Security Bulletin

Nearly half of the 2,300 internet-exposed Redis servers compromised with the HeadCrab malware as part of an attack campaign that was initially reported in early 2023 have been infected with an updated variant of the backdoor, according to The Hacker...

Several Java applications have been targeted by a new variant of the FritzFrog botnet, which has gained the ability to exploit the Log4Shell vulnerability, as part of the Frog4Shell attack campaign, reports The Record, a news site by cybersecurity...

Tech learners, it’s the week you have been waiting for. It’s time to come together with experts and thousands of your peers to connect, learn, and advance your career with the Learning & Certifications team at Cisco Live Amsterdam, February 5-9, 2024...

Threat actors have targeted internet-exposed Docker API endpoints with the advanced Commando Cat cryptojacking campaign since the beginning of the year, The Hacker News reports.

This is fork from the original work by Scott Jensen [ 1][ 2] originally published here as guest diary part of the SANS.edu BACS program. This update has a number of new features now available in Github [ 4].

Major U.S. cloud software provider Blackbaud has agreed to bolster its security defenses and remove unneeded customer data from its systems to settle charges by the Federal Trade Commission alleging the company's several security failings that...

The U.S. Office of the National Cyber Director has been urged by the Government Accountability Office to strengthen the implementation of the national cybersecurity strategy by adding outcome-oriented performance measures, as well as details...

Multinational building automation systems manufacturer Johnson Controls International has reported spending $27 million to remediate a ransomware attack in September attributed to the Dark Angels ransomware operation, which had demanded $51 million...

A GitHub Actions workflow could have been used for a command injection vulnerability in Bazel, which had the potential for threat actors to add malicious code into the production environment for projects using the Google open-source product.

With prompt injection, AI puts new spin on an old security problem

Interpol has disclosed the disruption of 70% of 1,300 malicious command-and-control servers leveraged in malware and phishing attacks, as well as the arrests of 31 suspected threat actors as part of its Operation Synergia between September and...

Hackread reports that the United Arab Emirates' government-owned airline Flydubai was claimed to be subjected to several distributed denial-of-service attacks by the self-proclaimed hacktivist operation Anonymous Sudan.