Ionut Arghire

Threat actors have been observed abusing Kubernetes RBAC to create backdoors and hijack cluster resources for cryptocurrency mining.

SolarWinds has patched two high-severity vulnerabilities that could lead to command execution and privilege escalation.

Attackers are installing the abandoned Eval PHP plugin on compromised WordPress sites to inject PHP code into web pages.

A vulnerability in Google Cloud Platform allowed attackers to modify and hide OAuth applications to create a stealthy backdoor to any Google account.

GitHub this week introduced NPM package provenance and deployment protection rules and announced general availability of private vulnerability reporting.

Health insurer Point32Health takes systems offline after falling victim to ransomware attack.

Cisco this week released patches for critical-severity vulnerabilities impacting its Industrial Network Director and Modeling Labs applications.

The UK government's information security arm warns of Russian state-aligned groups aiming to disrupt and destroy critical infrastructure in Western countries.

Print management solutions provider PaperCut warns that exploitation of a recently patched vulnerability has commenced.

Google warns of another zero-day vulnerability in Chrome, only days after addressing a similar issue.

Oracle’s April 2023 critical patch update (CPU) includes 433 new security patches, including more than 70 that fix critical vulnerabilities.

Coro, an enterprise cybersecurity platform for mid-market organizations, has raised $75 million from Energy Impact Partners.

A subgroup of Iran-linked APT Phosphorus (Mint Sandstorm) has started to quickly adopt PoC exploit code targeting vulnerabilities in internet-facing applications.

Four GitHub repositories used by RedLine stealer control panels were suspended, disrupting the malware’s operations.

New Domino backdoor brings together former members of the Conti group and the FIN7 threat actors.

Personal identity and data protection provider Lockr has raised $2.5 million in pre-seed funding.

A new Remcos RAT campaign is targeting US accounting and tax return preparation firms as Tax Day approaches.

Juniper Networks this week announced patches for tens of vulnerabilities across its product portfolio, including critical bugs in Junos OS and STRM.

Authorization layer solution provider Cerbos has raised $7.5 million in an extended seed round led by Omers Ventures.

New Google paper calls for increased transparency from vendors regarding their vulnerability management practices.