Microsoft 365 users report Outlook, Teams won’t start or freezes
Network and IT admins have been dealing with ongoing Microsoft 365 issues this week, reporting that some end users cannot...
cybersecurity
NSA shares tips on blocking BlackLotus UEFI malware attacks
The U.S. National Security Agency (NSA) released today guidance on how to defend against BlackLotus UEFI bootkit malware attacks. BlackLotus...
Microsoft Teams bug allows malware delivery from external accounts
Security researchers have found a simple way to deliver malware to an organization with Microsoft Teams, despite restrictions in the...
APT37 hackers deploy new FadeStealer eavesdropping malware
The North Korean APT37 hacking group uses a new 'FadeStealer' information-stealing malware containing a 'wiretapping' feature, allowing the threat actor...
DuckDuckGo browser for Windows available for everyone as public beta
DuckDuckGo has released its privacy-centric browser for Windows to the general public. It is a beta version available for download...
VMware fixes vCenter Server bugs allowing code execution, auth bypass
VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication...
Millions of GitHub repos likely vulnerable to RepoJacking, researchers say
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy...
CISA orders govt agencies to patch bugs exploited by Russian hackers
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six more security flaws to its known exploited vulnerabilities...
Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version
Microsoft says Internet-exposed Linux and Internet of Things (IoT) devices are being hijacked in brute-force attacks as part of a...
Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices
A variant of the Mirai botnet is targeting almost two dozen vulnerabilities aiming to take control of D-Link, Arris, Zyxel,...
Chinese APT15 hackers resurface with new Graphican malware
The Chinese state-sponsored hacking group tracked as APT15 has been observed using a novel backdoor named 'Graphican' in a new...
iOttie discloses data breach after site hacked to steal credit cards
Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online...
UPS discloses data breach after exposed customer info used in SMS phishing
Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its...
Exploit released for Cisco AnyConnect bug giving SYSTEM privileges
Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure...
FTC: Amazon trapped millions into hard-to-cancel Prime memberships
The Federal Trade Commission (FTC) says Amazon allegedly used dark patterns to trick millions of users into enrolling in its...
The Great Exodus to Telegram: A Tour of the New Cybercrime Underground
The world of cybercrime is moving quickly. Threat actors, ransomware gangs, malware developers, and others are increasingly and rapidly moving...
Over 100,000 ChatGPT accounts stolen via info-stealing malware
More than 101,000 ChatGPT user accounts have been stolen by information-stealing malware over the past year, according to dark web...
Ransomware is only getting faster: Six steps to a stronger defense
Staying ahead of threat actors is a game of cat and mouse, with attackers often having the upper hand. In...
Russian APT28 hackers breach Ukrainian govt email servers
Image: Bing Image Creator A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate (GRU)...
New RDStealer malware steals from drives shared over Remote Desktop
A cyberespionage and hacking campaign tracked as 'RedClouds' uses the custom 'RDStealer' malware to automatically steal data from drives shared...
Zyxel warns of critical command injection flaw in NAS devices
Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command...
Hackers infect Linux SSH servers with Tsunami botnet malware
An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS...
New Condi malware builds DDoS botnet out of TP-Link AX21 routers
A new DDoS-as-a-Service botnet called "Condi" emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers...
Microsoft fixes Azure AD auth flaw enabling account takeover
Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and...
