Category: Security

The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands. […]

Read more →

Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical-severity vulnerabilities. […]

Read more →

A U.S. federal judge has ruled that Israeli spyware maker NSO Group violated U.S. hacking laws by using WhatsApp zero-days to deploy Pegasus spyware on at least 1,400 devices. […]

Read more →

Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution. […]

Read more →

A new Microsoft 365 phishing-as-a-service platform called “FlowerStorm” is growing in popularity, filling the void left behind by the sudden shutdown of the Rockstar2FA cybercrime service. […]

Read more →

The US Department of Justice has charged a Russian-Israeli dual-national for his suspected role in developing malware and managing the infrastructure for the notorious LockBit ransomware group. […]

Read more →

Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices. […]

Read more →

The Play ransomware gang has claimed responsibility for a cyberattack that impacted the business operations of the U.S. doughnut chain Krispy Kreme in November. […]

Read more →

​The Alliance for Creativity and Entertainment (ACE) has taken down one of the world’s largest live sports streaming piracy rings, with over 821 million visits last year. […]

Read more →

​Daniel Christian Hulea, a Romanian man charged for his involvement in NetWalker ransomware attacks, was sentenced to 20 years in prison after pleading guilty to computer fraud conspiracy and wire fraud conspiracy in June. […]

Read more →

A malicious Android spyware application named ‘BMI CalculationVsn’ was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background. […]

Read more →

uniper Networks has warned customers of Mirai malware attacks targeting and infecting Session Smart routers using default credentials. […]

Read more →

Deeper Network Promo

Juniper Networks has warned customers of Mirai malware attacks targeting and infecting Session Smart routers using default credentials. […]

Read more →

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests. […]

Read more →

Privileged access management company BeyondTrust suffered a cyberattack in early December after threat actors breached some of its Remote Support SaaS instances. […]

Read more →

​​Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation. […]

Read more →

The Russian hacking group tracked as APT29 (aka “Midnight Blizzard”) is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. […]

Read more →

The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. […]

Read more →

Security service edge (SSE) has emerged as a hot topic in the networking and security markets because it provides cloud-delivered security to protect access to websites and applications. This is key for the work-from-anywhere approach enterprises adopted during the pandemic and maintained as hybrid work became the norm. SSE is also a prevalent subject because…

Read more →

A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials. […]

Read more →

​Recorded Future, an American threat intelligence company, has become the first cybersecurity firm designated by the Russian government as an “undesirable” organization. […]

Read more →

Interpol calls on the cybersecurity community, law enforcement, and the media to stop using the term “Pig Butchering” when referring to online relationship and investment scams, as it unnecessarily shames the victims impacted by these fraud campaigns. […]

Read more →

A cyberespionage threat group known as ‘Bitter’ was observed targeting defense organizations in Turkey using a novel malware family named MiyaRAT. […]

Read more →

Cybercrime is a relentless and evolving threat to organizations worldwide. However, with the right insights, we can significantly enhance our security, mitigate risks, and stay ahead of these criminals. FortiGuard Labs’ Cyberthreat Predictions for 2025 report is designed to provide exactly these insights. It identifies emerging threat trends for the coming year and offers actionable…

Read more →

Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. […]

Read more →

Organizations are often caught off-guard when a data breaches occurs, forcing them to quickly perform mass password resets Learn from Specops Software about some of the common mass password reset scenarios and the challenges you may face. […]

Read more →

The FBI warned today that new HiatusRAT malware attacks are now scanning for and infecting vulnerable web cameras and DVRs that are exposed online. […]

Read more →

The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. […]

Read more →

CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. […]

Read more →

A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot. […]

Read more →

Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents’ personal information after the Brain Cipher ransomware gang hacked its systems. […]

Read more →

A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. […]

Read more →

Automobile parts giant LKQ Corporation disclosed that one of its business units in Canada was hacked, allowing threat actors to steal data from the company. […]

Read more →

Citrix Netscaler is the latest target in widespread password spray attacks targeting edge networking devices and cloud platforms this year to breach corporate networks. […]

Read more →

The Federal Trade Commission (FTC) warns about a significant rise in gambling-like online job scams, known as “task scams,” that draw people into earning cash through repetitive tasks, with the promises of earning more if they deposit their own money. […]

Read more →

CISA and the Environmental Protection Agency (EPA) warned water facilities today to secure Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks. […]

Read more →

Russian telecommunications watchdog Roskomnadzor has blocked the Viber encrypted messaging app, used by hundreds of millions worldwide, for violating the country’s legislation. […]

Read more →