WordPress AIOS plugin used by 1M sites logged plaintext passwords
The All-In-One Security (AIOS) WordPress security plugin, used by over a million WordPress sites, was found to be logging plaintext...
cybersecurity
BreachForums owner Pompompurin pleads guilty to hacking charges
Conor Brian Fitzpatrick, aka Pompompurin, the owner of the notorious BreachForums (aka Breached) hacking forum, has pleaded guilty to hacking...
Zimbra urges admins to manually fix zero-day exploited in attacks
Zimbra urged admins today to manually fix a zero-day vulnerability actively exploited to target and compromise Zimbra Collaboration Suite (ZCS)...
USB drive malware attacks spiking again in first half of 2023
What's old is new again, with researchers seeing a threefold increase in malware distributed through USB drives in the first...
Fake Linux vulnerability exploit drops data-stealing malware
Cybersecurity researchers and threat actors are targeted by a fake proof of concept (PoC) CVE-2023-35829 exploit that installs a Linux...
Cisco SD-WAN vManage impacted by unauthenticated REST API access
The Cisco SD-WAN vManage management software is impacted by a flaw that allows an unauthenticated, remote attacker to gain read...
Source code for BlackLotus Windows UEFI malware leaked on GitHub
The source code for the BlackLotus UEFI bootkit has leaked online, allowing greater insight into a malware that has caused...
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices
Fortinet has disclosed a critical severity flaw impacting FortiOS and FortiProxy, allowing a remote attacker to perform arbitrary code execution...
Microsoft: Chinese hackers breached US govt Exchange email accounts
A Chinese hacking group has breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western...
Ransomware payments on record-breaking trajectory for 2023
Image: Bing Create Data from the first half of the year indicates that ransomware activity is on track to break...
Russian state hackers lure Western diplomats with BMW car ads
The Russian state-sponsored hacking group 'APT29' (aka Nobelium, Cloaked Ursa) has been using unconventional lures like car listings to entice...
GitHub goes passwordless, announces passkeys beta preview
GitHub announced today the introduction of passwordless authentication support in public beta, allowing users to upgrade from security keys to...
Critical RCE found in popular Ghostscript open-source PDF library
Image: Bing Create Ghostscript, an open-source interpreter for PostScript language and PDF files widely used in Linux, has been found...
SonicWall warns admins to patch critical auth bypass bugs immediately
SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System (GMS) firewall management and...
New PyLoose Linux malware mines crypto directly from memory
A new fileless malware named PyLoose has been targeting cloud workloads to hijack their computational resources for Monero cryptocurrency mining....
Hackers exploit Windows policy to load malicious kernel drivers
Microsoft blocked code signing certificates predominantly used by Chinese hackers and developers to sign and load malicious kernel mode drivers...
Deutsche Bank confirms provider breach exposed customer data
Deutsche Bank AG has confirmed to BleepingComputer that a data breach on one of its service providers has exposed its...
HCA confirms breach after hacker steals data of 11 million patients
HCA Healthcare disclosed a data breach impacting an estimated 11 million patients who received care at one of its hospitals...
Apple confirms WebKit security updates break browsing on some sites
Apple confirmed today that emergency security updates released on Monday to address a zero-day bug exploited in attacks also break browsing on...
Microsoft: Unpatched Office zero-day exploited in NATO summit attacks
Microsoft disclosed today an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain...
Streamlining security operations with automated incident response
The rise in the number and complexity of cyber threats has made quick response to security incidents vital for organizations....
Former employee charged for attacking water treatment plant
A former employee of Discovery Bay Water Treatment Facility in California was indicted by a federal grand jury for intentionally...
Razer investigates data breach claims, resets user sessions
Gaming gear company Razer reacted to recent rumors of a massive data breach with a short statement on Twitter, letting...
VMware warns of exploit available for critical vRealize RCE bug
VMware warned customers today that exploit code is now available for a critical vulnerability in the VMware Aria Operations for...
