SecurityWeek

For the seventh time this year, Google is dealing with zero-day attacks targeting users of its flagship Chrome web browser.The search advertising giant released a Chrome security refresh overnight with a warning that malicious hackers are actively exploiting a critical type confusion vulnerability to launch malware attacks.

Hackers have started targeting a critical WooCommerce vulnerability only days after patches started rolling out, patchstack says.WooCommerce is a popular open-source eCommerce plugin for WordPress, with more than 5 million installations to date, making it an attractive target for cybercriminals.

Google is about to give Chrome users a small security boost with new functionality that will attempt to automatically upgrade web pages to HTTPS.Dubbed HTTPS-First mode, the feature resembles the HTTPS-only mode in Firefox.

XSS and Argument Injection Flaws Found in Popular Etherpad Collaboration Tool

MI5’s Annual Threat Update Parallels U.S. Intelligence Threat WarningsMI5’s UK Annual Threat Update 2021 from director general Ken McCallum almost mirrors the threat warnings delivered by U.S. government agencies: ransomware and IP theft in cyber, and extreme right-wing terrorism amplified by online echo chambers.

When a massive cyberattack took out everything from Swedish supermarkets to New Zealand kindergartens this month, a group of Dutch ethical hackers breathed a collective sigh of frustration. They had been so close to stopping it.

Industrial automation solutions provider MDT Software has patched several critical and high-severity vulnerabilities in its flagship product, MDT AutoSave.

A secretive Israeli commercial surveillance company named after a parasitic freshwater fish is being blamed for supplying Windows and Chrome zero-day exploits to nation-state APT actors.

An Iran-linked hacking group tracked as Tortoiseshell has expanded its list of targets to newer industries and more geographies, according to a new warning from Facebook's security team.

Palo Alto Networks this week announced the availability of patches for security flaws in the Prisma Cloud Compute cloud workload protection solution and Windows agent for the Cortex XDR detection and response platform.

The U.S. government has announced new initiatives aimed at combating ransomware and other cyber threats, including a new website and significant rewards for information on foreign hackers.

Extended Detection and Response (XDR) can be confusing based on so many different definitions and approaches

The rise in the value of cryptocurrencies has inevitably drawn the eye of criminals, and the concentration of crypto in the cryptocurrency exchanges has focused that attention. Coinbase is the largest exchange in the U.S., and researchers have detected numerous phishing campaigns against Coinbase users.

Passwordless authentication startup Stytch this week announced that it has raised $30 million in a Series A funding round. To date, the company raised $36.3 million.The founding round was led by Thrive Capital. Coatue Management and existing investors Benchmark and Index Ventures participated as well.

Hackers gained access to the Social Security numbers of more than two dozen people during a ransomware attack that forced the city of Tulsa to shut down parts of its computer network for months, officials said.

A tailored approach to digital executive protection allows security teams to maximize resources and identify threats without relying on 24x7 physical executive protection

Prevention, detection, and response solutions provider Cybereason on Wednesday announced raising $275 million in a crossover funding round, which brings the total raised by the company to more than $663 million.

Lenovo this week published information on three vulnerabilities that impact the BIOS of two of its desktop products and approximately 60 laptop and notebook models.

Network appliance vendor SonicWall has issued an urgent security notice to warn of imminent data-encrypting ransomware attacks targeting known -- and already patched -- firmware vulnerabilities.

A newly uncovered advanced persistent threat (APT) campaign is targeting a large number of users in South Asia, including government entities, according to a new report from anti-malware vendor Kaspersky.