Ionut Arghire

The National Security Agency (NSA) has released mitigation guidance to help organizations stave off BlackLotus UEFI bootkit infections.

The US government's cybersecurity agency adds VMware and Roundcube server flaws to its Known Exploited Vulnerabilities (KEV) catalog.

VMware published software updates to address multiple memory corruption vulnerabilities in vCenter Server that could lead to remote code execution.

The US army says soldiers says unsolicited, suspicious smartwatches are being sent to soldiers, exposing them to malware attacks.

A Chinese hacking group flagged as APT15 is targeting foreign affairs ministries in the Americas with a new backdoor named Graphican.

A hacking group linked to the North Korean government has been caught using new malware with microphone wiretapping capabilities.

A security researcher has published proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure.

Apple ships major iOS security updates to cover code execution vulnerabilities already exploited in the wild.

Two critical-severity authentication bypass vulnerabilities in WordPress plugins with tens of thousands of installations.

Russian anti-malware vendor shares technical details on spyware implant deployed as part of recent zero-click iMessage attacks.

Enphase Energy has ignored CISA requests to fix remotely exploitable vulnerabilities in Enphase products.

New National Security Cyber Section will help the US disrupt and prosecute nation-state threat actors and state-sponsored cybercriminals.

Gen Digital, which owns Avast, Avira, AVG, Norton, and LifeLock, said employee data was compromised in the MOVEit ransomware attack.

Forescout Technologies has disclosed the details of vulnerabilities impacting operational technology (OT) products from Wago and Schneider Electric.

Bitdefender finds new malware capable of monitoring incoming RDP connections and infect the connecting clients that have client drive mapping enabled.

The Office of the Australian Information Commissioner (OAIC) says some of its files were stolen in a ransomware attack on law firm HWL Ebsworth.

A new information stealer malware named Mystic Stealer is gaining traction among cybercriminals on prominent underground forums.

Western Digital is blocking access to its cloud services for devices running firmware versions impacted by a critical security vulnerability.

The Alphv/BlackCat ransomware gang has taken responsibility for the February cyberattack that hit social media site Reddit.

A critical vulnerability (CVE-2023-35708) in MOVEit software could allow unauthenticated attackers to access database content.