Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems
Distributed Denial of Service (DDoS) botnets have been used to actively exploit a critical vulnerability found in Zyxel firewall models.The...
cybersecurity
FBI: Tech support scams now use shipping companies to collect cash
FBI warns of a surge in tech support scams targeting the elderly across the United States and urging victims to...
US govt bans European spyware vendors Intellexa and Cytrox
The U.S. government has banned European commercial spyware manufacturers Intellexa and Cytrox, citing risks to U.S. national security and foreign...
Ukraine takes down massive bot farm, seizes 150,000 SIM cards
The Cyber Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100...
OpenAI credentials stolen by the thousands for sale on the dark web
Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for...
Adobe emergency patch fixes new ColdFusion zero-day used in attacks
Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in...
Microsoft: Hackers turn Exchange servers into malware control centers
Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry...
Estée Lauder beauty giant breached by two ransomware gangs
Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim...
Chinese APT41 Linked to WyrmSpy and DragonEgg Surveillanceware
The Chinese espionage group APT41 (AKA Double Dragon, BARIUM and Winnti) has been linked to the sophisticated Android surveillanceware known...
Critical API Security Gaps Found in Financial Services
An industry-focused report on application programming interface (API) security has revealed a critical state of affairs in the financial services...
CISA orders govt agencies to mitigate Windows and Office zero-days
CISA ordered federal agencies to mitigate remote code execution zero-days affecting Windows and Office products that were exploited by the Russian-based...
Google Cloud Build bug lets hackers launch supply chain attacks
A critical design flaw in the Google Cloud Build service discovered by cloud security firm Orca Security can let attackers...
U.S. preparing Cyber Trust Mark for more secure smart devices
A new cybersecurity certification and labeling program called U.S. Cyber Trust Mark is being shaped to help U.S. consumers choose...
New critical Citrix ADC and Gateway flaw exploited as zero-day
Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits...
FIN8 deploys ALPHV ransomware using Sardonic malware variant
A financially motivated cybercrime gang has been observed deploying BlackCat ransomware payloads on networks backdoored using a revamped Sardonic malware...
Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware
Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name...
Strengthening Password Security may Lower Cyber Insurance Premiums
The global cyber insurance market is expected to reach over $20 billion by 2025. However, many organizations are finding it...
New Vulnerabilities Found in Adobe ColdFusion
Security researchers from Rapid7 have found active exploitation of multiple vulnerabilities in Adobe ColdFusion, a web development computing platform.On July...
JumpCloud discloses breach by state-backed APT hacking group
US-based enterprise software firm JumpCloud says a state-backed hacking group breached its systems almost one month ago as part of...
Meet NoEscape: Avaddon ransomware gang’s likely successor
The new NoEscape ransomware operation is believed to be a rebrand of Avaddon, a ransomware gang that shut down and...
Frontline Security Practitioners Reveal the Latest About AI
Mark your calendar for mWISE™, the uniquely targeted, community-focused cybersecurity conference from Mandiant. It runs from September 18–20, 2023 in...
Critical ColdFusion flaws exploited in attacks to drop webshells
Update 7/17/23: The article was updated due to a mistaken warning added by Adobe to its email notification. However, a...
Hackers exploiting critical WordPress WooCommerce Payments bug
Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators,...
CISA shares free tools to help secure data in the cloud
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shared a factsheet providing details on free tools and guidance for...
