Security Bulletin

While most of the scams involved spearphishing attacks spreading the Atomic macOS Stealer via malicious Zoom meeting client builds, Marko Polo also impersonated productivity software, blockchain-based projects, and online games to facilitate...

Aside from containing vehicle owners' names, birthdates, and phone numbers, such an Elasticsearch cluster also featured vehicle production dates, chassis and engine numbers, and other records with a "special needs" designation, according to Cybernews...

Almost 35,000 brute-force attempts have been conducted by threat actors against a single host's Microsoft SQL Server leveraged by the accounting software for database operations, according to researchers from Huntress.

While information in the stolen database, which has been peddled on BreachForums, was purported to include customers' full names, birthdates, gender, usernames and IDs, hashed passwords, phone numbers, shipping addresses, and IP addresses, Temu...

After installing dependencies and upgrading .NET to version 8, ransomware gangs leveraged several Azure Storage Explorer instances to accelerate uploads of stolen files to Azure Blob storage before being transferred to their storage, according to a...

Can cyber defenders use the presence of infostealers as a canary in the coal mine to preempt ransomware attacks?

Increasing attacks by the OilRig/APT34 group linked to Iran's Ministry of Intelligence and Security show that the nation's capabilities are growing, and targeting regional allies and enemies alike.

Researchers uncovered a vulnerability that could have placed millions of Google Cloud instances at risk of remote hijack.

The latest Secure by Design alert from CISA outlines recommended actions security teams should implement to reduce the prevalence of cross-site scripting vulnerabilities in software.

Security pros say KBs can be easily misconfigured – data on more than 1,000 KBs exposed.

A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.

The Eastern European group is actively expanding its financial fraud activities, with its pipelines representing a veritable Silk Road for the transfer of cryptocurrency, and lucrative and exploitable data.