Netscaler ADC bug exploited to breach US critical infrastructure org
The US government is warning that threat actors breached the network of a U.S. organization in the critical infrastructure sector...
cybersecurity
VirusTotal apologizes for data leak affecting 5,600 customers
VirusTotal apologized on Friday for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file...
The Week in Ransomware – July 21st 2023 – Avaddon Back as NoEscape
This edition of the Week in Ransomware covers the last two weeks of news, as we could not cover it...
US DoJ Announces Plan to Shakeup Cybercrime Investigations
The US Department of Justice (DoJ) is doubling the size of the team investigating cryptocurrency crime, with the fight against...
Adobe fixes patch bypass for exploited ColdFusion CVE-2023-29298 flaw
Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in...
APT41 hackers target Android users with WyrmSpy, DragonEgg spyware
The Chinese state-backed APT41 hacking group is targeting Android devices with two newly discovered spyware strains dubbed WyrmSpy and DragonEgg...
New P2PInfect worm malware targets Linux and Windows Redis servers
Earlier this month, security researchers discovered a new peer-to-peer (P2P) malware with self-spreading capabilities that targets Redis instances running on...
Critical AMI MegaRAC bugs can let hackers brick vulnerable servers
Image: Bing Image Creator Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller (BMC) software...
GitHub warns of Lazarus hackers targeting devs with malicious projects
GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and...
Threat Actors are Targeting Your Web Applications – Here’s How To Protect Them
Web applications remain a prime target for cyberattacks, posing significant risks to businesses and their bottom lines. So much so,...
JumpCloud breach traced back to North Korean state hackers
US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne, CrowdStrike,...
Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems
Distributed Denial of Service (DDoS) botnets have been used to actively exploit a critical vulnerability found in Zyxel firewall models.The...
FBI: Tech support scams now use shipping companies to collect cash
FBI warns of a surge in tech support scams targeting the elderly across the United States and urging victims to...
US govt bans European spyware vendors Intellexa and Cytrox
The U.S. government has banned European commercial spyware manufacturers Intellexa and Cytrox, citing risks to U.S. national security and foreign...
Adobe emergency patch fixes new ColdFusion zero-day used in attacks
Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in...
Microsoft: Hackers turn Exchange servers into malware control centers
Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry...
Ukraine takes down massive bot farm, seizes 150,000 SIM cards
The Cyber Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100...
OpenAI credentials stolen by the thousands for sale on the dark web
Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for...
Estée Lauder beauty giant breached by two ransomware gangs
Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim...
Chinese APT41 Linked to WyrmSpy and DragonEgg Surveillanceware
The Chinese espionage group APT41 (AKA Double Dragon, BARIUM and Winnti) has been linked to the sophisticated Android surveillanceware known...
Critical API Security Gaps Found in Financial Services
An industry-focused report on application programming interface (API) security has revealed a critical state of affairs in the financial services...
CISA orders govt agencies to mitigate Windows and Office zero-days
CISA ordered federal agencies to mitigate remote code execution zero-days affecting Windows and Office products that were exploited by the Russian-based...
Google Cloud Build bug lets hackers launch supply chain attacks
A critical design flaw in the Google Cloud Build service discovered by cloud security firm Orca Security can let attackers...
U.S. preparing Cyber Trust Mark for more secure smart devices
A new cybersecurity certification and labeling program called U.S. Cyber Trust Mark is being shaped to help U.S. consumers choose...
