Ionut Arghire

Ransomware operators exploit a vulnerable Paragon driver in BYOVD attacks to elevate privileges to System.

Angel One says client information was compromised in a data breach involving its AWS account.

ESET says hundreds of freelance software developers have fallen victim to North Korean hackers posing as recruiters.

OPSWAT details two critical vulnerabilities in the Mongoose ODM library for MongoDB leading to remote code execution on the Node.js server.

A researcher dives into Chinese reports attributing cyberattacks on Northwestern Polytechnical University to the NSA’s TAO division.

Atlassian has released patches for 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira.

CISA and the FBI warn organizations of attacks employing the Ghost (Cring) ransomware, operated by Chinese hackers.

Proof-of-concept (PoC) code and technical details on four critical-severity Ivanti EPM vulnerabilities are now available.

US military health benefits program administrator HNFS to pay $11 million in settlement over its false claims of cybersecurity compliance.

Blockaid raises $50 million in Series B funding to scale operations to meet demand for its blockchain application security platform.

The latest OpenSSH update patches two vulnerabilities, including one that enabled MitM attacks with no user interaction.

Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox security updates.

A recently identified macOS infostealer named FrigidStealer has been distributed through a compromised website, as a fake browser update.

Financial software firm Finastra is notifying individuals whose personal information was stolen in a recent data breach.

A newly discovered Golang backdoor is abusing Telegram for communication with its command-and-control (C&C) server.

Microsoft has observed a new variant of the XCSSET malware being used in limited attacks against macOS users.

Israeli cybersecurity startup Dream has raised $100 million in Series B funding and is now valued at $1.1 billion.

A newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API.

Russian hackers have been targeting government, defense, telecoms, and other organizations in a device code phishing campaign.

Xerox released security updates to resolve pass-back attack vulnerabilities in Versalink multifunction printers.