Security Bulletin

Meanwhile, illicit transactions on three of the leading Russian dark web markets totaled $1.4 billion last year, an increase from 2022, compared with only $100 million amassed by all of the Western dark web markets, which was lower than in 2022, a...

All Telerik Report Server instances before version 10.1.24.709 are affected by the bug, which could be leveraged to facilitate remote code execution, according to Progress Software.

France and Europol's joint operation to dismantle the PlugX worm botnet, which has impacted millions of devices worldwide, involved the usage of a disinfection solution from Sekoia.io.

Included in the impacted data were names, mobile numbers, and SMS opt-out preferences, said BMW Concessionaires in a statement to Hong Kong's Office of the Privacy Commissioner for Personal Data.

While Summerville noted that operations of its municipal departments have not been impacted by the incident, which was immediately contained, the Embargo group admitted to having stolen 1.71 TB of data from the town's Police Department.

Such a package, which has been taken down after accumulating 59 downloads, initially verifies targeted systems to be macOS before checking the machines' Universally Unique Identifier and infiltrating files that have Google Cloud authentication...

Infiltration of the third-party provider's systems between June 3 and 7 allowed threat actors to exfiltrate the customers' certain banking details, including full names, bank account numbers, and routing numbers leveraged for ACH fund transfers.

The campaign lured targets into downloading a fraudulent CrowdStrike Crash Reporter tool as a ZIP file with a trojanized InnoSetup installer.

Security teams have to face that the attackers also have AI – here are three ways to more effectively operate in this new environment.

A large text-message phishing attack campaign attributed to the China-based Smishing Triad employs malicious iMessages.

Researchers say that a years-old security leak is putting a number of production model PCs at risk of persistent remote takeover.

Several vendors for consumer and enterprise PCs share a compromised crypto key that should never have been on the devices in the first place.