For individuals

ACROS Security has released free unofficial fixes for a zero-day flaw in Windows Themes, which could be leveraged to facilitate the remote compromise of NTLM credentials on devices running on Windows 7 to Windows 11 24H2.

Aside from enabling surveillance that curtails individuals' privacy rights, the UN cybercrime treaty — which has already been approved by the body's Ad Hoc Committee on Cybercrime — also requires the gathering and sharing of private internet user data with other countries that could legitimate authoritarian nations' partnerships.

Increasingly prevalent state-sponsored intrusions have been partly fueled by escalating activities from both countries' non-state attackers, with Russia commonly tapping hacktivist groups and China partnering with universities and businesses in its malicious cyber operations.

Milan-based private investigations firm Equalize led by former top cop Carmine Gallo was reportedly behind the years-long hacking campaign, which was facilitated by bribes to police officers, remote access trojan compromise, and the breach of the Italian Interior Ministry computer system's maintenance personnel.

The discoveries included three critical security vulnerabilities and 18 high-severity flaws.

Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.

At least two people responsible for operating the malware network that infected an estimated 1,200 servers.

A professional-grade tool set, appropriately dubbed "CloudScout," is infiltrating cloud apps like Microsoft Outlook and Google Drive, targeting sensitive info for exfiltration.

In the latest attack against ISPs, second-largest French provider Free fell victim to unknown cyberattackers who attempted to sell the compromised data it stole from the company on an underground cybercrime forum.

New research finds that six years later, AMD and Intel processors can still be hit with speculative execution attacks.