Cybersecurity

An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed.

The Australian government is investigating a large-scale ransomware attack involving MediSecure, a Melbourne-based electronic prescriptions provider.

Financial firms covered under new regulations will be required to establish a clear response and communications plan for customer data breaches.

A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP.

CISA Adds Three Known Exploited Vulnerabilities to Catalog

The American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World.

The banking trojan "Grandoreiro" is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks.

New versions of Git are out, with fixes for CVE-2024-32002, which can be used to remotely execute code during a "clone" operation.

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources.

The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.

Our research reveals that personal repositories often expose sensitive corporate data, leading to severe security breaches

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad.

Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.

​Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.

An earlier iteration of the site was taken down last year; now its reincarnation is gone.

Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment.

The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers.

The company’s Patch Tuesday includes fixes for flaws in Windows Desktop Window Manager, Windows MSHTML, and Visual Studio, among others, that IT security orgs should prioritize.

Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.

A Korean cybersecurity expert has been sentenced to prison for illegally accessing and distributing private videos from vulnerable "wallpad" cameras in 400,000 private households.

Recorded Future details a novel campaign that abuses legitimate internet services to deploy multiple malware variants for credential theft

Organizations continue to run insecure protocols across their WAN, making it easier for cybercriminals to move across networks.

Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.

Plenty of patches for everyone, even if your product doesn’t include the zero-day fix.

The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using a partner portal API they accessed as a fake company. Dell had started to send notifications warning customers that their personal data was stolen in a data breach. This data br...

​Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.

A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases.

Researchers have uncovered a critical vulnerability in VMware's Bluetooth device, allowing code execution by malicious actors.

In Cambodia, Laos and Myanmar, the groups are estimated to reap about $43.8 billion each year through scams — some 40 percent of the three nations’ combined formal GDP.

On May 10, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on PyPI. The package was called requests-darwin-lite and appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packe...

Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.

Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal...

VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.

Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.

A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.

Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign.

The wide-ranging hacking campaign by the state-backed group Volt Typhoon is seen as a prelude of what's to come.