Cisco patches critical Web UI RCE flaw in multiple IP phones
Cisco has addressed a critical security vulnerability found in the Web UI of multiple IP Phone models that unauthenticated and...
News
GitHub’s secret scanning alerts now available for all public repos
GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be...
Aruba Networks fixes six critical vulnerabilities in ArubaOS
Aruba Networks published a security advisory to inform customers about six critical-severity vulnerabilities impacting multiple versions of ArubaOS, its proprietary...
CISA releases free ‘Decider’ tool to help with MITRE ATT&CK mapping
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released 'Decider,' an open-source tool that helps defenders and security analysts...
White House releases new U.S. national cybersecurity strategy
The Biden-Harris administration today released its national cybersecurity strategy that focuses on shifting the burden of defending the country's cyberspace...
British retail chain WH Smith says data stolen in cyberattack
British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees. The company operates...
Trezor warns of massive crypto wallet phishing campaign
An ongoing phishing campaign is pretending to be Trezor data breach notifications attempting to steal a target's cryptocurrency wallet and...
BlackLotus bootkit bypasses UEFI Secure Boot on patched Windows 11
The developers of the BlackLotus UEFI bootkit have improved the malware with Secure Boot bypass capabilities that allow it to...
Australian woman arrested for email bombing a government office
The Australian Federal Police arrested a woman in Werrington, Sydney, for allegedly email bombing the office of a Federal Member...
Chick-fil-A confirms accounts hacked in months-long “automated” attack
American fast food chain Chick-fil-A has confirmed that over 71,000 customers' accounts were breached in a months-long credential stuffing attack, allowing...
Chinese hackers use new custom backdoor to evade detection
The Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting...
Hatch Bank discloses data breach after GoAnywhere MFT hack
Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers...
Brave Search launches AI-powered summarizer in search results
Brave Search has incorporated a new AI-powered tool named Summarizer, which gives a summarized answer to an inputted question before...
The Week in Ransomware – March 3rd 2023 – Wide impact attacks
This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous subsidiaries, including SlingTV...
BidenCash market leaks over 2 million stolen credit cards for free
A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration...
Play ransomware claims disruptive attack on City of Oakland
The Play ransomware gang has taken responsibility for a cyberattack on the City of Oakland that has disrupted IT systems...
FBI and CISA warn of increasing Royal ransomware attack risks
CISA and the FBI have issued a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many...
Chinese Hackers Targeting European Entities with New MQsTTang Backdoor
The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an...
New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that...
U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware’s Deadly Capabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory about Royal ransomware, which emerged in the...
Hackers Exploit Containerized Environments to Steal Proprietary Data and Software
A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker...
Hackers Exploit Containerized Environments to Steals Proprietary Data and Software
A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker...
Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI
A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer...
New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers
Misconfigured Redis database servers are the target of a novel cryptojacking campaign that leverages a legitimate and open source command-line...
