Security Bulletin

First patched in August, the critical vulnerability enables unauthenticated web shell deployment.

Azorult infostealer aims to steal user credentials and credit card information via HTML smuggling.

Crucial enrichment data is not being added to NVD entries as NIST works through a “transition” process.

The American Hospital Association has opposed mandatory cybersecurity requirements proposed for the healthcare sector following the ransomware attack against Change Healthcare.

Cybersecurity threats were noted by Red Canary to have gained steam across various fronts during the past year.

Efforts to recover impacted systems are already underway amid an ongoing investigation into the source and extent of the cybersecurity incident.

Instant messaging app Viber had over 740GB of data admitted to having been compromised by pro-Palestinian hacktivist group.

McDonald's also reiterated that there is no association between the incident — which was reported in Japan, Bangkok, London, Milan, Denmark, Australia, and the UK and has since been resolved.

AT&T has emphasized that none of its systems have been breached as it vehemently denied that data allegedly stolen from a 2021 hack by ShinyHunters.

The International Monetary Fund had 11 of its email accounts compromised following a cyberattack last month.

Lazarus, which has since tapped the Sinbad.io and Blender.io crypto-mixing services to launder proceeds from the Atomic Wallet, Axie Infinity, and Horizon Bridge attacks, may have been looking to conceal transactions with the recent use of Tornado...

All 17 repositories used in the campaign, which GitHub has already removed, had a README.md file that aimed to establish legitimacy with the inclusion of four green Unicode circles.