OS through an AI bot to discover its secrets
SASE Firm Cato Networks Raises $238 Million at $3 Billion Valuation
FBI: Lazarus Group Is Responsible For $100 Million Harmony Crypto Theft
Biden-Harris Administration Secures AI Commitments For Safety
MGM Resorts Reveals Over $100M in Costs After Ransomware Attack
Jail Releases 300 Suspects Due to Computer
Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
Malicious packages in the NPM designed for highly-targeted attacks
Adobe’s AI image generators get beefy updates, including vector graphics
Malwarebytes issues fix for Chrome broken by Windows 11 KB5027231
Google accuses Spanish spyware company of ties to zero-day exploitation framework
Best YubiKey: You need this cheap security tool | ZDNet
Attackers find new ways to deliver DDoSes with “alarming” sophistication
From AI with love: Scammers integrate ChatGPT into dating-app tool
More than $30 million seized from North Korean hackers involved in Axie crypto-theft
Senate committee advances Fick nomination as State Department’s top cyber diplomat
Google targets fake business reviews network in new lawsuit
Best cybersecurity schools and programs | ZDNet
UK to Place Security Requirements on App Developers and Store Operators
Security Turbulence in the Cloud: Survey Says…
Hackers Using Money-Making Scripts to Deliver Multiple Malware
MongoDB rolls out queryable encryption to secure sensitive data workflows
Microsoft shares details for a Gatekeeper Bypass bug in Apple macOS
New CVSS Version Unveiled Amid Rising Cyber Threats
Majority of GAO's Cybersecurity Recommendations Not Implemented by Federal Agencies
Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling
Dead or Alive? An Emotet Story
Recent legal developments bode well for security researchers, but challenges remain
Ivanti fixed a new critical Sentry API authentication bypass flaw
US Charge Man with Running Stolen Credentials Marketplace
Stolen ChatGPT premium accounts up for sale on the dark web
CISA, FBI Warning: Truebot Hackers Exploiting Netwrix Auditor Flaw
S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
Chinese Hackers use .chm files to Hijack Execution Chain and Deploy Malware
US dismantled the Russia-linked Cyclops Blink botnet
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
(ISC)2 Urges Countries to Strengthen Collaboration on Cybersecurity Regulation
What exactly will the UK government's global AI Safety Summit achieve?
Popular open source project Moq criticized for quietly collecting data
Cybersecurity agencies reveal last year’s top malware strains
Hackers seen exploiting bugs in browsers and popular file transfer tool
Forward Momentum: Key Learnings From Trend Micro’s Security Predictions for 2024
WordPress Ninja Forms plugin flaw lets hackers steal submitted data
ICS Patch Tuesday: Siemens Fixes 7 Vulnerabilities in Ruggedcom Products
Russian cyberspies hit NATO and EU organizations with new malware toolset
Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws
Threat Actor Names Proliferate, Adding Confusion
Espionage group uses webmail server zero-day to target European governments
Revolut hack exposes data of 50,000 users, fuels new phishing wave
North Korean Software Supply Chain Attack Hits North America, Asia
Manufacturers Failing to Address Cybersecurity Vulnerabilities Liable Under New European Rules
Ragnar Locker ransomware claims attack on Portugal's flag airline
Windows Autopatch - Feature to Keep Endpoints up-to-date
Nigerian man pleads guilty to attempted $6 million BEC email heist
Criminal IP & Cisco SecureX/XDR: Enhanced Cyber Threat Analysis
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming
June 2023 Security Update for Android fixed Arm Mali GPU bug used by spyware
APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia
IcedID and Cobalt Strike vs Antivirus
Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign
Microsoft Launches Bug Bounty Program For AI Bing Across All Products
98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes
FTC orders non-bank financial firms to report breaches in 30 days
In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine
The Week in Ransomware - November 3rd 2023 - Hive's Back
Atlassian, Apple warn customers of zero-days used in attacks
Microsoft: Hackers target cryptocurrency firms over Telegram
Don't Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims
New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia
How DDoSers used the HTTP/2 protocol to deliver attacks of unprecedented size
CircleCI Hacked via Malware on Employee Laptop
Rust devs push back as Serde project ships precompiled binaries
AI chatbots can infer an alarming amount of info about you from your responses
IcedID to XingLocker Ransomware in 24 hours
What's the State of Credential theft in 2023?
Law enforcement takes down crypto exchange allegedly used to launder $15 million in ransomware payments
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data
Donot Team APT will strike gov't, military targets for years - until they succeed | ZDNet
Malvertising campaign MasquerAds abuses Google Ads
Palo Alto security software stung by ransomware strain
Rhysida Ransomware Attacking Windows Machine Through VPN Devices and RDP
Top cybersecurity product news of the week
Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown
Darkweb market BidenCash gives away 1.2 million credit cards for free
Malicious extensions can abuse VS Code flaw to steal auth tokens
Thoma Bravo to Acquire Ping Identity for $2.8 Billion
Microsoft Visual Studio Code flaw lets extensions steal passwords
Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware
Mozi malware botnet goes dark after mysterious use of kill-switch
Meet the Unique New "Hacking" Group: AlphaLock
How an unpatched Microsoft Exchange 0-day likely caused one of the UK’s biggest hacks ever
Log4j zero-day gets security fix just as scans for vulnerable systems ramp up
Donut extortion group also targets victims with ransomware
Comcast stock falls as company fails to add Internet users for first time ever
Police bust ransomware ring behind attacks in 71 countries
Cryptomining Attack Exploits Docker API Misconfiguration Since 2019
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware
Ivanti warns of new actively exploited MobileIron zero-day bug
QNAP Eliminates Server Responsible for Extensive Brute-force Attacks
Organizations Face a ‘Losing Battle’ Against Vulnerabilities
Kansas courts IT systems offline after ‘security incident’
Microsoft warning: These phishing attackers used fake OAuth apps to steal email
Google has released Chrome 98 to fix active Zero-day Exploits
Qakbot Gang Still Active Despite FBI Takedown
FanDuels warns of data breach after customer info stolen in vendor hack
OwnCloud Critical Vulnerability Exploited in the Wild
China-Linked EvilBamboo Targets Mobiles
Message to IT: Yes, you should install Apple security updates
CISA Warns Against Malicious Use of Legitimate RMM Software
SEC sues SolarWinds and its CISO for fraudulent cybersecurity disclosures
Russian Hackers Deploy Sophisticated Snake Loader Malware Worldwide
Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
Facebook to pay hackers up to $300,000 to uncover remote code execution bugs
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
U.S. Treasury Targets Russian Money Launderer in Cybercrime Crackdown
Top 10 Best Insider Risk Management Platforms - 2023
Tracked by hidden tags? Apple and Google unite to propose safety and security standards…
Insider risks are getting increasingly costly
10 Best Bot Protection & Mitigation Software - 2023
Apple emergency updates fix 3 new zero-days exploited in attacks
SMBs don't see need for cyber insurance since they won't experience security incidents
SIM-based Authentication Aims to Transform Device Binding Security to End Phishing
Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks
Serious Breach at Uber Spotlights Hacker Social Deception
Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter
Hackers Use Archive Files and HTML Smuggling to Bypass Detection Tools
Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability
Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware
What are Bitwarden Organizations and how do you use them?
Ardent Health Services Grapples With Ransomware Disruption
NIST Updates Supply Chain Cybersecurity Guidance
DOJ unseals indictments of four Russian gov’t officials for cyberattacks on energy companies
EXCLUSIVE: Rounding up a cyber posse for Ukraine
Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware
Best Bluetooth tracker 2022: Never lose your keys again | ZDNet
Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages
LofyGang Cybercrime Group Used 200 Malicious NPM Packages for Supply Chain Attacks
No code, no problem—we try to beat an AI at its own game with new tools
CISA Adds 66 Vulnerabilities to 'Must Patch' List
LockBit Affiliates Exploiting Citrix Bleed, Government Agencies Warn
10 Best Cloud VPN Providers - 2023
Meet Nord Security: The company behind NordVPN wants to be your one-stop privacy suite | ZDNet
Glitch in system upgrade identified as cause of delays at Singapore immigration
10 Best VPN Alternative Solutions in 2023
Canadian government investigating hacking incident | ZDNet
Microsoft Patch Tuesday April Fixed 97 Flaws Including 1 Zero-Day
Microsoft: We are tracking these 100 active ransomware gangs using 50 types of malware
Z-Library eBook site disrupted again by FBI domain seizures
Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware
Most organizations globally have implemented zero trust
Experts found 10 malicious packages on PyPI used to steal developers’ data
Failure to verify OAuth tokens enables account takeover on websites
London Honeypots Attacked 2000 Times Per Minute
Crooks are using lures related to Her Majesty Queen Elizabeth II in phishing attacks
North Korea-linked hackers stole $626 million in virtual assets in 2022
Over 50K Cisco IOS XE Devices Hacked Exploiting Zero-day
Microsoft Blames Clop Affiliate for PaperCut Attacks
Lazarus hackers Attack VMware Servers Using Log4Shell Exploits
Microsoft disputes report that Chinese hackers could have accessed suite of programs
The Market Is Teeming: Bargains on Dark Web Give Novice Cybercriminals a Quick Start
MITRE and CISA Release Open Source Tool for OT Attack Emulation
Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default
FBI warning: This new ransomware makes demands of up to $500,000 | ZDNet
Initial access broker posts targeting banks increase on dark web
Emotet Resurfaces Yet Again After 3-Month Hiatus
Cloud Security Firm Kivera Raises $3.5 Million in Seed Funding
Dozens of Organizations Targeted by Akira Ransomware
Cloudflare raises monthly plan prices for the first time
Cyber Safety Review Board to probe Lapsus$ ransomware spree
NUVOLA: the new Cloud Security tool
Over 60K Adware Apps Posing as Cracked Versions of Popular Apps Target Android Devices
Charter loses home Internet customers, blames end of COVID subsidy program
Cloudflare’s CAPTCHA replacement lacks crosswalks, checkboxes, Google
CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
MIRLE Group Targeted by Notorious LockBit Ransomware Group
PyTorch suffers supply chain attack via dependency confusion
ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation
Industry Coalition Calls For Enhanced Network Resilience
Hook: New Android Banking Trojan That Expands on ERMAC's Legacy
Microsoft now rolling out Copilot to Windows 10 devices
Over 40,000 admin portal accounts use 'admin' as a password
Legendary Hacker Kevin Mitnick Died At The Age Of 59
Canadian Government Targeted With DDoS Attacks by Pro-Russia Group
Tech manufacturers are leaving the door open for Chinese hacking, Easterly warns
OpenAI employees revolt after board names new CEO and Altman heads to Microsoft
Protect Your Company: Ransomware Prevention Made Easy
Vulnerability In FreeIPA System Could Expose User Credentials
North Korean hackers exploit known bug in ‘high-profile’ software vendor
White House: Russia Preparing Cyber-Attacks on US
Radiant Snags $15 Million for AI-Powered SOC Technology
France Fined Microsoft Over 60 Million Euros for Using Advertisement Cookies Without Consent
APC warns of critical unauthenticated RCE flaws in UPS software
Iranian Crambus Actors Modify Windows Firewall Rules To Enable Remote Access
Microsoft warns of Russian cyberattacks throughout the winter
PayPal sued for negligence in data breach that affected 35,000 users
Developer creates “self-healing” programs that fix themselves thanks to AI
Ransomware group strikes second U.S. health care system in the last two months
Guide: Alert Overload and Handling for Lean IT Security Teams
Outlook for the web outage impacts users across America
Acer Hacked - Over 160GB of Data for Sale on Hacking Forum
Sydney University Suffers Supply Chain Breach
Uber Data Leaked Following Breach at Third-Party Vendor
Microsoft Said that Hackers Use Google Ads to Deliver Royal Ransomware Payloads
QCT Servers Affected by 'Pantsdown' BMC Vulnerability
Hackers use WormGPT to Launch Sophisticated cyberattacks
Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022
An actively exploited Microsoft 0-day flaw still doesn’t have a patch
Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks
Securonix Secures Over $1B in Growth Investment From Vista Equity
drIBAN Fraud Operations Target Corporate Banking Customers
Baidu shares fall after Ernie AI chatbot demo disappoints
Microsoft: Ransomware groups, nation-states exploiting Atlassian Confluence vulnerability
Join Our Webinar: Learn How to Defeat Ransomware with Identity-Focused Protection
In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools
ChatGPT for Software Security: How it Assists Attackers & Security Analysts
Kaspersky released a new decryptor for Conti-based ransomware
'BEC 3.0' Is Here with Tax-Season QuickBooks Cyberattacks
Russia bans Google News for "unreliable" info on war in Ukraine
10 Best UTM Software (Unified Threat Management Solutions) - 2023
North Korean hackers linked to attempted supply-chain attack on JumpCloud customers
Salesforce-owned Heroku faces backlash over handling of stolen user credentials
Top 11 Best DNS Filtering Solutions - 2023
European firm DSIRF behind the attacks with Subzero surveillance malware
Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police
NordVPN and Surfshark announce merger | ZDNet
Tenable CEO accuses Microsoft of negligence in addressing security flaw
10 Best Secure Web Gateway Vendors in 2023
US Charges Six in Operation Targeting 48 DDoS-for-Hire Websites
FBI and CISA: Here's what you need to know about DDoS attacks
Is Cybersecurity Awareness Month Anything More Than PR?
Probe of school surveillance software finds privacy abuses, inaccurate results
Charming Kitten APT Wields New Scraper to Steal Email Inboxes
The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late
New Go-based Redigo malware targets Redis servers
Leaks reveal the surprisingly mundane reality of working for a ransomware gang | ZDNet
Black Hat 2022: Ten Presentations Worth Your Time and Attention
New SLP Vulnerability Could Enable Massive DDoS Attacks
Ransomware attacks against healthcare organizations.
Microsoft attackers may have data access beyond Outlook, researchers warn
Google to Pay $29.5 Million to Settle Lawsuits Over User Location Tracking
FCC proposes record $300 million fine against auto warranty robocall campaign
How to Protect Patients and Their Privacy in Your SaaS Apps
Google offers free DDoS protection to Ukrainian organizations | CyberNews
Ransomware attacks doubled year on year. Are organizations equipped to handle the evolution of Ransomware in 2023?
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
Threat Actors Employ Remote Admin Tools to Gain Access over Corporate Networks
Ransomware attackers are targeting exposed Microsoft SQL databases, report says
Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World
Exela Stealer Attacking Discord Users to Steal Login Credentials
New AXLocker Ransomware Steals Victims' Discord Tokens
California-based workforce platform Prosperix leaks drivers licenses and medical records
Ukraine intelligence takes credit for Russia’s aviation agency hack
Security leaders don't control budgets, even with mounting threats
Microsoft: Clop and LockBit ransomware behind PaperCut server hacks
What is Data Security Posture Management (DSPM)?
OneLayer Emerges From Stealth With $8.2M to Build Security for Private 5G Networks
Twitter CEO: we suspend over half a million spam accounts every day | CyberNews
ICO calls social media firms to protect people's data from scraping
Not patched Log4j yet? Assume attackers are in your network, say CISA and FBI
Microsoft’s CISO on why cloud matters for security response
Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin
Five Cybersecurity Predictions for 2024
Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials
Zeppelin Ransomware Victims May Need Multiple Decryption Keys
AI’s Future Could be Open-Source or Closed. Tech Giants Are Divided as They Lobby Regulators
Microsoft is scanning the inside of password-protected zip files for malware
In Airbnb, Cybercriminals Find a Comfortable Home for Fraud
D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack
US bans sales of Huawei, Hikvision, ZTE, and Dahua equipment
Hacked Ukrainian Military Emails Used in Attacks on European Governments
How do I monitor privileged accounts?
Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group
CISA Issues MuddyWater Warning
CXOs and directors are growing wary of generative AI: Report
Machine Learning in 2022: Data Threats and Backdoors?
SuperMailer Abuse Bypasses Email Security for Super-Sized Credential Theft
It's time to stop hoping that cybersecurity problems will just go away | ZDNet
#BHUSA: What has Changed in the Post-Stuxnet Era?
Cyber-Criminals Are Using Mining Pools to Launder Crypto
Over 10,000 Cisco devices hacked in IOS XE zero-day attacks
Google Chrome emergency update fixes 5th zero-day exploited in 2023
Google Announces New Privacy, Safety, and Security Features Across Its Services
Biden Signs Post-Quantum Cybersecurity Guidelines Into Law
Apple: Hackers Might Be Exploiting This WebKit Flaw to Attack iPhones
5 top threats from 2022 most likely to strike in 2023
New DDoS amplification vector could enable massive attacks
Dependencies in LLM packages open apps to vulnerabilities: Report
Malware campaign impersonates VC firm looking to buy sites
What's Wrong with Manufacturing?
Manufacturing Top Targeted Industry in Record-Breaking Cyber Extortion
How to Improve Your API Security Posture
Cyber Extortion Growing Exponentially in Africa, Middle East and China, Finds Orange
How MDR Helps Solve the Cybersecurity Talent Gap
Hackers abuse Google Ads to spread malware in legit software
URL Parsing-Library Bugs Allow DoS, RCE, Spoofing & More
SecurityAffairs Top 10 cybersecurity posts of 2022
Hackers claim to have breached TikTok | Cybernews
Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges
The VC View: Incident Response and SOC Evolution
QNAP Urged customers to disable UPnP Port on their Routers
Passkeys may not be for you, but they are safe and easy—here’s why
BlackCat ransomware gang behind Reddit breach from February
Ransomware Halts Operations at Japan's Port of Nagoya
‘Elephant Beetle’ spends months in victim networks to divert transactions
The VC View: The DevSecOps Evolution and Getting "Shift Left" Right
Gay hookup site typosquatted by 50 domains to push dodgy Chrome extensions
Supply Chain Attack Targets Customer Engagement Firm Comm100
Power Management Devices Flaw Let Attackers Shutdown Data Center
Hackers Have Earned More Than $300 Million on the HackerOne Platform
Are You Guilty of These 8 Network-Security Bad Practices?
Reddit was hit with a phishing attack. How it responded is a lesson for everyone
Dev Sabotages Popular NPM Package to Protest Russian Invasion
Cybersecurity Experts Cast Doubt on Hackers' ICS Ransomware Claims
Fifth of ICS Bugs Have No Patch Available
Brightline data breach impacts 783K pediatric mental health patients
Over a Third of Recent ICS Bugs Still Have No Vendor Patch
Many ICS flaws remain unpatched as attacks against critical infrastructure rise
Winning the Mind Game: The Role of the Ransomware Negotiator
Audio codec flaw left two-thirds of Android smartphones vulnerable to spying | CyberNews
MOVEit vulnerability ensnares more victims
FBI Dismantle the Notorious Qakbot Infrastructure Used For Ransomware Attacks
Criminal IP and Tines Forge Powerful Tech Alliance
Privacy watchdog chair Sharon Bradford Franklin on the fraught surveillance renewal debate
Check Point Plans to Purchase Perimeter 81's SASE Solution for About $490 Million
Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw
New Windows malware also steals data from victims’ mobile phones
Twitter source code indicates end-to-end encrypted DMs are coming
North Korea-linked TA444 group turns to credential harvesting activity
Twitter is down with "Something went wrong" errors
UK NHS: Threat actor targets VMware Horizon servers using Log4Shell exploits
Of Cybercriminals and IP Addresses
RTLS systems vulnerable to MiTM attacks, location manipulation
Cybersecurity Concerns Rise Amidst Tipalti Data Breach, X Might be Next!
Raspberry Robin Worm Hatches a Highly Complex Upgrade
The Week in Ransomware - April 14th 2023 - A Focus on Stolen Data
Ransomware Targeted 14 of 16 U.S. Critical Infrastructure Sectors in 2021
US Charges Russian Hackers Over Infamous Triton, Havex Cyberattacks on Energy Sector
Cyber-Attacks on Port of LA Double
Microsoft fixes flaw after being called irresponsible by Tenable CEO
Uber hacked, internal systems and confidential documents were allegedly compromised
In Other News: Utilities Targeted by Hackers, Aerospace Attacks, Killnet Leader Unmasked
Palo Alto Networks Unveils New Rugged Firewall for Industrial Environments
Hands on with Windows 11's new leaked File Explorer feature
Hackers steal WhatsApp accounts using call forwarding trick
Webinar — A MythBusting Special: 9 Myths about File-based Threats
Iran-linked APT groups started exploiting Papercut flaw
Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
Hackers attack Israel’s Technion university, demand over $1.7 million in ransom
RCE Flaws Found in Communication Library Used by WhatsApp
Rewards Platform Flaw, Let attackers Steal User’s Personal Information
FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War
New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware
Ransomware that all the script kiddies want to Play with
Stealthy Linux implant BPFdoor compromised organizations globally for years
QNAP warns of new crypto-miner targeting its NAS devices
Latest on OpenSSL 3.0.7 Bug & Security-Fix
PureCrypter Malware Targets Government Entities in Asia-Pacific and North America
Flashpoint Uncovers 100,000+ Hidden Vulnerabilities, Including Zero-Days
Cybersecurity startup Oligo debuts with new application security tech
A new Linux flaw can be chained with other two bugs to gain full root privileges
7 Uses for Generative AI to Enhance Security Operations
APT36 state hackers infect Android devices using YouTube app clones
Resolving Availability vs. Security, a Constant Conflict in IT
Yes, Containers Are Terrific, But Watch the Security Risks
Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!
Been Doing It The Same Way For Years? Think Again.
BlackCat Purveyor Shows Ransomware Operators Have Nine Lives
Hackers Exploiting Critical Citrix NetScaler Zero-day Flaw To Deploy Webshells
Zeus Botnet Suspected Leader Arrested in Geneva
Capita confirms hackers stole data in recent cyberattack
Google Creates Red Team to Test Attacks Against AI Systems
Facebook Bug Causes Users’ Feeds to Be Spammed
Guide: How Service Providers can Deliver vCISO Services at Scale
RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering
ICBC and Allen & Overy Hit By Ransomware
New Botnet Malware 'Horabot' Targets Spanish-Speaking Users in Latin America
CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog
MCCrash botnet targets private Minecraft servers, Microsoft warns
Cybercrime group exploits Windows zero-day in ransomware attacks
'Migraine' Flaw Let Hackers Bypass macOS Security Integrity
Google Fi data breach let hackers carry out SIM swap attacks
Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops
Google Play Protect Bolsters Security Against Malicious Apps
FBI Investigating More than 100 Ransomware Variants
ScrutisWeb ATM Software Vulnerabilities Risked ATMs’ Security
“We must regulate AI,” FTC Chair Khan says
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising
This data platform will help banks share criminal intelligence
Ace Hardware says 1,202 devices were hit during cyberattack
OpenAI board, Altman in talks for return of former CEO
Samsung admits to being hacked: what data has been affected? | Cybernews
Black Basta ransomware made over $100 million from extortion
Russian hackers thwarted in attempt to take out electrical grid, Ukrainians say
McLaren Health Care Hacked: Attackers Claim 6 TB of Patient Data Stolen
Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
Global advertising giant Omnicom suffers 'suspicious' IT incident
2 Apple WebKit zero-day bugs exploited on iPhone browsers
Cyber Av3ngers gang hacks industrial controllers across multiple US states
How Attack Surface Management Preempts Cyberattacks
Lazarus Group Targeting Microsoft Web Servers to Launch Espionage Malware
JumpCloud Hacked - Hackers Breached The Systems Via Spear-Phishing Attack
Tipalti Data Breach Remains Unconfirmed, Hacker Claims Prompts Immediate Investigation
How Threads’ privacy policy compares to Twitter’s (and its rivals’)
LockBit Makes $91m From US Victims in Two Years
Atlassian rolled out fixes for Confluence zero-day actively exploited in the wild
Malicious Macro-Enabled Docs Delivered via Container Files to Bypass Microsoft Protections
Nvidia’s flagship AI chip reportedly 4.5x faster than the previous champ
8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server
Data Distribution Service: Mitigating Risks Part 3
10 Best SIEM Tools for SOC Operations - 2023
Netcraft Raises $100M, Hires New CEO for Global Expansion
Top 10 Best Cyber Attack Simulation Tools - 2023
US govt contractor Serco discloses data breach after MoveIT attacks
Security Affairs newsletter Round 365 by Pierluigi Paganini
Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug
PlugX Malware Hides on Removable USB Devices to Infect Windows Machine
PY#RATION: New Python-based RAT Uses WebSocket for C2 and Data Exfiltration
US files criminal case against US citizen for evading sanctions with cryptocurrency | ZDNet
Identity-based security threats are growing rapidly: report
Firmware bugs in many HPE computer models left unfixed for over a year
Researchers Detail New Malware Campaign Targeting Indian Government Employees
OCR Resolves First HIPAA Phishing Case: Lafourche Medical Group Settles for US$480000
StackRot, a new Linux Kernel privilege escalation vulnerability
CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation
Microsoft: This Mac malware is getting smarter and more dangerous | ZDNet
The 5 best VPN routers of 2023
50 World's Best Penetration Testing Companies - 2023
5 tech gadgets I never leave home without (and they make great gifts)
Malicious CSV text files used to install BazarBackdoor malware
State Actors Drive Record Number of Zero-Day Exploits in 2021
RaaS Groups Forced to Change Tack as Payments Decline
Intel CPUs vulnerable to new transient execution side-channel attack
Free decryptor released for TargetCompany ransomware victims
Security Teams Prep Too Slowly for Cyberattacks
Iran Spear-Phishers Hijack Email Conversations in New Campaign
Pro-Russian disinfo campaign using Israel-Hamas war to stir chaos
SMBs Exposed to Attacks by Critical Vulnerability in DrayTek Vigor Routers
Microsoft to offer extended Windows 10 security updates to businesses, individual users
Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover
Serious Security: Darkweb drugs market Hydra taken offline by German police
Google Launches Gemini, the Most Capable and Largest AI Model
Previously undetected Earth Longzhi APT group is a subgroup of APT41
Inside a ransomware incident: How a single mistake left a door open for attackers | ZDNet
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks
Scattered Spider hackers use old Intel driver to bypass security
Discord is investigating cause of ‘You have been blocked’ errors
EU Adopts New US Data Privacy Agreement
Optus Hack Exposes Data of Nearly 2.1 Million Australian Telecom Customers
Are You Willing to Pay the High Cost of Compromised Credentials?
Chrome 105 Update Patches High-Severity Vulnerabilities
Malicious Spam Campaign Downs npm Registry
How to improve threat detection in ICS environments - CyberScoop
North Texas water utility the latest suspected industrial ransomware target
Researchers Discover Dozens Samples of Information Stealer 'Stealc' in the Wild
#mWISE: Chinese Cyber Power Bigger Than the Rest of the World Combined
New SystemBC Malware Variant Targets South African Power Company
US gov sanctions cryptocurrency mixer Blender also used by North Korea-linked Lazarus APT
Massive Microsoft 365 outage caused by WAN router IP change
LAUSD says Vice Society ransomware gang stole contractors’ SSNs
Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer
Free Decryptor Available for LockerGoga Ransomware Victims
Microsoft WinGet package manager failing from expired SSL certificate
Google Will Start Deleting ‘Inactive’ Accounts in December. Here’s What You Need to Know
VMware addressed a critical bug in Carbon Black App Control
10 Steps to Help Secure Your APIs
Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content
DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii
EvilProxy used in massive cloud account takeover scheme
Wind Turbine Giant Nordex Hit By Cyber-Attack
US govt sanctions North Korea’s Kimsuky hacking group
CISA orders federal agencies to patch actively exploited Windows bug
Invisible Ad Fraud Targets Korean Android Users
Google Cloud launches agentless cryptojacking malware scanner | ZDNet
What is ICMP Protocol ? - How Does ICMP Works - Guide
Chinese Cyberspies Seen Using macOS Variant of 'Gimmick' Malware
Russian ransomware affiliate charged with attacks on critical infrastructure
Menlo turns up the HEAT on web browser attacks with new threat prevention suite
Top 10 Best Data Loss Prevention Software - 2023
Hackers Launching Millions of Attacks to Exploit Critical Realtek SDK Vulnerability
Point Of Sale Device (POS) Penetration Testing - A Practical Guide 2023
Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers
Security Firms Find Over 20 Malicious PyPI Packages Designed for Data Theft
Australia's SkyGuardian drones shot down by spicy cybers
How China gets free intel on tech companies’ vulnerabilities
Attackers use SVG files to smuggle QBot malware onto Windows systems
Adlumin Snags $70M to Boost Security for Mid-Market Firms
Academics Devise Cyber Intrusion Detection System for Unmanned Robots
Experts believe North Korea behind JumpCloud supply chain attack
CISA orders federal agencies to patch Looney Tunables Linux bug
Chrome 120 Patches 10 Vulnerabilities
Was Steve Jobs right about this?
New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems
IsaacWiper, the third wiper spotted since the beginning of the Russian invasion
New ransomware strains linked to North Korean govt hackers
P2PInfect, a Rusty P2P worm targets Redis Servers on Linux and Windows systems
Forgepoint Capital Places $20M Series A Bet on Converge Insurance
Swatters used Ring cameras to livestream attacks, taunt police, prosecutors say
MMRat Android Trojan Executes Remote Financial Fraud Through Accessibility Feature
Unraveling Real-Life Attack Paths – Key Lessons Learned
Microsoft Patch Tuesday security updates fixed 3 actively exploited flaws
How fame-seeking teenagers hacked some of the world’s biggest targets
TeaBot malware slips back into Google Play Store to target US users
FBI warns of increasing use of AI-generated deepfakes in sextortion schemes
The Prolificacy of LockBit Ransomware
cURL, the omnipresent data tool, is getting a 25th birthday party this month
Security Affairs newsletter Round 397
Remote Code Execution Vulnerabilities Found in F5 Products
Windows 11 KB5022303 and KB5022287 cumulative updates released
Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server
Marina Bay Sands discloses data breach impacting 665,000 customers
ScanSource says ransomware attack behind multi-day outages
Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks
North Korean APTs Stole ~$400M in Crypto in 2021
Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own
Scam Job Offers Target Uni Students
Hacker Groups Adding New Double DLL Sideloading Technique to Evade Detection
Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users
Singapore busts network hawking contraband e-vaporisers via Telegram | ZDNet
Long-awaited curl vulnerability flops
GCHQ shrinks amid recruitment and retention challenges
QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit
FBI improperly used warrantless search powers on US senator, others
Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector
D.C. Board of Elections confirms voter data stolen in site hack
Log4j: Mirai botnet found targeting ZyXEL networking devices | ZDNet
Log4j flaw: 10 questions you need to be asking | ZDNet
Claimants in Celsius crypto bankruptcy targeted in phishing attack
UK won the Military Cyberwarfare exercise Defence Cyber Marvel 2 (DCM2)
FBI: Hackers Are Extorting Plastic Surgery Providers, Patients
Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach
Google-hosted malvertising leads to fake Keepass site that looks genuine
US, Japan and South Korea Unite to Counter North Korean Cyber Activiti
FBI: Crippling 'Dual Ransomware Attacks' on the Rise
Russian National Sanctioned For Virtual Currency Money Laundering
Dissolving circuit boards in water sounds better than shredding and burning
Dutch Used Pegasus Spyware on Most-Wanted Criminal: Report
India to require cybersecurity incident reporting within six hours
WhatsApp boosts defense against account takeover via malware
Red Cross Releases Wartime Hacktivist Rules
Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger
Community Health Systems data breach caused by GoAnywhere MFT hack
Are you looking forward to the new age of mobile app insecurity?
"It's The Service Accounts, Stupid": Why Do PAM Deployments Take (almost) Forever To Complete
Log4j vulnerability now used to install Dridex banking malware
VMware warns of critical remote code execution bug in Workspace ONE Access | ZDNet
Hackers target Asian casinos in lengthy cyberespionage campaign
Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks
Microsoft announces AI-powered Bing search and Edge browser
Global Spyware Attacks Spotted Against Both New & Old iPhones
Decoding Turla: Trend Micro's MITRE Performance
Train at your own pace to become an expert ethical hacker for only $43 | ZDNet
Microsoft extends security log retention following State Department hacks
October Windows Server updates cause Hyper-V VM boot issues
Security chiefs fear ‘CISO scapegoating’ following Uber-Sullivan verdict
CISA, NSA Publish Guidance on IAM Challenges for Developers, Vendors
Microsoft experts linked the Raspberry Robin malware to Evil Corp operation
A Key US Government Surveillance Tool Should Face New Limits, a Divided Privacy Oversight Board Says
GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
How to Manage Your Attack Surface?
“Alarming” Surge in Conti Group Activity This Year
Treasury Blacklists Eight Chinese Tech Firms for their Role in Uyghur Surveillance
EU ‘gig worker’ rules look to rein in algorithmic management
Cyberattack Defaces Israeli-Made Equipment at US Water Agency, Brewing Firm
New Magecart Campaign Alters 404 Error Pages to Steal Shoppers' Credit Cards
Starlink is getting a lot slower as more people use it, speed tests show
Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack
Microsoft Warns of Election Threats in 2024
815 Million Indians' Aadhaar Data Exposed on the Dark Web
QNAP force-installs update after DeadBolt ransomware hits 3,600 devices
Cloud giants sound alarm on record-breaking DDoS attacks
iRecorder Android App Targeted Its Users With AhRAT Malware
ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers
SMBs Fear Security Budget Cuts as Inflation Bites
CISA warns govt agencies to secure iPhones against spyware attacks
Top Ukrainian cyber official praises volunteer hacks on Russian targets, offers updates
Details Released for Recently Patched new macOS Archive Utility Vulnerability
Nova Scotia says all victims of MOVEit breach have been notified
GitHub outage impacts Actions, Codespaces, Issues, Pull Requests
Why Do You Need a Cloud-native Web Application Firewall (WAF)?
Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition
Darktrace/Email upgrade enhances generative AI email attack defense
Former Ubiquiti dev pleads guilty to trying to extort his employer
Raspberry Robin malware used in attacks against Telecom and Governments
UK Banks Warn Quantum Will Imperil Entire Payment System
CISA's catalog of must-patch vulnerabilities crosses the 1,000 bug mark after 2 years
Ofcom Latest MOVEit Victim as Exploit Code Released
Nissan Is Investigating Cyberattack; Potential Personal Data Breach
Crooks leverage Google quiz messages as part of bitcoin scam
MacTel warns critical infrastructure reforms create gaps in government data protection | ZDNet
Samsung discloses a second data breach this year
Serious Security: The Samba logon bug caused by outdated crypto
US Smashes Annual Data Breach Record With Three Months Left
Russian national charged in sweeping influence operation to disrupt U.S. elections, sow discord
Russian hackers use WinRAR to wipe Ukraine state agency’s data
GitHub Announces Free Secret Scanning, Mandatory 2FA
Ukraine Asks for Hackers’ Help
Security at the core of Intel’s new vPro platform
Quantum Ransomware
NetRise releases Trace solution with AI-powered semantic search aimed at protecting firmware
Security Patch for Two New Flaws in Curl Library Arriving on October 11
Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto
How to Keep Your Business Running in a Contested Environment
Cloned CapCut websites push information stealing malware
Android Devices With Backdoored Firmware Found in US Schools
Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack
US govt offers $10 million bounty for info linking Clop ransomware gang to a foreign government.
Gh0stCringe RAT Attacks Vulnerable Microsoft SQL & MySQL Servers
Russian APT group Winter Vivern targets emails portals of NATO and diplomats
Hands on with Windows 11's new modern File Explorer
Okta Post-Exploitation Method Exposes User Passwords
SharkBot Malware Resurfaces on Google Play to Steal Users' Credentials
Exim SMTP Service Zero-day Flaw Let Attackers Execute Remote Code
In a world of deepfakes, this billion-dollar startup wants you to trust AI-powered ID checks | ZDNet
Russia Leaks Data From a Thousand Cuts–Podcast
Shlayer and Bundlore MacOS Malware Strains – How Uptycs EDR Detection Can Help
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments
Beware of Fake Google Chrome Update that Installs Malware
Cisco warns of attempted exploitation of zero-day in VPN software
Cyber-Attack Could Have “Devastating” Impact on Aussie Exports
Hackers Steal Over 50,000 Payment Card Records Using E-Skimmer
Microsoft SharePoint Server Vulnerabilities Chained to Achieve Remote Code Execution
Researcher found US ‘No Fly List’ on an unsecured server
Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking
Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
Top 6 Cyber Incident Response Plans - 2024
VSCode Marketplace can be abused to host malicious extensions
Multiple Document Management XSS Flaw Let Attackers Access Sensitive Documents
OpenSSL issues a bugfix for the previous bugfix
CISA warns of hackers exploiting PwnKit Linux vulnerability
YourCyanide: A CMD-based Ransomware With Multiple Layers of Obfuscation
Scammers pose as Alexei Navalny to extort money | CyberNews
QuickBlox Framework Security Flaws Exposes Millions of Users Sensitive Data
Window Snyder's Start-up Launches Security Platform for IoT Device Makers
Top Information Security Threats for Businesses 2023
Microsoft fixes Acropalypse privacy bug in Windows 11 Snipping Tool
FBI director expects onslaught of digital assaults targeting midterm elections
Apple fixed two new zero-day flaws exploited by threat actors
Apple issues emergency patch to address alleged spyware vulnerability
CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems
Security Affairs newsletter Round 376 by Pierluigi Paganini
Okta launches Cybersecurity Workforce Development Initiative
MGM ransomware attack costs $100 million, in busy month for breaches
CISA, FBI warn US orgs of WhisperGate and HermeticWiper malware | ZDNet
Konni APT Exploits WinRAR Vulnerability To Attack Financial & Crypto Industries
US govt sanctioned North Korea-linked APT Kimsuky
Clorox warns of product shortages a month after disclosing cyberattack
Israel allows police to use Pegasus spyware to probe killings of Palestinian citizens
Critical Flaws in Popular ICS Platform Can Trigger RCE
Apple Emergency Update for New Zero-Day Used to Hack iPhones
DHS creates Cyber Safety Review Board to review significant cybersecurity incidents
Adobe Co-Founder And The Innovator Of PDF Files Passes At 82
Threat Report: The High Tech Industry Targeted the Most with 46% of NLX-Tagged Attack Traffic
Risks of Sharing Sensitive Corporate data into ChatGPT
Kansas courts confirm data theft, ransom demand after cyberattack
GitHub passkeys generally available for passwordless sign-ins
California Law Restricting Companies' Use of Information From Kids Online Is Halted by Federal Judge
Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack
Multi-Ransomwared Victims Have It Coming–Podcast
U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability
Google Chrome 120 Released with Patch for 10 Critical Security Flaws
Akira ransomware compromised at least 63 victims since March, report says
Windows Server Running SMB over QUIC Let Attacker Launch DoS Attacks
Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days
Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug
Fake Bitwarden sites push new ZenRAT password-stealing malware
S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]
Skyhawk Security ranks accuracy of LLM cyberthreat predictions
AI vs. Hollywood: Writers battle “plagiarism machines” in union talks
Russian ransomware group claims attack on Bulgarian refugee agency
Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition
History of cybersecurity giants and predictions for the future - Cyber Security News
Spanish police arrest 34 alleged cybercriminals for scamming operation
Windows 11's new ‘Never Combine’ icons feature is almost usable
Signal Messenger Introduces PQXDH Quantum-Resistant Encryption
Veza releases new IGA solution to enhance identity security
Researchers disclosed a remote code execution flaw in Fastjson Library
Lolek Bulletproof Hosting Servers Seized, 5 Key Operators Arrested
CISA warns admins to patch actively exploited Spring, Zyxel bugs
NTC Vulkan leak shows evolving Russian cyberwar capabilities
Fraudsters make $50,000 a day by spoofing crypto researchers
Experts found a vulnerability in AWS AppSync
AI Helps Uncover Russian State-Sponsored Disinformation in Hungary
Globant confirms reports of breach after Lapsus$ shares 70GB of stolen files
Windows 10 KB5015878 update released with gaming fixes
Cisco Devices Hacked via IOS XE Zero-Day Vulnerability
Kimsuky APT Hackers Dropping Malware Via Weaponized CHM (MS Compiled HTML) Files
Malware now using NVIDIA's stolen code signing certificates
FBI warns of Ukrainian charities impersonated to steal donations
Google assigns new maximum rated CVE to libwebp bug exploited in attacks
Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents
Microsoft Teams now boasts 30% faster chat, channel switches
ShinyHunters member pleads guilty to $6 million in data theft damages
National Cyber Director unveils ‘roadmap’ for cyber strategy goals
North Korea's Lazarus Targets Energy Firms With Three RATs
Top Dutch cyber official Hans de Vries on cyber defense in times of war
New LLM-based SOC tool to help automate security response
Pernicious Rootkits Pose Growing Blight On Threat Landscape
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies
China Issues Ban on US Chipmaker Products
New Hunters International ransomware possible rebrand of Hive
Microsoft disrupts Bohrium hackers’ spear-phishing operation
Generative AI phishing fears realized as model develops “highly convincing” emails in 5 minutes
ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic
Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant
How Telegram found itself in the middle of the war between Russia and Ukraine
‘Tropic Trooper’ Reemerges to Target Transportation Outfits
US says Russian state hackers breached cleared defense contractors
Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws
Researchers Find Malicious npm Packages Targeting Sensitive Data
UNC3524 APT uses IP cameras to deploy backdoors and target Exchange
Pegasus is listening: Q&A with Paul Rusesabagina’s daughter Carine Kanimba
Microsoft Edge, Teams get fixes for zero-days in open-source libraries
New DuckLogs malware service claims having thousands of ‘customers’
Five Eyes intelligence chiefs warn of ‘sharp rise’ in commercial espionage
More than 16 million people and counting have had data exposed in MOVEit breaches
Authorities Seized RagnarLocker Ransomware Dark Web Site
TransUnion Denies Breach After Hacker Publishes Allegedly Stolen Data
Is 3rd Party App Access the New Executable File?
Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K
UK Parliament Opens Inquiry into Cyber-Resilience
House Intel Chairman vows to put 'greater emphasis' on fighting spyware
Hackers use open source Merlin post-exploitation toolkit in attacks
US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits
A stored XSS flaw in RainLoop allows stealing users’ emails
UK explains likelihood of catastrophic cyberattacks — and its response plans
Ragnar Locker ransomware’s dark web extortion sites seized by police
Webinar: Locking Down Financial and Accounting Data — Best Data Security Strategies
Charming Kiten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E.
Atos Unify Vulnerabilities Let Attacker Execute Remote Code
New APT Group Using Custom Malware to Attack Manufacturing & IT Industries
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks
Xiaomi Phones Found Vulnerable to Payment Forgery
US Government Unveils First AI Roadmap For Cybersecurity
Genetics firm 23andMe says user data stolen in credential stuffing attack
Windows 11 Moment 3 released with KB5026446 update, how to enable
Dallas says Royal ransomware breached its network using stolen account
What Developers Need to Fight the Battle Against Common Vulnerabilities
Around 19,500 end-of-life Cisco routers are exposed to hack
Bugcrowd's top bug bounty reward increases to $1 million | ZDNet
New critical Citrix ADC and Gateway flaw exploited as zero-days
Windows 11 KB5030310 preview update released with 26 fixes
Digital Experience Monitoring: More Important Than Ever
Sony confirms data breach impacting thousands in the U.S.
SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data
Serpent backdoor targets French entities with high-evasive attack chain
Stealthy, Thieving Python Packages Slither Onto Windows Systems
Mullvad VPN Launches "Leta" Search Engine Sans Invasive Online Trackers
This unpatched DNS bug could put 'well-known' IoT devices at risk | ZDNet
Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code
Cloudflare Dashboard and APIs down after data center power outage
AWS Will Begin Charging for the Use of Public IPv4 Addresses
'Secrets Sprawl' Haunts Software Supply Chain Security
Police arrest suspect linked to notorius OPERA1ER cybercrime gang
Cyber incident reports hit ‘all-time high,’ warns UK NCSC
LightSpy iPhone Spyware Linked to Chinese APT41 Group
Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
Effective, fast, and unrecoverable: Wiper malware is popping up everywhere
Highly Sophisticated Dolphin Malware Steals Sensitive Files and Store Them on Google Drive
UK competition watchdog launches review of AI market
China’s Wuhan Earthquake Center Suffers Cyber-Attack
New Threat Actor WIP26 Targeting Telecom Service Providers in the Middle East
Car Dealership Hit by Major Ransomware Attack
New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers
Juneteenth beyond a day off: How to celebrate year-round
Liability Fears Damaging CISO Role, Says Former Uber CISO
Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents
Bank of England Will Review the Risks That AI Poses to UK Financial Stability
78% of CISOs Concerned About AppSec Manageability
Green Card Lottery agency exposes applicants’ data
Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks
Apple check signed by Steve Jobs in 1976 up for auction
Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability
Australian Telecoms Firm Optus Discloses Breach Impacting Customer Data
Can these researchers help defend satellite systems targeted by hackers?
CISA warns admins to patch actively exploited VMware, Zyxel bugs
Hacker Claims to Have Breached Many Uber Systems
Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure
UK and US expose Russia Callisto Group's activity and sanction members
Cyber-Attacks More Likely Than Fire or Theft
UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador
Canada Government Admits Data Breach Impacting Public Employees
Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability
Kansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’
185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone
MGM Resorts warns customers of fraud as it faces class action lawsuits
House committee approves bill that would renew Section 702 surveillance
Russia Backed Star Blizzard’s Infiltration Attempts in UK Elections Laid Bare
Russia-Ukraine: Threat of Local Cyber Operations Escalating Into Global Cyberwar
Microsoft investigating claims of hacked source code repositories
Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
Home
Blog
Dashboard
Feeds
Articles
Search
Overview
Topics
Assistant
Login
Home
Blog
Dashboard
Feeds
Articles
Search
Overview
Topics
Assistant
Login
Lazarus Group Malware Targets Legitimate Software
Zero-Day WhatsApp Hacking Vulnerabilities Worth Millions
Windows 11 22H2 breaks provisioning with 0x800700b7 errors
Hackers spent 2+ years looting secrets of chipmaker NXP before being detected
SonicWall: Y2K22 bug hits Email Security, firewall products
Signal Pours Cold Water on Zero-Day Exploit Rumors
Researchers Find New Android Spyware Campaign Targeting Uyghur Community
Attackers Exploiting Critical F5 BIG-IP Vulnerability
Microsoft releases out-of-band update to fix Kerberos auth issues caused by a patch for CVE-2022-37966
Pirated Software Likely Cause of Airbus Breach
What is Contact Key Verification and how is it used?
Newly found Lightning Framework offers a plethora of Linux hacking capabilities
Microsoft Names Russian Threat Actor
Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions
LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender
Automotive supplier breached by 3 ransomware gangs in 2 weeks
Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day
Kali Linux 2022.2 released with 10 new tools, WSL improvements, and more
How to password-protect a file in Apple Pages (and when you might want to)
Chinese Cyberspies Targeted Japanese Political Entities Ahead of Elections
A big bet to kill the password for good
Bah scumbugs, “Scrooge4lyf” is back… -
FCC bans imports of telecom gear from China-based companies
Iran-linked APT42 is behind over 30 espionage attacks
Microsoft Teams, Windows 11 hacked on first day of Pwn2Own
Ransomware Attack Hits US Marshals Service
APT35 Develops Mac Bespoke Malware
10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack
Governments intentionally shut down internet 182 times across 34 countries in 2021: report
Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts
Keralty ransomware attack impacts Colombia's health care system
Fake PoC with data-stealing malware discovered on GitHub
Cyber Mercenary Group Void Balaur Continues Hack-For-Hire Campaigns
EU governments accused of using spyware ‘to cover up corruption and criminal activity’
Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws
Cyber authorities have a plan to defend remote monitoring tools
Most cloud moves found rushed as adopters underrate associated risks: Report
Suspected China-linked hackers target Guyana government with new backdoor
Telegram ‘hosting crooks who spoof Microsoft’ | Cybernews
Apple 'Find My' network can be abused to steal keylogged passwords
105 million Android users targeted by subscription fraud campaign
Windows 11 KB5031354 cumulative update released with new features
Malicious app in the Play Store spotted distributing <a href=
VMware warns of critical vulnerabilities in multiple products
Citrix and NSA urge admins to fix actively exploited zero-day in Citrix ADC and Gateway
Cyber Skills Gap Reaches 4 Million, Layoffs Hit Security Teams
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
Record Numbers of Ransomware Victims Named on Leak Sites
Boeing systems hit in reported Lockbit cyberattack
Convincing Twitter 'quote tweet' phone scam targets bank customers
Cisco to Acquire Splunk for $28 Billion
FBI warns that BEC attacks now also target food shipments
US Government Ordered to Urgently Patch Apple Zero-Day Bugs
Web3 Platform Mixin Network Hit by $200m Crypto Hack
EvilProxy Attacking Microsoft 365 Users Abusing Open Redirection With Indeed.com
Dollar Tree hit by third-party data breach impacting 2 million customers
Supershell - Open-Source Botnet That Obtain SSH Shell Access
Atlassian Confluence Hit by Newly Actively Exploited Zero-Day – Patch Now
MikuBot - Steals Sensitive Data and Launches Hidden VNC Sessions
Crooks are increasingly targeting DeFi platforms to steal cryptocurrency
New critical AI vulnerabilities in TorchServe put thousands of AI models at risk
Mirai-based botnet updates ‘arsenal of exploits’ on routers, IoT devices
Cisco routers abused by China-linked hackers against US, Japan companies
Wireshark 4.0.10 Released: What’s New!
Windows 11 21H2 and Windows Server 2012 reach end of support
Google leaking 2FA secrets – researchers advise against new “account sync” feature for now
Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters
Windows 11 23H2 now rolling out to Release Preview Insiders
Palo Alto Networks to acquire Israeli enterprise browser security firm Talon
Password-stealing and keylogging malware is being spread through fake downloads | ZDNet
The US confirms seizing RaidForums website, its owner - arrested | CyberNews
Microsoft Zero-Days, Wormable Bugs Spark Concern
Researchers find bugs allowing access, remote control of cars
Rackspace says ransomware disrupted its Hosted Exchange business
These ten hacking groups have been targeting critical infrastructure and energy | ZDNet
Cyber espionage campaign targets Asian countries since 2021
Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs
Google ads push malicious CPU-Z app from fake Windows news site
Multiple Critical Adobe Security Flaws Let Attacker to Execute Arbitrary Code
Apple iPhone factory workers clash with police in China
Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine
MGM still responding to wide-ranging cyberattack as rumors run rampant
Canada Cops Arrests Teen Cyber-Attack Suspect
China accuses U.S. of hacking earthquake monitoring equipment
Meta blocks Russian state-media accounts in Ukraine
Russia, Ukraine and the Danger of a Global Cyberwar
Anonymous takes down Iranian government websites amid protests following death of Mahsa Amini
Microsoft, American Express most spoofed brands in financial services phishing emails
The Truth About False Positives in Security
Meet Ghostwriter, a haunted AI-powered typewriter that talks to you
The top security and tech conferences to attend in 2023
Hackers steal data of 45,000 New York City students in MOVEit breach
Prolific ransomware gang takes credit for Seiko data breach
Exploit released for MOVEit RCE bug used in data theft attacks
Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million
Wave of MageCart attacks target hundreds of outdated Magento sites
The Week in Ransomware - June 16th 2023 - Wave of Extortion
Report: Air-Gapped Networks Vulnerable to DNS Attacks
Austria investigates DSIRF firm for allegedly developing Subzero spyware
Malicious QR Codes Used in Phishing Attack Targeting US Energy Company
Hackers Change Tactics for New Post-Macro Era
Top 5 Security Vulnerabilities of 2023: Apache and OpenSSH Are The Most Vulnerable
US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications
Pennsylvania water facility hit by Iran-linked hackers
Russia-Based Hackers FIN11 Impersonate Zoom to Conduct Phishing Campaigns
Germany Shuts Down Darknet Platform Specializing in Drugs
New AeroBlade hackers target aerospace sector in the U.S.
Phishers Use Blank Images to Disguise Malicious Attachments
Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability
Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild
Conti Ransomware Gang's Internal Chats Leaked Online After Siding With Russia
Google Patches Seventh Chrome Zero-Day of 2023
New Research reveals 187% Increase in Sophisticated Attacks Against Mobile Devices
Half of Cyber-Attacks Go Unreported
T-Mobile says it blocked 21 billion scam calls this year
California city warns of data breach after ransomware attack claims
Kansas Court Hack: Attackers Stole Sensitive Data From Systems
Chinese PostalFurious Gang Strikes UAE Users with Sneaky SMS Phishing Scheme
Ivanti Patches Zero-Day Bug Used in Norway Attacks
Australian Police Make First Arrest in Optus Hack Probe
Adware cleaner apps promoted on Facebook sneaked into the Play Store
Escanor Malware delivered in Weaponized Microsoft Office Documents
Cyber Extortionists Seek Out Fresh Victims in LatAm and Asia
The role of automation in done-for-you email marketing campaigns
95% of OpenAI employees have threatened to quit in standoff with board
Europol Announces Operation to Hit Russian Sanctions-Evaders
Top 6 e-signature software tools
AuKill Malware Actively Used To Disable EDR In Ongoing Attacks
Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now
Google: To stop phishing and malware we're changing our comment notifications | ZDNet
CISA orders govt agencies to patch MOVEit bug used for data theft
Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware
DHS to host Latin American cyber summit as region faces an onslaught of digital attacks
Hackers Exploit Critical Remote Code Execution in VMware
Qualcomm Sys Hackers Actively Exploit 3 new Zero-Days - Patch Now
Health care IT workers report increased cyberattacks affecting patient care
Two-Thirds of European Firms Have Started Zero Trust
11 Best Cloud Access Security Broker Software (CASB) - 2023
Qakbot malware’s creators ride again, despite FBI takedown
Sony Confirms Data Stolen in Two Recent Hacker Attacks
Hackers use in-house Zoho ServiceDesk exploit to drop webshells
F5 expands security portfolio with App Infrastructure Protection
Cynomi Study Reveals Number of MSPs Providing Virtual CISO Services Will Grow Fivefold By Next Year
Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach
Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware
[eBook] A Step-by-Step Guide to Cyber Risk Assessment
UK’s Top 10 Universities Failing on DMARC
New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity
New APT34 Malware Targets The Middle East
Hackers drain bitcoin ATMs of $1.5 million by exploiting 0-day bug
Russian National Arrested in Canada Over LockBit Ransomware Attacks
Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions
FTC Looking at Rules to Corral Tech Firms' Data Collection
SGX, Intel’s supposedly impregnable data fortress, has been breached yet again
Pakistan-Origin SideCopy Linked to New Cyberattack on India's Ministry of Defence
Cyberpion rebrands as Ionix, offering new EASM visibility improvements
GitHub launches new 2FA mandates for code developers, contributors | ZDNet
Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO
US and UK expose new Russian malware targeting network devices
Iranian APT Targets US With Drokbk Spyware via GitHub
Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards
It's past time you started using a password manager (whether you like it or not) | ZDNet
SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs
Exfiltrator-22 Post-Exploitation Toolkit Nips At Cobalt Strike's Heels
Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus
Email is our greatest productivity tool. That's why phishing is so dangerous to everyone
Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
Cyberattack Causes Chaos in Costa Rica Government Systems
A New Security Category Addresses Web-borne Threats
How to boost Security with Self-Service Password Resets
NCSC Publishes New Guidance on Shadow IT
CISA adds two Zabbix flaws to its Known Exploited Vulnerabilities Catalog
QNAP warns customers to patch Linux Sudo flaw in NAS devices
Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies
What enterprise leaders can divine from software bills of materials
How to check if your VPN is working (and what to do if your VPN won't connect)
Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks
Privacy regulators tell social media companies to fear the scrapers
How to Apply MITRE ATT&CK to Your Organization
U.S., allies provide 'comprehensive' overview of Russia cyber threats
MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows
Fearing “loss of control,” AI critics call for 6-month pause in AI development
Best Web Security Scanners For Vulnerability Scanning - 2023
Report: New ransomware gang emerges in Vietnam
ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution
ChatGPT Browser Extension Hijacks Facebook Business Accounts
LogoFAIL - Critical UEFI Vulnerabilities Exposes Devices to Stealthy Malware Attack
Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes
Watch Out For This AnyDesk Phishing Campaign That Delivers Vidar Info Stealer
This new ransomware has simple but very clever tricks to evade PC defenses | ZDNet
Hawai'i's Gemini North observatory suspends operations following cyberattack
Robin Banks phishing-as-a-service platform continues to evolve
Hackers Behind Cuba Ransomware Attacks Using New RAT Malware
City of Philadelphia Releases Cyber-Breach Notice
Ukrainian gov't sites, banks disrupted by DDoS amid invasion fears | ZDNet
Kinsing Cyberattackers Debut 'Looney Tunables' Cloud Exploits
Extradited Russian Hacker Behind 'NLBrute' Malware Pleads Guilty
Make API Management Less Scary for Your Organization
GitHub explains the cause behind the past week's outages
OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers
Splunk RCE Vulnerability Let Attackers Upload Malicious File
It's a Zero-day? It's Malware? No! It's Username and Password
Twitter Hacker Sentenced: A look into the 2020 Twitter Crypto Scam
MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel
Spy Trojan SpyNote Unveiled in Attacks on Gamers
3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say
Cisco Emergency Responder Vulnerability Let Remote Attacker Login as Root User
iOS 12 Update for Older iPhones Patches Exploited Vulnerability
Minneapolis school district says data breach affected more than 100,000 people
59.4 million compromised payment card records posted for sale on dark web in 2022: report
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
CISA Warns Against Royal Ransomware in New Advisory
Adobe Patched Critical ColdFusion Zero-Day Flaw Under Attack
Study: 84% of Companies Use Breached SaaS Applications - Here's How to Fix it for Free!
Cyberattack hits Mr. Cooper, blocks millions of mortgage payments
Twilio hackers hit over 130 orgs in massive Okta phishing attack
Apple Patched Two iOS Zero-Day Flaws Exploited In BLASTPASS
CISA Flags 8 Actively Exploited Flaws in Samsung and D-Link Devices
CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required
US car dealer admits data breach
‘Malsmoke’ Exploits Microsoft’s E-Signature Verification
Limited data sets a hurdle as China plays catch-up to ChatGPT
Cybersecurity agencies reveal top exploited vulnerabilities of 2021
Finnish intelligence warns of Russia’s cyberespionage activities
LockBit Ransomware Now Targeting Apple macOS Devices
Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update
Forgepoint Capital Places $15M Series A Bet on Converge Insurance
SpaceX’s 2nd-generation Starlink satellites start launching as soon as today
Cheerscrypt ransomware linked to a Chinese hacking group
NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders
Federal prosecutors going after alleged Russian hacker mistakenly turn over unrelated case documents, lawyer says
Receipt for €8M iOS Zero-Day Sale Pops Up on Dark Web
US cryptocurrency coder gets 5 years for North Korea sanctions busting
Torrent of image-based phishing emails are harder to detect and more convincing
CISA launches new phase of Secure by Design to push global industry on software security
State-Backed APT Group Activity Continuing Apace
Biden-Harris Administration Unveils Smart Device Cyber Program
Q&A: At MIT event, Tom Siebel sees ‘terrifying’ consequences from using AI
CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
Man Gets Four Years for Stealing Bitcoin Seized by Feds
Hospital hallway robots get patches for potentially serious bugs
Over 1,300 fake AnyDesk sites push Vidar info-stealing malware
Cyble Raises $24 Million for AI-Powered Threat Intelligence Platform
C-suite leaders to boost cybersecurity compliance amid SEC disclosure rule: Deloitte
43 Android apps in Google Play with 2.5M installs loaded ads when a phone screen was off
Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own
Cybersecurity experts say the west has failed to learn lessons from Ukraine
Metabase Critical Flaw Permit Attackers to Act as Servers - Critical Update
Minecraft rushes out patch for critical Log4j vulnerability
Purple Fox rootkit discovered in malicious Telegram installers | ZDNet
Windows, hardware, Xbox sales are dim spots in a solid Microsoft earnings report
Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
New Rilide Malware Attacking Enterprise Employees to Steal Credentials
Rockwell Automation Warns Customers of Cisco Zero-Day Affecting Stratix Switches
Sandbox blockchain game breached to send emails linking to malware
Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023
Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!
Red Cross Publishes Rules of Engagement for Hacktivists During War
Mitigate the LastPass Attack Surface in Your Environment with this Free Tool
Hackers accessed 16 years of Colorado public school student data in June ransomware attack
US offers $10 million for Russian military hackers behind NotPetya attacks | CyberNews
SSL Stats: Why is an SSL Certificate So Important for Your Website?
New Zerobot Malware Exploiting Apache Vulnerabilities to Launch DDoS Attack
DXC Technology says global network is not compromised following Latitude Financial breach
Apple patches zero-day holes – even in the brand new iOS 16
New data illustrates time’s effect on hard drive failure rates
Apple Zero-Day Flaws Exploited For Predator Spyware Attacks
Cybersecurity firm executive pleads guilty to hacking hospitals
UK government announces crackdown on cryptocurrency adverts | ZDNet
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon
China-linked cyberspies backdoor semiconductor firms with Cobalt Strike
Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
Holiday Cybersecurity Staffing Levels a Difficult Balancing Act for Companies
Where from, Where to — The Evolution of Network Security
Manchester Police Officers’ Data Breached in Third-Party Attack
Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines
Lawmakers Risk Cyberattacks, Physical Harm After DC Health Link Breach
Vietnamese-Origin Ransomware Operation Mimics WannaCry Traits
New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products
Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams
New York proposes ‘nation-leading’ hospital cybersecurity regulations
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack
DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks
Cybersecurity agencies published a joint LockBit ransomware advisory
Intel Sued Over 'Downfall' CPU Vulnerability
55 zero-day flaws exploited last year show the importance of security risk management
MS-SQL servers hacked to steal bandwidth with proxyware
CISA: Prepare now for quantum computers, not when hackers use them
Ukraine: Volunteer IT Army is going to hit tens of Russian targets from this list
Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud
The sign-in menu is the latest frontier for Microsoft ads in Windows 11
Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates
Stark#Mule Malware Campaign Targets Koreans, Uses US Army Documents
AWS: Security Not a Priority For a Third of SMBs
Hackers Steal Over $600M in Major Crypto Heist
EvilExtractor malware activity spikes in Europe and the U.S.
Fortinet urges to patch a critical RCE flaw in Fortigate firewalls
#CRESTCon: White House Shifts US Cybersecurity Strategy Towards International Cooperation
Now this password-stealing Android malware wants to grab your bank details too
Google fixed the second actively exploited Chrome zero-day of 2023
Royal Ransomware Threat Takes Aim at U.S. Healthcare System
ESET APT Report: Attacks by China-, North Korea-, and Iran-aligned Threat Actors; Russia Eyes Ukraine and the EU
VMware fixes critical vulnerabilities in vRealize network analytics tool
Stealthy 'SockDetour' Backdoor Used in Attacks on U.S. Defense Contractors
Cyberattack on North Carolina county allowed hackers to access data
Cybersecurity M&A Roundup: 23 Deals Announced in June 2023
Email marketing firm hacked to steal crypto-focused mailing lists
14 odd and interesting gift ideas for hackers in 2022
New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network
Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure
Russian APT Primitive Bear attacks Western gov't department in Ukraine through job hunt | ZDNet
Hackers use new, fake crypto app to breach networks, steal cryptocurrency
Beyond Trump, Twitter welcomes back purveyors of far-right disinformation
Microsoft Fixed A Windows 0-Day Along With 96 Other Vulnerabilities
Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability
Crypto exchange Bitzlato founder arrested for allegedly serving crooks
Law enforcement seizes $9M in crypto stolen during romance scams
MGM Resorts says ransomware attack cost $100 million, data stolen
Zyxel Customers Urged to Patch Exploited Bug
PyPI open-source code repository deals with manic malware maelstrom
Bandit Malware Attacks 17 Browsers, FTP & Email Clients to Steal Credentials
The Week in Ransomware - May 5th 2023 - Targeting the public sector
BlackCat (ALPHV) ransomware linked to BlackMatter, DarkSide gangs
Google is phasing out ad personalization for some AdSense products
Man linked to multi-million dollar ransomware attacks gets 66 months in prison for online fraud | ZDNet
VMware SD-WAN Vulnerability Let Attacker Bypass Authentication
CISA targets software identification in push to boost supply chain security
Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity
Hackers target hotel and travel companies with fake reservations
Linux version of AvosLocker ransomware targets VMware ESXi servers
RedLine Malware Steals Sensitive Data and Installs More Malware
CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild
SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack
Securing Your Move to the Hybrid Cloud
DangerousPassword Attacks Targeting Windows, macOS, and Linux Software Developers
Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code
Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library
Apple backports BLASTPASS zero-day fixes to older iPhones
Skyhawk adds ChatGPT functions to enhance cloud threat detection, incident discovery
Initial Access Broker Market Booms, Posing Growing Threat to Enterprises
Old Roblox Data Leak Resurfaces, 4000 Users' Personal Information Exposed
Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap
Germany’s national bar association investigating ransomware attack
New OS Tool Tells You Who Has Access to What Data
Cloud Security Alerts Take Six Days to Resolve
Ukraine says it thwarted attempt to breach military tablets
Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug
BIND DNS Software High-Severity Flaws Let Hackers Remotely Trigger DoS Attack
How to export your Bitwarden vault for safekeeping
Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol
Stop vaping: Major e-cigarette store hacked to steal credit cards
4 Zero-Day Bug in Microsoft Exchange Let Attackers Execute Arbitrary Code
China's Offensive Cyber Operations in Africa Support Soft Power Efforts
FTC Accuses Data Broker of Selling Sensitive Location Data
Sandworm APT targets Ukraine with new SwiftSlicer wiper
Okta Source Code Stolen by Hackers
Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks
Tired of shortages, OpenAI considers making its own AI chips
‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History
Quantifying ROI in Cybersecurity Spend
Cloudflare thwarts ‘sophisticated’ phishing attack strategy that bruised Twilio
Russia Coordinating Cyberattacks With Military Strikes in Ukraine: Microsoft
Companies urged to patch critical vulnerability in Fortinet FortiNAC
Microsoft Patches Three Zero-Day Bugs This Month
Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware
Google Chrome Urgent Security Update to Patch Zero-Day Flaw
StripedFly malware framework infects 1 million Windows, Linux hosts
Ardent Health Ransomware Attack: Multiple Hospitals Affected
New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines
Qakbot hackers now pushing Cyclops/Ransom Knight ransomware, Cisco says
Android malware apps with 2 million installs spotted on Google Play
CISA director: Critical infrastructure cyber incident reporting rules almost ready
GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack
OpenAI introduces GPT-4 Turbo: Larger memory, lower cost, new knowledge
Apple Issues Emergency Patches for More Zero-Days
MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web
Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites
Boeing Investigating Ransomware Attack Claims
FCC partners with four states on privacy and data protection enforcement
Earth Preta Updated Stealthy Strategies
Second largest U.S. school district LAUSD hit by ransomware
How to set up a VPN on your router
Foxit Patches Several Code Execution Vulnerabilities in PDF Reader
Google now blocks Workspace account hijacking attempts automatically
Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data
Why cybersecurity needs a conference like mWISE
Vulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS Devices
Google Pixel phones had a serious data leakage bug – here’s what to do!
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
Microsoft releases new, faster Teams app for Windows and Mac PCs
Profile Stealers Spread via LLM-themed Facebook Ads
WordPress plugin installed on 1 million+ sites logged plaintext passwords
New powerful Prynt Stealer malware sells for just $100 per month
New BunnyLoader threat emerges as a feature-rich malware-as-a-service
Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments
New Botnet Campaign Exploits Ruckus Wireless Flaw
The Irish DPC fined WhatsApp €5.5M for violating GDPR
Do You Really Trust Your Web Application Supply Chain?
Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims
Beware of the new phishing technique “file archiver in the browser” that exploits zip domains
Russian state hackers lure Western diplomats with BMW car ads
How Continuous Pen Testing Protects Web Apps from Emerging Threats
Xenomorph Android Banking Trojan Targeting Users in US, Canada
Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
Ransomware Attack Forces Canadian Mining Company to Shut Down Mill
Zabbix vulnerabilities added to CISA catalog | ZDNet
White House unveils consumer labeling program to strengthen IoT security
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state
RSA: Cisco launches SASE, offers roadmap for other cloud-based services
U.S., allies warn of rising recent and future attacks on managed service providers
New Stealer-as-a-Ransomware Delivered Through Fake Updates
Chinese MirrorFace APT group targets Japanese political entities
Government Agencies Release Blueprint for Secure Smart Cities
Panaseer Launches Guidance on Security Controls Ahead of EU’s New Legislation
Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong.
Hackers Meddle With Bing Chat Ads To Promote Malicious Links
Hundreds of Microsoft SQL servers backdoored with new malware
White House launches AI cyber competition to fix software vulnerabilities
Researchers release exploit details for Backstage pre-auth RCE bug
STARK#MULE Targets Koreans with U.S. Military-themed Document Lures
18-year-old charged with hacking 60,000 DraftKings betting accounts
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules
Underworld trends: criminals adopt DDoS attacks for extortion - report | CyberNews
Lazarus hackers breach aerospace firm with new LightlessCan malware
Meta’s AI-powered audio codec promises 10x compression over MP3
Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis
Canada bans WeChat, Kaspersky apps on government mobile phones
3 Steps to Automate Your Third-Party Risk Management Program
BEC Attackers Spoof CC'd Execs to Force Payment
Largest switching and terminal railroad in US investigating ransomware data theft
Alarming lack of cybersecurity practices on world’s most popular websites
Resecurity warns about cyber-attacks on data center service providers
Oracle Patches 185 Vulnerabilities With October 2023 CPU
CISA orders agencies to patch Backup Exec bugs used by ransomware gang
Ongoing supply chain attack targets Python developers with WASP Stealer
Chrome Browser Gets Major Security Update
Four common password mistakes hackers love to exploit
Motel One Discloses Ransomware Attack Impacting Customer Data
US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack
Until further notice, think twice before using Google to download software
Cisco fixes privilege escalation bug in Cisco Secure Client
Does the Free World Need a Global Cyber Alliance?
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining
SEC sues SolarWinds for misleading investors before 2020 hack
Log4j RCE activity began on December 1 as botnets start using vulnerability | ZDNet
Google to Pay $391 Million Fine For Silently Tracking User's Location
'Ransomed.Vc' Group Attacking Japanese Giants in New operations
LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities
US data compromises hit all-time high
LockBit Claims TSMC Hack, Demands $70m Ransom
Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations
Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw
Oracle Critical Security Update: 387+ New Security Vulnerabilities Patched
Lack of Breach Info on Notices Surges in Q1
Building automation giant Johnson Controls hit by ransomware attack
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
The growth in targeted, sophisticated cyberattacks troubles top FBI cyber official
TeamTNT's Silentbob Botnet Infecting 196 Hosts in Cloud Attack Campaign
Google Cloud blocks largest HTTPS DDoS attack ever
Nvidia’s Stolen Code-Signing Certs Used to Sign Malware
EU Wants to Toughen Cybersecurity Rules for Smart Devices
T-Mobile denies rumors of a breach affecting employee data
Moxa MXview Vulnerabilities Expose Industrial Networks to Attacks
White House rolls out millions in funding to combat K-12 cyberattacks
AWS kicks off cloud race to mandate MFA by default
Ransomware gang leaks data stolen from City of Oakland
Websites Hosting Fake Cracks Spread Updated CopperStealer Malware
Abcbot botnet has now been linked to Xanthe cryptojacking group | ZDNet
TSMC Targeted by LockBit via Supplier Breach
CISA and NSA Publish Top 10 Misconfigurations
Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks
Apple slaps hard against ‘mercenary’ surveillance-as-a-service industry
Sophos Firewall Password Disclosure Vulnerability: Patch Now!
Progress Software facing dozens of class action lawsuits, SEC investigation following MOVEit incident
DHS warns of critical flaws in Emergency Alert System devices
ICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches
Zimbra patches zero-day vulnerability exploited in XSS attacks
7 Steps to Kickstart Your SaaS Security Program
Detecting Windows AMSI Bypass Techniques
Congressman ‘coming for answers’ after ‘no-fly list’ hack
Windows CE, Microsoft’s stunted middle child, reaches end of support at 26 years
India Faces Surge in IM App Attacks With Trojan Campaigns
New 10 Best Web Application Firewall (WAF) - 2023
Apple issues emergency patches for spyware-style 0-day exploits – update now!
Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise
#InfosecurityEurope: Breaches Down and Security Culture Improving
UK Gun Owners May Be Targeted After Rifle Association Breach
Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group
Microsoft Patches 'Follina' Zero-Day Flaw in Monthly Security Update
Security Affairs newsletter Round 430 by Pierluigi Paganini – International edition
How Google Authenticator made one company’s network breach much, much worse
North Korean Hackers Bag Another $100m in Crypto Heists
North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist
CoinsPaid blames Lazarus hackers for theft of $37,300,000 in crypto
CoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency Heist
Samsung data breach: Lapsus$ gang stole Galaxy devices’ source code
Humans Need to Rethink Trust in the Wake of Generative AI
US Government Issues Open-Source Security Guidance for Critical Infras
CoinsPaid blames North Korea-linked APT Lazarus for theft of $37M worth of cryptocurrency
EU Officials Targeted with Pegasus Spyware
Rhysida ransomware gang claims attacks on governments in Portugal, Dominican Republic
In Other News: Funding Increase, Abuse of Smartphone Location Data, Legal Matters
Julenisserne Overvåger Brun Bjørn
Twitter account of FBI's fake chat app, ANOM seen trolling today
VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products
A Penetration Testing Buyer's Guide for IT Security Teams
Small drones are giving Ukraine an unprecedented edge
US law to compel firms to report cyber attacks
Cybrary Raises $25 Million to Tackle Cybersecurity Workforce Training
FBI Leads International Effort to Seize Domains for Notorious Genesis Market
Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams
A widespread logic controller flaw raises the specter of Stuxnet
Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition
ChatGPT, FraudGPT, and WormGPT Plays A Vital Role in Social Engineering Attacks
5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms
Iran-linked threat actors compromise US Federal Network
Former Navy IT Manager Sentenced to Prison for Hacking, Selling PII
SEC demands four-day disclosure limit for cybersecurity breaches
Ransomware: Conti gang is still in business, despite its own massive data leak | ZDNet
China to disclose secret US ‘global reconnaissance system,’ claims official
Changing cyber insurance guidance from Lloyd’s reflects a market in turmoil
#InfosecurityEurope: Cyber Leaders’ Plea to Tackle the Industry’s Mental Health Crisis
Stanford University investigating cyberattack after ransomware claims
Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
Open Source Flaws Found in 84% of Codebases
S3 Ep140: So you think you know ransomware?
FBI: State hackers exploiting new Zoho zero-day since October
China-based spies are hacking East Asian semiconductor companies, report says
Zero trust and why it matters to the Apple enterprise
Debit card fraud leaves Ally Bank customers, small stores reeling
How to manage a mass password reset due to a ransomware attack
Clorox resumes normal plant operations in the wake of cyberattack
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Biden Issues Executive Order on Safe, Secure AI
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
Serving startup nation: How Israel's cyber specialists work amid war
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website
New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise
Fifth of Government Workers Don't Care if Employer is Hacked
MGM Resorts says cyberattack cost $100 million, resulted in theft of customer info
Exploit Code Published for Critical VMware Security Flaw
North Korean hackers mix code from proven malware campaigns to avoid detection
CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities
Blockchain engineers’ Macs are targets of North Korea-linked malware
North Korean gov’t hackers targeted aerospace company in Spain
Cisco identifies another IOS XE vulnerability, with patches coming this weekend
Interpol Shuts Down Phishing Service '16shops'
Critical updates for Microsoft Office and Visual Studio drive September's Patch Tuesday
Too Rich To Ransomware? MGM Brushes Off $100M in Losses
Examining the Activities of the Turla APT Group
CISA orders federal agencies to update iPhones, Macs until Feb 25th
Zyxel Firewall Vulnerability lets Attackers Inject OS Commands
Aspen Cyber Summit 2023 — Live Coverage
Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates
Want to boost you cybersecurity? Here are ten steps you can take to improve your defenses now | ZDNet
Zoom patches critical vulnerability again after prior fix was bypassed
Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign
New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
Thanks, dad: jammer used to stop kids going online, wipes out a town's internet by mistake | ZDNet
Organizations tempt risk as they deploy code more frequently
New PaperCut critical bug exposes unpatched servers to RCE attacks
IT managers uneasy with snooping software: report
Emotet growing slowly but steadily since November resurgence
Amazon's AppStore is getting more apps and games on Windows 11
Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
Brave and DuckDuckGo Browsers Block Google AMP Tracking
Roaming Mantis uses new DNS changer in its Wroba mobile malware
How does Privileged Access Management work?
Pentagon moves closer to picking leader for top cyber job
Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System
NCSC Issues First-Ever Cybersecurity Guidance for the Construction Industry
Facebook to Pay $725 Million to Resolve Cambridge Analytica Scandal Case
European Bank Customers Targeted in SpyNote Android Trojan Campaign
Dallas: Royal ransomware gang infiltrated networks weeks before striking
Over 80,000 Unpatched Hikvision Cameras Exposed to Takeover
Morgan Stanley agrees to $60 million settlement in data breach lawsuit | ZDNet
Multiple Flaws Found in the Avada WordPress Theme and Plugin
Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group
Fake Chat App On Android Steals Signal and WhatsApp Data
Cloud computing security: New guidance aims to keep your data safe from cyberattacks and breaches | ZDNet
Critical Security Patches Issued by Microsoft, Adobe and Other Major Software Firms
FTC tracking developments at Twitter with 'deep concern' after CISO resigns
Multiple Vulnerabilities In Yellowfin BI Could Allow RCE Attacks
Guardz debuts with cybersecurity-as-a-service for small businesses
Prynt - Stealthy Malware Written in C/C++ Steal Directories, Credentials Using Process Injection
Apple Releases Update for iOS 12 to Patch Exploited Vulnerability
YouTube Users Targeted By RedLine Self-Spreading Stealer
TikTok Fined Over $5m for Cookie Violations
CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop
Socks5Systemz proxy service infects 10,000 systems worldwide
Microsoft CARs Deprecation in Exchange Online platform
New Linux botnet RapperBot brute-forces SSH servers
Rhysida ransomware group hacked King Edward VII’s Hospital
Hackers use fake crypto job offers to push info-stealing malware
73% of consumers trust what generative AI wants us to see
Microsoft previews new endpoint security solution for SMBs
New CISO appointments 2023
Software Patches Flaw on macOS Could Let Hackers Bypass All Security Levels
SAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANA
The Rise of the Rookie Hacker - A New Trend to Reckon With
Google researchers expose Iranian hackers' tool to steal emails from Gmail, Yahoo and Outlook
Security researchers take a look at Google's VPN by Google One app
Biden cyber officials see auto, food safety as models for security overhaul
8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses
ChatGPT’s new personalization feature could save users a lot of time
SAP's First Security Updates for 2023 Resolve Critical Vulnerabilities
SpecterOps Closes Series A Extension From Ballistic Ventures, Bringing Funding Round Total to $33.5M
Emergency Patch Released For GoAnywhere MFT Zero-Day Vulnerability
NPM packages found containing the TurkoRat infostealer
Holiday Hackers: How to Safeguard Your Service Desk
Microsoft says Russia hit Ukraine with hundreds of cyberattacks
Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw
Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials
Iranian hackers lurked in Middle Eastern govt network for 8 months
Kali Linux 2022.2 Released With 10 New Tools and Other Enhancements
W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts
University of Manchester says hackers ‘likely’ stole data in cyberattack
InQuest Labs: Man + Machine vs Business Email Compromise (BEC)
Demystifying Zero Trust
Police are sending messages to 70,000 people who may have fallen victim to phone scammers
U.S. No Fly list shared on a hacking forum, government investigating
Uber Drivers' Data Exposed in Breach of Law Firm's Servers
CISA touts ‘tremendous growth’ in vulnerability disclosure platform
Google fixed critical zero-click RCE in Android
SideCopy Using Action RAT and AllaKore RAT to infiltrate Indian Organizations
Threat actors abuse valid accounts using manual tactics, CrowdStrike says
Hackers Behind Twilio Breach Also Targeted Cloudflare Employees
BlueNoroff hackers steal crypto using fake MetaMask extension
FBI: Scammers likely to target US Student Loan Debt Relief applicants
North Korean hackers exploit critical TeamCity flaw to breach networks
200 Canon Printer Models May Expose Wi-Fi Connection Data
Critical Vulnerabilities Patched in Veeam Data Backup Solution
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks
Major Mississippi hospital system takes services offline after cyberattack
Security Affairs newsletter Round 427 by Pierluigi Paganini – International edition
COVID-19 data put for sale on Dark Web
10 Best Cloud Security Tools - 2023
QNAP fixes critical bug letting hackers inject malicious code
Apple and Google Join Forces to Stop Unauthorized Tracking Alert System
This stealthy hacking campaign uses a new trick to deliver its malware
Back to business: Cl0p ransomware gang is back | CyberNews
Mac Malware MacStealer Spreads as Fake P2E Apps
AhRat Android RAT was concealed in iRecorder app in Google Play
RTM Locker Ransomware Targets Linux Architecture
While Russian tanks attack, Ukrainian supporters hack back
ChatGPT Leveraged to Enhance Software Supply Chain Security
From the front lines of ‘the first real cyberwar’
A Google Cloud Build Vulnerability Could Aid Supply-Chain Attacks
Experts warn against ransomware complacency
WormGPT, the generative AI tool to launch sophisticated BEC attacks
Nearly 300 Vulnerabilities Patched in Huawei's HarmonyOS in 2022
Trulioo enhances identity verification with “person match” intelligent routing
Attackers exploiting critical flaw in many Zoho ManageEngine products
Google tackles open source security with vulnerability rewards program
Beep, a new highly evasive malware appeared in the threat landscape
Water sector in the US and Israel still unprepared to defeat cyber attacks
E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse
'Cities: Skylines' Gaming Modder Banned Over Hidden Malware
Open-source supply chain attacks expand to the banking sector
Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!
$1.3 billion lost to romance scams in the past five years: FTC | ZDNet
Indonesia's central bank confirms ransomware attack, Conti leaks data
Chinese hacking operation puts Microsoft in the crosshairs over security failures
15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack
Redditor creates working anime QR codes using Stable Diffusion
Ukrainian Police Bust Crypto Fraud Call Centers
Security Concerns Scupper Deals for Two-Thirds of Firms
World's tweeting wrong Liz Truss | Cybernews
Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition
NSA, CISA Issue Guidance on 5G Network Slicing Security
Using XDR to Consolidate and Optimize Cybersecurity Technology
Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation
Mysterious Mystic Stealer Spreads Like Wildfire in Mere Months
Security Affairs newsletter Round 384
Dropbox Hacked - Attackers Stolen 130 GitHub Repositories
How Ukrainians are using pirated movies to bring war's reality to Russian viewers
US counterintelligence shares tips to block spyware attacks
Apache Releases Log4j 2.17.1 Fixing Another Code Execution Flaw
Windows devices with newest CPUs are susceptible to data damage
23andMe's data incident.
$1.89B stolen from crypto investors in 2023
Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign
US Government Has Three Weeks to Patch Cyclops Blink Bug
SAP Patches Spring4Shell Vulnerability in More Products
Fraud Prevention Firm Fingerprint Raises $33 Million
Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update
University of Michigan warns that personal information was leaked during cyberattack
Google: Record Year for Zero Days in 2021
APT28 relies on PowerPoint Mouseover to deliver Graphite malware
Israeli hospital redirects new patients following ransomware attack
Titan Stealer: A New Golang-Based Information Stealer Malware Emerges
Chinese Hackers Targeting European Entities with New MQsTTang Backdoor
Chinese Hacker Group Deploy WinDealer Backdoor
The Alarming Rise of Infostealers: How to Detect this Silent Threat
Leveraging Wazuh to combat insider threats
Fake crypto giveaways steal millions using Elon Musk Ark Invest video
Microsoft enhances Windows 11 Phishing Protection with new features
Microsoft fixes Windows zero-day exploited in ransomware attacks
HPE, Extreme Networks working to address five vulnerabilities in widely used network switches
AuditBoard adds new AI and analytics capabilities for risk and compliance
91% of Cyber Pros Experience Mental Health Challenges at Work
TeslaGun Primed to Blast a New Wave of Backdoor Cyberattacks
Unusual Microsoft 365 Phishing Campaign Spoofs eFax Via Compromised Dynamics Voice Account
Stability AI releases Stable Diffusion XL, its next-gen image synthesis model
Microsoft finds macOS bug that lets hackers bypass SIP root restrictions
Pixiv, DeviantArt artists hit by NFT job offers pushing malware
German government warns of APT27 activity targeting local companies
FBI’s Qakbot operation opens door for more botnet takedowns
New ransomware LokiLocker bundles destructive wiping component
Microsoft Sinkholes Russian Hacking Group's Domains Targeting Ukraine
New York Power Authority to beef up cybersecurity with new IronNet, AWS deal | ZDNet
OpenSSL Fixed Two High Severity Vulnerabilities That Can be Exploited Remotely
Microsoft fixes Windows 10 search issues in Outlook desktop app
Vietnam Post exposes 1.2TB of data, including email addresses
Cyber Risk Index (2H’ 2021): An Assessment for Security Leaders
BleepingComputer's most popular cybersecurity and tech stories of 2021
Google Cloud Build bug lets hackers launch supply chain attacks
VMware Patches Five Critical Vulnerabilities in Workspace ONE Access
Global network of fake news sites push Chinese propaganda, researchers find
CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers
Schneider Power Meter Vulnerability Opens Door to Power Outages
Microsoft Sounds Alarm Over English-Speaking Octo Tempest
New Windows Meduza Stealer targets tens of crypto wallers and password managers
How to hack an unpatched Exchange server with rogue PowerShell code
Cyclops Ransomware Gang Offers Go-Based Info Stealer to Cybercriminals
XSS Vulnerabilities in Azure Services Let Attackers Execute Malicious Scripts
Trojan-Proxy Threat Expands Across macOS, Android and Windows
Atlassian patches critical RCE flaws across multiple products
Debate rages over Microsoft vulnerability practices after Follina, Azure issues
New ChatGPT Attack Technique Spreads Malicious Packages
White House Allocates $3.1bn to Cybersecurity in New Budget
FSF: Chrome’s JPEG XL killing shows how the web works under browser hegemony
NordVPN makes its Meshnet private tunnel free for everyone
FCC wants new data breach reporting rules for telecom carriers
Windows 10 KB5010342 & KB5010345 updates released
American Express down in outage: users report login and payment issues
The GTA 6 Map Leaked by Rockstar Employee’s Son: What’s Disclosed?
Cybercriminals bypass Windows security with driver-vulnerability exploit
Honeypot-Factory: The Use of Deception in ICS/OT Environments
Critical SAP vulnerabilities spur CISA, researcher pleas for urgent patching
VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products
I’m a security reporter and got fooled by a blatant phish
High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks
Guardz Launches AI-Powered Multilayered Phishing Protection To Secure SMEs
PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability
12 odd and interesting gift ideas for hackers in 2022
Security Affairs newsletter Round 364 by Pierluigi Paganini
Security firm Blumira discovers major new Log4j attack vector | ZDNet
SAP's December 2022 Security Updates Patch Critical Vulnerabilities
Two spyware sending data of more than 1.5M users to China were found in Google Play Store
GodFather Android malware targets 400 banks, crypto exchanges
Cisco looks to Splunk for security business growth
Google explains how Android malware slips onto Google Play Store
Amazon RDS Vulnerability Led to Exposure of Credentials
Sensitive records of over 280m Indian citizens exposed | Cybernews
Oracle Releases 520 New Security Patches With April 2022 CPU
Comm100 Chat Service Hacked In A Supply-Chain Attack
BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
Zoho urges fixing a critical SQL Injection flaw in ManageEngine