Latest News

ESET warns of a new reality: “UEFI bootkits are no longer confined to Windows systems alone.”

The Banshee Stealer macOS malware operation, which emerged earlier this year, was reportedly shut down following a source code leak. 

VulnCheck warns of widespread exploitation of a year-and-a-half-old ProjectSend vulnerability for which multiple public exploits exist.

US senators introduce new legislation to protect health data and strengthen the cybersecurity of the country’s healthcare sector.

Palo Alto Networks and SonicWall VPNs affected by vulnerabilities allowing remote code execution and privilege escalation.

The Russia-linked RomCom APT has been observed chaining two zero-days in Firefox and Windows for backdoor delivery.

Operation Serengeti targeted criminal suspects in Africa behind ransomware, business email compromise, digital extortion and scams.

The company warns that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks.

IBM has released patches for two high-severity remote code execution vulnerabilities in Data Virtualization Manager and Security SOAR.

CISA warns about attacks exploiting CVE-2023-28461, a critical vulnerability in Array Networks AG and vxAG secure access gateways.

New York has announced $11 million settlements with Geico and Travelers over data breaches affecting 120,000 people.

Two vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin allowed attackers to execute arbitrary code remotely.

Supply chain management software provider Blue Yonder has been targeted in a ransomware attack that caused significant disruptions for some customers.

A ransomware group has been observed exploiting a recently patched command injection vulnerability in Zyxel firewalls for initial access.

Critical vulnerabilities patched by mySCADA in its myPRO HMI/SCADA product can allow remote and unauthenticated takeover of the system.