RomCom hackers target NATO Summit attendees in phishing attacks
A threat actor referred to as 'RomCom' has been targeting organizations supporting Ukraine and guests of the upcoming NATO Summit...
cybersecurity
Charming Kitten hackers use new ‘NokNok’ malware for macOS
Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that...
New ‘Big Head’ ransomware displays fake Windows update alert
Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows...
The Need for Risk-Based Vulnerability Management to Combat Threats
Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last...
Critical TootRoot bug lets attackers hijack Mastodon servers
Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, one of them critical that allows hackers...
CISA warns govt agencies to patch actively exploited Android driver
CISA ordered federal agencies today to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its list of...
MOVEit Transfer customers warned to patch new critical flaw
MOVEit Transfer, the software at the center of the recent massive spree of Clop ransomware breaches, has received an update...
Barracuda working on fix for ongoing Email Gateway login issues
Image: Bing Image Creator Email and network security firm Barracuda is working to fix an ongoing issue that triggers invalid...
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug
Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after...
Google Analytics data transfer to U.S. brings $1 million fine to Swedish firms
The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) has fined two companies with 12.3 million SEK (€1 million/$1.1 million)...
Hackers target European government entities in SmugX campaign
A phishing campaign that security researchers named SmugX and attributed to a Chinese threat actor has been targeting embassies and...
Japan’s largest port stops operations after ransomware attack
The Port of Nagoya, the largest and busiest port in Japan, has been targeted in a ransomware attack that currently...
Microsoft denies data breach, theft of 30 million customer accounts
Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company's servers and stole credentials...
New Python tool checks NPM packages for manifest confusion issues
A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages...
New tool exploits Microsoft Teams bug to send malware to users
A member of U.S. Navy's red team has published a tool called TeamsPhisher that leverages an unresolved security issue in Microsoft...
Police arrest suspect linked to notorius OPERA1ER cybercrime gang
Law enforcement has detained a suspect believed to be a key member of the OPERA1ER cybercrime group, which has targeted...
New StackRot Linux kernel flaw allows privilege escalation
Technical information has emerged for a serious vulnerability affecting multiple Linux kernel versions that could be triggered with "minimal capabilities."...
Over 130,000 solar energy monitoring systems exposed online
Security researchers are warning that tens of thousands of photovoltaic (PV) monitoring and diagnostic systems are reachable over the public...
Android July security updates fix three actively exploited bugs
Google has released the monthly security updates for Android operating system, which comes with fixes for 46 vulnerabilities. Three of...
Cisco warns of bug that lets attackers break traffic encryption
Cisco warned customers today of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with...
JumpCloud resets admin API keys amid ‘ongoing incident’
JumpCloud, a US-based enterprise software firm is notifying several customers of an "ongoing incident." As a caution, the company has...
CISA: Netwrix Auditor RCE bug exploited in Truebot malware attacks
CISA and the FBI warned today of new Truebot malware variants deployed on networks compromised using a critical remote code...
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
Many people associate only the dark web with drugs, crime, and leaked credentials, but in recent years a complex and...
Nickelodeon investigates breach after leak of ‘decades old’ data
Nickelodeon has confirmed that the data leaked from an alleged breach of the company is legitimate but some of it...
