Security Bulletin

Higher rewards of up to $250,000 will be given by Google for the discovery of memory corruption flaws in the Chrome browser shown to achieve remote code execution using a non-sandboxed process as part of a more robust vulnerability reward program.

Included in the exposed .env file were Applause's credentials for Marketo, SalesForce, and Gotowebinar systems, which could result in the compromise of sensitive customer information, marketing details, and operational and financial data from its...

"The Company's investigation of the incident remains ongoing. Based on the Company's current knowledge of the facts and circumstances related to this incident, the Company believes that this incident is not material," said Dick's in a filing with the...

While Microchip has not provided any comment regarding the claims, Play's admission a full week after the company's breach disclosure to the Securities and Exchange Commission reveals an extension from the 72-hour deadline given for a ransom payment.

After being downloaded through an obfuscated PowerShell command, the new LummaC2 variant facilitates the execution of an AES-encrypted second-stage payload, which would enable malicious code injection into a Windows process to establish command-and...

Despite being initially developed to disable security systems, PoorTry — also known as BurntCigar — has since been updated to allow the removal of security software's crucial dynamic link libraries and executable files in a RansomHub attack last...

Such a flaw targets a security issue known since 2019 and could be leveraged to facilitate code injection.

Internet-exposed Versa Director instances were from the U.S., Philippines, India, and Shanghai.

Such a flaw, which could be leveraged for remote code execution, was concealed by APT-C-60 in a trojanized spreadsheet file that included a link, which would prompt the deployment of SpyGlace alongside a file stealing, command executing, and plugin...

APT33 leveraged now-disrupted Microsoft Azure subscriptions to commence password spraying attacks against the targeted entities, while using compromised education sector accounts to obtain additional infrastructure that was then utilized for...

Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs.

We’re sharing an update on suspected state-backed attacker APT29 and the use of exploits identical to those used by Intellexa and NSO.