Ionut Arghire

A new information stealer malware named Mystic Stealer is gaining traction among cybercriminals on prominent underground forums.

Western Digital is blocking access to its cloud services for devices running firmware versions impacted by a critical security vulnerability.

The Alphv/BlackCat ransomware gang has taken responsibility for the February cyberattack that hit social media site Reddit.

A critical vulnerability (CVE-2023-35708) in MOVEit software could allow unauthenticated attackers to access database content.

The US charges Russian national Ruslan Magomedovich Astamirov over his alleged role in LockBit ransomware attacks.

Russia-linked hacking group Gamaredon is infecting USB drives for lateral movement within compromised Ukrainian networks.

CISA and the NSA have published new guidance to help organizations harden baseboard management controllers (BMCs).

Microsoft addressed two cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry (ACR) leading to unauthorized access to user sessions.

Cybersecurity startup SquareX launches a temporary bug bounty program for its cloud-based browser security solution.

LockBit ransomware operators launched 1,700 attacks in the US and received roughly $91 million in ransom payments.

CISA’s Binding Operational Directive 23-02 requires federal agencies to secure the network management interfaces of certain classes of devices.

Hundreds of thousands of ecommerce sites are impacted by a critical vulnerability in the WooCommerce Stripe Payment Gateway plugin.

Google has released a Chrome 114 security update to address five vulnerabilities, including a critical-severity bug in Autofill payments.

SAP has released eight new security notes on June 2023 Security Patch Day, including two that address high-severity vulnerabilities.

Mandiant has observed a Chinese cyberespionage group exploiting a VMware ESXi zero-day vulnerability for privilege escalation.

A Romanian national who operated a bulletproof hosting service used by malware operators was sentenced to prison in the US.

St. Margaret’s Health in Illinois is shutting down hospitals partly due to a 2021 ransomware attack that caused serious payment system disruptions.

A database containing the personal information of roughly 9 million Zacks users has emerged online.

OMB has published new guidance on federal agencies obtaining security guarantees from software vendors.

Two Russian nationals are charged in the US with hacking a cryptocurrency exchange and conspiring to launder the proceeds.