Clop ransomware entered the Crown Resorts network by exploiting the GoAnywhere zero-day vulnerability*Security researchers have discovered a vulnerability in the WiFi protocol that allows attackers to hijack network traffic*Researchers found Trojanized Tor browsers targeting Russians with malware to steal cryptocurrency*Attackers targeted European companies to spread Remco's RAT and Formbook malware*Pakistan-based SideCopy APT Group Targets India's DRDO With Action RAT*Researchers have found new variants of IcedID Loader that deliver additional malware*A new MacStealer malware that targets Mac users and steals iCloud Keychain credentials*Apple fixes WebKit zero-day bug on older iPhones*Twitter removes leaked source code on GitHub and seeks downloaders*Attackers target US taxpayers in new Emotet phishing campaign*A critical bug in the MLflow AI testing framework could expose AI models and machine learning*OpenAI reveals an incident related to ChatGPT user data*Microsoft Warns of Outlook Vulnerability Exploited by Russian Attackers*Procter & Gamble reports GoAnywhere zero-day* data breachChinese Nuclear Power Plants Under Attack From 'Bitter' Spy HackersLionsgate Streaming Network Reveals Over 37 Million Subscriber Data*Malicious Python package uses Unicode technique to evade detection*Researchers reveal new attack strategies used by Chinese nation-state hackers*Threat Actors Attack 450 Financial Apps Using Android Banking Trojan*GitHub code hosting platform quickly replaces exposed RSA SSH key*Play ransomware gang publishes data stolen from Royal Dirkzwager shipping company*WordPress fixed a critical vulnerability in the WooCommerce checkout plugin*BlackGuard Stealer targets 57 browser extensions and cryptocurrency wallets*Cisco has patched high-severity vulnerabilities in its IOS and IOS XE software*Microsoft fixes privacy bugs in Windows 11's Acropalypse snipping toolResearchers warn of Gmail content theft by threat group Kimsuky*Researchers Publish Proof-of-Concept (PoC) for Vulnerabilities in NETGEAR Orbi Mesh* Wireless SystemTrojan ChatGPT Chrome extension found hijacking Facebook accounts*CISA warned of critical security vulnerabilities in products for industrial control systems*Play ransomware gang allegedly releases data stolen from logistics service provider Royal Dirkzwager*Mozilla fixes Firefox crash issue on Windows 11 and macOS* systemsHackers use new CommonMagic and PowerMagic malware to steal victims' information*Threat actors targeting Linux servers with various variants of ShellBot* malwareResearchers have found malicious NuGet packages targeting .NET developers*Scammers extort 1 crore INR from 81 users through mobile payment app*Threat actors exploited a zero-day vulnerability in Bitcoin ATMs in general*Ferrari, Italian luxury sports car maker, announces data breach*Realtek SDK, Huawei routers and Hadoop YARN servers targeted by new HinataBot* botnetFBI, CISA, and MS-ISAC Release Notice Warning About LockBit 3.0 Ransomware Attacks*New Trigona ransomware targets Australia, US and European countries*Threat actors are now proliferating Emotet malware via malicious Microsoft OneNote files*The NBA suffers a data breach that exposes the personal information of its fans*Scammers use Twitter's "quote tweet" feature to target bank customers*Attackers spread "FakeCalls" Android malware in South Korea*Cyber attack on Latitude Financial Services leads to data theft at two service providers*Google warns of 18 zero-day bugs in Samsung's Exynos chipsets*Attackers misuse Adobe Acrobat Sign to spread information-stealing Redline* malwareMozilla has announced the release of Firefox 111 with dozens of vulnerability patches*Attackers broke into US federal agencies by exploiting legacy Telerik UI vulnerability*Researchers Discover Dero's First Cryptojacking Campaign Targeting Kubernetes*Healthcare provider ILS suffered a data breach that exposed 4.2 million patient records*Researchers publish technical details about critical vulnerability in Microsoft Outlook*Tick APT Group contracted with a data loss prevention company in East Asia*CISA has added a critical Adobe ColdFusion vulnerability to its catalog of known exploits*New Threat Group YoroTrooper Carries Out Cyber Espionage Campaign Against CIS Government Organizations*Rubrik Suffers a Data Breach from GoAnywhere's Zero-Day Attack*SAP fixes five critical vulnerabilities in its security updates*Microsoft Patchday Security Advisory: March 2023*Euler Finance Lost $197 Million in Cryptocurrencies in a Flash Loan Attack*Dark Pink APT Group uses KamiKakaBot malware against government and military entities in Southeast Asia*Massive cyberattack hijacks East Asian websites to redirect victims to adult content*Threat actors using AI-generated YouTube videos to spread information-stealing malware*Researchers have discovered critical vulnerabilities in the Akuvox E11 video door phone*Unidentified attackers target government networks and exploit new FortiOS bug for zero-day attacks*Researchers have revealed a cross-site search vulnerability in the OpenSea NFT Marketplace*Researchers have found a new CASPER attack that leaks data from computers without air*German vehicle manufacturer BMW reveals customer data and company secrets*US office supply retailer Essendant suffers multi-day outage*Updated version of Prometei malware infects 10,000 systems worldwide*Clop Ransomware Gang Starts Blackmailing Victims of GoAnywhere Zero-Day Exploits*Researchers discovered BATLOADER malware that abused Google ads to deliver a secondary payload*New UNC2970 Threat Agent Targeting Security Researchers Using New Custom Malware Families*Researchers found new servers targeted by GoBruteforcer malware running phpMyAdmin, MySQL, FTP and Postgres* servicesCISA adds two vulnerabilities to its catalog of known exploits*The Brain Health Platform suffered a data breach that affected 3.18 million patients*Researchers found a new Android malware variant, Xenomorph, targeting over 500 banks*Threat actors exploiting vulnerabilities in remote desktop software to spread PlugX* malwareNew IceFire ransomware variant now actively targets Linux* systemsAttackers Target Oracle WebLogic Server With New ScrubCrypt* EncryptorA Chinese hacking campaign targets unpatched SonicWall SMA devices to install custom malware*AT&T carrier hack exposes 9 million customer records*Researchers have reported a Bitwarden autocomplete flaw that can be abused to steal credentials*Sharp Panda's new campaign targets Southeast Asian government agencies using Soul Malware*Veeam has patched a high-level vulnerability in Backup Services affecting its backup infrastructure*Fortinet has patched a critical RCE vulnerability affecting FortiOS and FortiProxy*SYS01stealer: A new attack on critical infrastructure companies with Facebook ads*Transparent Tribe hackers use Trojanized messaging apps to spread CapraRAT*Microsoft releases fix for Outlook login issues in Exchange environments*Acer Announces Data Breach After Selling 160GB Of Data On Hacker's Website*The Android March 2023 update fixes two critical code execution bugs*New HiatusRAT malware found targets DrayTek Vigor routers to steal data*Researcher discovered Blackfly APT Group targeting Asian companies*Experts discover a blind spot in Google Cloud Platform leading to data exfiltration attacks*New phishing campaign uses legacy Windows User Account Control bypass to drop malware*Researcher publishes proof of concept for critical Microsoft Word RCE vulnerability*Sandbox Blockchain Games staff account hacked to send malware-linked emails*Threat actors using malicious Microsoft OneNote attachments to infect Windows* systemsResearchers found new FiXS ATM malware targeting banks in Mexico*Tennessee State University and Southeast Louisiana Universities under attack*CISA and FBI warn of increase in real ransomware attacks*Researchers found thousands of compromised websites with stolen FTP credentials*Threat Actors Launch New Cryptojacking Campaign Targeting Misconfigured Redis Database Servers*Microsoft has patched MMIO information disclosure vulnerabilities in Intel* CPUsExperts discover an information stealer and an entire Trojan horse in a Python package on PyPI*Scammers target Trezor customers with fake data breach notifications*Aruba Networks has patched six critical severity vulnerabilities affecting ArubaOS* releasesIron Tiger attackers create a new Linux version of their custom malware SysUpdate*Cisco Addresses Critical RCE Vulnerability in Web UI for Multiple IP Phones*BlackLotus is the first UEFI boot kit malware to bypass Secure Boot defenses in Windows 11*Microsoft has addressed a global outage affecting its Exchange online mailboxes*Blind Eagle hackers target Colombian companies with spear phishing*Attackers using advanced hacking operation SCARLETEEL to infiltrate cloud services*Researchers have identified two security flaws in Trusted Platform Module (TPM) 2.0*US TV giant Dish Network confirms ransomware attack behind multi-day network outage*CISA Warnings Regarding Active Use of ZK Java Framework RCE Flaw*Attackers promote new Exfiltrator-22 post-exploit framework to spread ransomware*LastPass publishes additional data breach information in Password Vault December 2022*Investigators found a mysterious Nevada group targeting thousands of cloud servers*Attackers use LinkedIn URL shorteners to send Amazon Prime phishing emails*Two critical bugs in WordPress Houzez theme and plugin are actively exploited in the wild*The US Marshals Service suffered a data breach followed by a ransomware attack*Encino Energy, Ohio's largest oil producer, is the target of a cyberattack*ChromeLoader campaign now distributes malicious VHD files disguised as game programs*Cyberattacks target data center organizations to steal information*News Corp data breach statement reveals hackers have been on their network for 2 years*Third Party Partner of Electronics Retailer The Good Guy Suffers Data Breach*Attackers flood NPM repository with 15,000 malicious packages containing phishing links*Dish Network, American television giant, suffers a blackout*Stanford University Suffers a Data Breach Affecting 897 Graduate Students*Researchers found unknown threat actors targeting government agencies with PureCrypter* malwarePirated Final Cut Pro software targets macOS to mine cryptocurrency*Researchers uncover a cyber group using Lilith RAT and Atharvan Malware to target materials research industry*Dole, a fruit and vegetable company affected by a ransomware attack*Analysts Warn of Increase in Attacks Leveraging Zoho ManageEngine Products*Canada's second largest telecommunications company, TELUS, is investigating a possible data breach*Cisco fixes high-severity vulnerabilities in its application-facing infrastructure components*Attackers exploited the vulnerability in R1Soft Server Backup Manager to provide a backdoor*New S1deload Info-Stealer malware targets YouTube and Facebook* accountsTransportation and medical laboratories under attack by the new threat substance Hydrochasma*Hackers use fake ChatGPT apps to spread malware for Windows and Android*VMware fixed a critical injection bug in Carbon Black Application Control*CISA adds three new vulnerabilities to its catalog of known exploits*Security researchers publish proof-of-concept exploit for Fortinet's critical FortiNAC RCE flaw*Researchers discovered the MyloBot botnet that infects thousands of systems every day*Video game publisher Activision suffered a data breach*Pakistani SideCopy Threat Actor Targeting Indian Government Agencies Using ReverseRAT* BackdoorApple has updated its security advisories to add a new class of vulnerabilities*Researchers found a new feature-rich Stealc malware*HardBit 2.0 ransomware operators use victim's insurance details to set up ransom payment*Samsung adds a new security feature to guard against zero-click attacks*Indian ticketing platform RailYatri suffered a data breach affecting 31 million customers*The attacker targeted Coinbase employees in a smishing attackAttackers use a new version of the OxtaRAT backdoor to attack Armenian units*Researchers found a new WhiskerSpy backdoor implemented by a Trojan codec dropper*Threat actors exploiting vulnerabilities in Microsoft Exchange ProxyShell to deploy cryptocurrency miners*Experts found attackers using RambleOn malware to target South Korean journalists*Researchers found a new Mirai botnet variant targeting Linux and IoT devices*GoDaddy reports a multi-year security breach it suffered*Threat actors target Microsoft IIS servers with new Frebniis* malwareFortinet fixes two critical vulnerabilities in the FortiNAC and FortiWeb* productCISA alerts on Windows and iOS vulnerabilities exploited as zero days*Xavier University of Louisiana HBCU reported a data breach in November 2022*Researchers found an authenticated RCE vulnerability in the Arris* routerScandinavian Airlines suffered a cyberattack that exposed customer details*Burton Snowboards canceled online orders after a cyber attack*RedEyes APT Group uses new "M2RAT" malware to steal data from victims*Splunk fixes high-severity vulnerabilities in its enterprise solution update*New stealthy malware "Beep" focuses heavily on evading detection*Tonga Communications Corporation Suffers Ransomware Attack*Hyundai and Kia car thefts skyrocket due to TikTok Challenge*Hackers use new MortalKombat ransomware and Laplas ransomware targeting US victims*Community Health Systems Suffers Data Breach Affecting 1 Million Patients*Microsoft Exchange Server 2013 will reach End of Life in April 2023*Al-Toufan Hacking Group Targets Bahrain Airport News Websites And Websites*Microsoft Patchday Security Advisory: February 2023*Pepsi's Largest Bottler, US Bottler, Suffers Data Breach*Garrison Women's Health suffered a data breach affecting 4,000 patients*Apple has patched a new actively exploited zero-day vulnerability in WebKit*Cloudflare detects and mitigates the largest DDoS attack on record*Modified version of ESXiArgs ransomware blocks VMware host recovery*New DarkBit Ransomware Group Targets Technion*, Israel's Leading Research UniversityThreat actors hacked into Namecheap email account to send phishing emails*CISA Warns of North Korean Hackers Targeting Healthcare Organizations with Ransomware Attacks*CISA adds three more vulnerabilities to its catalog of known exploits*Several California medical groups suffered a ransomware attack*Researchers found malicious packages in PyPI and NPM* repositoriesReproduce attacks with ransomware claims on A10 networks*Clop Ransomware Gang claims to exploit GoAnywhere zero-day bugs*Microsoft announces discontinuation of Microsoft Support Diagnostic Tool (MSDT) and troubleshooters*Researchers have found multiple vulnerabilities in Industrial Wireless Internet of Things (IIoT) devices*NewsPenguin Threat Actor Targets Pakistani Companies in Phishing Campaign*Russian Hackers Use Fake Crypto Job Postings to Spread Enigma Malware*Reddit was hit by a hack that allowed hackers to steal the source code*Largest Canadian bookstore Indigo suffered cyber attack*Researchers have found Russian hackers using new Graphiron malware to attack Ukraine*Ross Memorial Hospital in Lindsay affected by cyberattack*Munster University of Technology (MTU) in Ireland suffers from a severe IT gap*Multiple document management systems found with unpatched vulnerabilities*Google released Chrome 110 that fixes 15 vulnerabilities*Pharmaceutical retailer AmerisourceBergen affected by a cyberattack*Researchers found a new Medusa botnet targeting Linux users*GuLoader malware targets e-commerce industry with malicious NSIS executable files*Developers Release Emergency Patch for Actively Exploited Zero-Day Bug in GoAnywhere MFTaaS*Researcher Reveals a Bug Discovered in Toyota's Global Supplier Management System (GSPIMS)*Google Chrome will no longer support Windows 7, 8, 8.1, Windows Server 2012 and 2012 R2 starting in February 2023*OpenSSL releases patch to fix high severity vulnerabilities*US third-party provider Cellular suffers data breach affecting its 52,000 customers*Researchers announced a high severity string vulnerability in F5 BIG-IP*India's largest truck broker FR8 discloses 140GB of information in data breach*TgToxic malware targets Android users in Southeast Asia*Hackers pose as Ukrainian Ministry officials to deploy malware*TruthFinder and Instant Checkmate report a data breach affecting 20 million consumers*A new wave of ransomware attacks on ESXi systems exploiting a vulnerability in VMware*Major Power and Internet Outages in Bermuda*A new banking Trojan for Android targets Brazilian financial institutions*A GoAnywhere MFT zero-day bug allows server hacking*Florida hospital shuts down its IT systems after cyberattack*Threat Actors Targeting Vulnerabilities in SugarCRM and Oracle E-Business Suite*Atlassian's Jira software has a critical authentication vulnerability*Iranian oil rig hackers use new backdoor to steal data from government agencies*Hackers use KoiVM virtualization technology to avoid detection when installing Formbook Data Stealer*North Korean hacking group Lazarus stole 100GB of data through the No Pineapple!* campaignFinancial Software Provider ION Group Suffers Ransomware Attack Global Markets Affected*Cisco has patched a high severity vulnerability in its IOx application*Car dealership Arnold Clark suffers data breach claimed by Play* ransomwareHackers have stolen the data of 240,000 Planet Ice Skating customers*Rogue Crypto Apps Infiltrate Apple App Store and Google Play Store*BlackCat ransomware gang claims attack on Solar Industries, a manufacturer of industrial explosives*Hackers used the Google Fi data breach to launch SIM swapping attacks*A phishing attack on the Latvian Ministry of Defense linked to the Russian hacker group*Guildford County School Suffers Cyber Attack Leading to Blackout*US telco status notice affected by third-party data breach*Indianapolis Housing Agency Suffers Ransomware Attack Affecting 212,910 People*Hackers announce new Golang-based malware via Telegram channel*Attackers stole GitHub Desktop encrypted code signing certificates for Mac and Atom apps*Developers are struggling with a new reported vulnerability in the KeePass software*QNAP fixes a critical vulnerability in its NAS devices*UK retailer JD Sports suffered a data breach affecting 10 million customers*A critical vulnerability in Lexmark printers affects more than 120 models*Researchers found Grootkit malware with new components and obfuscation techniques*ISC has patched several high severity DoS vulnerabilities in the DNS BIND software package*Researchers warn of several vulnerabilities in OpenEMR* healthcare softwareResearchers found attackers using portable USB storage devices to spread a new variant of PlugX malware*Several malicious apps were found in the Google Play Store with over 5 million downloads*Hackers use new SwiftSlicer Data Cleaner to infect Windows* operating systemCERT IN has published a high severity alert for users of Microsoft Edge*A major Microsoft 365 outage was caused by a WAN router IP address change*A hacker group called Sandworm attacked a Ukrainian news agency with five data drafts*A researcher found 75,000 WordPress sites still using a vulnerable version of the LearnPress plugin*Data breach against two healthcare organizations affected 400,000 people*BayCare Clinic suffers a data breach due to the tracking pixel used by a third party*Websites, administrations and organizations of the financial sector of the German airport suffer DDoS attack*New Mimic ransomware uses "all" Windows search tools to encrypt files*Federal Organizations CISA Violation Using Legitimate Remote Desktop Software*Phishing campaigns use new malware Python RAT to attack Windows*Threat actors exploit critical Realtek SDK flaw in millions of attacks*North Korean Hackers Actively Collect Credentials in Latest Cyberattacks*Zacks Investment Research security breach affects 820,000 clients*Researchers found threat actors abusing Google ads to spread malware*DragonSpark attack group uses Golang malware to evade detection*Several Microsoft services stop responding, including Teams, Outlook, and the Store: Stopping Microsoft Probes*Arm Mali GPU vulnerability leads to arbitrary kernel and root code execution on Pixel 6 phones*A vulnerability in the Diksha app exposed the personal information of millions of Indian teachers and students*Zendesk suffered a data breach after its employee was caught in a phishing attack*Security researchers have discovered two vulnerabilities in Samsung's Galaxy Store app for Android*Apple-backed security patches for zero-day vulnerabilities in older iPhone and iPad models*Nunavut Energy Company Qulliq Energy Corporation suffered cyberattack*Roaming Mantis adds a new DNS changer to its Android malware to hack WiFi routers*Ransomware attack on Costa Rica's Ministry of Public Works and Transportation (MOPT)*Riot Games development environment compromised through social engineering attacks*Drupal fixes information disclosure vulnerabilities*Chinese Hackers Use Fortinet Bug As Zero-Day Exploit To Drop Malware*Hackers actively use OneNote attachments to spread malware*Researchers are cracking down on massive ad fraud called "Vastflux"*Over 19,000 Retired Cisco Routers Vulnerable to RCE Attacks*Windows 10 Preview KB5019275 update contains 14 bug fixes*Critical Vulnerabilities Fixed OpenText Enterprise Content Management System*Gamaredon company uses Telegram to launch cyberattacks against Ukraine*Hackers can abuse GitHub's Codespaces functionality to host and distribute malware*Researchers discover a new banking Trojan hook with RAT* functionsFast Food Brand Operator Yum! Brands attacked by ransomware attacks*Researchers have discovered a critical RCE bug called EmojiDeploy in Microsoft Azure services*T-Mobile announced a data breach affecting 37 million pieces of customer personal information*Attackers hacked 34,942 PayPal user accounts in a credential stuffing attack*Cisco has announced fixes for a high severity SQL injection vulnerability in Unified CM and CM SME*Oracle fixes 327 vulnerabilities in its January 2023 critical patch update*The human resources management platform Myrocket.co has revealed personal data of millions of job seekers*CERT Coordination Center has revealed critical vulnerabilities in Netcomm and TP-Link* routersResearchers found the NjRAT Trojan distributed through the New Earth Bogle campaign*MailChimp suffers data breach after attackers obtained employee credentials*CISA warns of vulnerabilities in products from Siemens, GE Digital and Contec ICS*Researchers Warn of Critical RCE Vulnerability in Zoho ManageEngine Products*Nissan North America suffers a data breach due to a misconfigured third-party database*Microsoft Azure services were vulnerable to unauthorized access to cloud resources*Git fixes two critical vulnerabilities that allow hackers to execute arbitrary code*Threat actor "Lolip0p" uploaded three malicious packages to the PyPi platform*The ODIN Intelligence website has been defaced and breached*DNV ShipManager software suffers from ransomware attack affecting thousands of shipments*The Vice Society ransomware gang leaked confidential data from the University of Duisburg-Essen*Hackers Leak Sensitive San Francisco Transit Police Files Online*Researchers found Android TV Box with pre-installed malware*Cryptocurrency wallet provider MetaMask warns users of a new address poisoning scam*Most of Cacti's servers were found to be unpatched due to a critical vulnerability leading to attacks*Canada's largest liquor store website hacked to steal credit card information*Researchers discovered that the CircleCI security incident was caused by information-stealing malware*Hackers breached NortonLifeLocks* password manager accountsCybercriminals use Polyglot files to spread malware undetected*WordPress plugins along with PoCs have been found to be vulnerable to critical SQL injection bugs*Researchers have discovered that EyeSpy malware is distributed via Trojan-laden VPN droppers*Attackers Exploit Fixed FortiOS Zero-Day SSL VPN Vulnerability Against Government Networks*IcedID Malware Attack Compromised Active Directory Domain*Researchers found that hackers were actively exploiting a critical flaw in the web control panel*Cisco discovers three vulnerabilities in Asus router software *Researchers reveal SymStealer vulnerability in Google Chrome and Chromium*-based browsersAustralia Victoria fire brigade suffers alleged data breach by Vice Society Ransomware Gang*Gootkit Loader abuses VLC Media Player to infect Australian healthcare organizations*Google released Chrome 109 to fix 17 vulnerabilities*New dark pink advanced threat agent that deploys custom malware against government and military installations*Cisco warns of critical authentication bypass vulnerability in retired routers*Spread spider threat actors using vulnerable Intel drivers to evade detection*Royal Mail, the UK's leading postal delivery service, suffers severe service disruptions following a cyber-attack*CISA adds two more vulnerabilities to its catalog of known exploits*Security researchers found cryptographic vulnerabilities in messaging app Threema*Zoom fixes several bugs that Windows and macOS* users are discoveringLargest public school in Iowa school district Des Moines hit by cyberattack*StrongPity hackers targeted Android users with a Trojan version of the Telegram app*Found over 1,300 fake AnyDesk websites offering Vidar malware to steal information*Microsoft Patchday Security Advisory: January 2023*Auth0 project releases patch for RCE bugs in JsonWebToken library*Scammers abuse open redirect on UK DEFRA website to redirect visitors to fake dating sites*Hackers broke into Kubernetes clusters via PostgreSQL* database as part of a malware campaignCISA High Severity Vulnerability Alerts Affecting Hitachi Energy Products*Russian threat group Cold River targets three US nuclear research labs*Attackers distribute NetSupport malware disguised as a Pokémon deck to infect users*MedStar Mobile Healthcare Suffers Ransomware Attack Affecting 612,000 Customers*Threat actors use CAPTCHA bypass tactics on GitHub in hacking campaign*Hackers bypass firewall restrictions with CloudFlare tunnels*Air France and KLM suffer data breach; Multiple customer accounts hacked*Chick-fil-A fast food chain suffers data breach*Rackspace customer data accessed in ransomware attack*Microsoft releases temporary patch for ODBC* database connection issuesA new variant of Dridex malware that actively attacks Windows and macOS* systemsCircleCI launches security alert to warn users about cyberattacks*Bluebottle hackers attacked banks with signed Windows* driversCricketsocial.com Database Disclosure of Private Customer Information and Admin Credentials*Hackers accessed Slack's private GitHub code repositories with a stolen employee*Five Guys Burger Chain Suffers Data Breach Affecting Applicants*Researchers noted a sudden increase in Android SpyNote* malware infection ratesNew Linux malware compiled by SHC installs cryptominers and DDoS bots*Several bug updates have been released for Qualcomm and Lenovo ThinkPad chipsets*Zoho fixes a critical SQL injection vulnerability in its ManageEngine products*API errors in various car brands reveal personal information of the owner*Fortinet released patches for high severity vulnerabilities found in FortiADC and FortiTester*LockBit Ransomware Group alleges ransomware attack on Los Angeles Housing Authority*Royal Ransomware Group claims attack on Queensland University of Technology hit by data breach*Threat actors use stolen Colombian bank customer information as bait in phishing emails*Fixed Synology's critical vulnerability in VPN Plus* server softwarePyTorch administrators reveal a malicious dependency in PyTorch-nightly*Bristol Community College attacked by ransomware attack*A Telekom Malaysia company suffers from a data breach affecting over 250,000 customer accounts*Scripps Health agrees to pay $3.5 million to victims affected by the 2021 data breach*Jakks Pacific Toy Production servers suffer from ransomware attack, Hive and BackCat Group lose data*Royal Ransomware Group alega ciberataque en Iowa Public Broadcasting Network*LockBit ransomware gang claims cyberattack on Lisbon port in Portugal*CISA has issued a warning about vulnerabilities affecting TIBCO Software's JasperReports* productA Canadian mining company closes a factory after being attacked by ransomware*WordPress Sites Hit by New Linux Malware With 30 Plugin Exploits*Cert-In Warns Indian Users About LastPass Data Exploit And NetApp OnCommandInsight Vulnerability*Anonymous Twitter user posted 10,000 cryptocurrency trading platform API keys 3 commas*CISA warns of multiple vulnerabilities in Rockwell Automation controllers*Royal Ransomware Gang Takes Responsibility For Cyber Attack On Telco Intrado*NETGEAR resolves a high severity vulnerability affecting several models of its wireless routers*Hackers moved their original infection vector to malicious Excel companion files*Attackers abusing Google ads to spread Trojanized software products*Hive ransomware claims Louisiana hospital attack affected 270,000 patients*Citrix fixes Critical Severity vulnerabilities in its ADC and Gateway servers*Sargent and Lundy Energy Firm suffered a data breach affecting the personal data of 6,900 people*A hacker claims to have stolen data from 30 million Indian Railways users*New YouTube bot malware discovered stealing sensitive data*North Korean Lazarus APT Group Targets NFT Investors With Phishing Campaign*BlueNoroff threat actors have introduced new techniques to bypass Windows MotW* protectionResearchers found a password vulnerability in ZyXEL* indoor routersBTC.com suffers cyberattack and loses USD 3 million in cryptocurrencies*New GuLoader malware applying new anti-scan techniques to avoid detection*Hackers Targeted Cryptojacking Bitkeep Wallet Users, Siphoning $8 Million In Assets*Researchers warn of a critical Linux kernel vulnerability affecting ksmbd*-enabled SMB serversCincinnati State Technical Community College suffers a cybersecurity breach*Researchers discovered a serious flaw in Kyverno's container image signature verification engine*Researchers discover critical authentication bypass vulnerability in Ghost CMS*Microsoft has quietly fixed the cross-tenant network bypass bug in its Azure Container service*Researchers discover W4SP stealers in various PyPI packages with different names*Threat actors use new intelligence-stealing malware to infect software pirates*Hackers Actively Exploit WordPress Gift Card Plugin With 50,000 Installs*Researchers Warn Indian Authorities About Kavach 2FA Phishing Attacks*Widespread 2FA Bypass Attacks Affect Comcast Xfinity* AccountsLastPass suffers a data breach exposing customer vault data*FIN7 Hackers Use Automated Attack Platform to Crack Vulnerable Exchange Servers*A hacker leaked BetMGM customer details on the hacker forum*Researchers have discovered several serious flaws in the password management solution Passwordstate*Zerobot Botnet is added with new features and exploits new vulnerabilities*Researchers Discovered 'GodFather' Banking Trojan Targeting 400 Banks and Cryptocurrency Exchange Apps*Hackers Profit By Hacking JFK Airport Taxi Dispatch SystemHackers Target Telecom and Government Systems with Raspberry Robin Worm*Attackers broke into Okta Company's private GitHub repositories*Researchers found malicious packages containing data-stealing "W4SP" malware on the PyPi platform*Hackers attack Brazilian bank users with new Android trojan BrasDex*Security researchers suspect that the KMSdBot botnet offers attackers DDoS services for rent*Researchers found a new Microsoft Exchange exploit used by Play ransomware to hack servers*Phishing sites that distribute DarkTortilla* malwareResearchers found a rogue and malicious "SentinelOne" package in the PyPi repository*Meta Platforms shut down fake accounts operated by nearly 200 spyware vendors worldwide*The Play ransomware gang claims responsibility for a cyberattack on the hotel chain 'H-Hotels'*Microsoft has downgraded a Windows vulnerability to Critical Severity*The Department of Health reports data on 254,000 patients at risk*Colombian energy company EPM hit by BlackCat Ransomware attack*SevenRooms CRM platform suffers a data breach, exposing customer information*Samba releases security updates to address several high severity vulnerabilities*After being stopped by Google, the Glupteba malware is back*FBI warns of BEC attacks on food deliveries*CISA adds critical Veeam security and replication vulnerabilities to its catalog of known exploits*Microsoft warns that new Minecraft DDoS malware is infecting Windows, Linux and IoT devices*Researchers found a new MirrorStealer malware targeting Japanese politicians*Ukrainian government networks were attacked with Trojans using Windows 10* installersNew Phishing Campaign Uses Facebook Posts to Bypass Email Security*Hacker posted stolen Social Blade user data in data breach on hacker forum*Personal data of 5.7 million Gemini users leaked in a third-party data breach*FuboTV suffers a transmission interruption due to a cyber attack*TPG Telecom Australia suffers data breach affecting 15,000 customers*Ransomware hackers use Microsoft-signed drivers to gain access to systems*FBI Seizes 48 Online Booter or Stresser Platforms Used for DDoS Attacks*Unknown threat actors have uploaded 144,000 phishing packages to open source NuGet, NPM, and PyPi package repositories*Microsoft fixes LSASS memory leak bug affecting Windows* serversVMware releases patches for critical vulnerabilities in ESXi and vRealize*Microsoft Patchday Security Advisory: December 2022*Stalkware Xnspy app found to be stealing data from thousands of iPhone and Android devices*A new Python backdoor allows hackers to remotely access compromised VMware ESXi servers*India Ministry of Foreign Affairs Pravasi Rishta Global Portal Reveals Passport Information*Apple has patched a new zero-day vulnerability that is actively exploited in its security updates*LockBit Ransomware Gang alleges ransomware attack against California Department of Treasury*Hive Ransomware group claims attack on Knox College*Fortinet Releases Emergency Patch For Previously Exploited FortiOS SSL VPN Vulnerability*Information on nearly 360,000 people affected by the Ontario COVID-19 vaccine data leak*Cryptocurrency mining campaign infects Linux users with Go-based malware dubbed CHAOS*Uber suffers data breach after attack on its third-party provider*Iran-backed MuddyWater campaign abuses remote administration tool Syncro*Telstra, the Australian telecommunications company, apologizes for data breach that exposed the data of 130,000 customers*Air-gapped PCs are highly susceptible to data theft due to radiation from the power supply*Rackspace Issues Phishing Alert After Ransomware Incident*Cisco Warns Enterprises of High Severity Unpatched Bug Affecting IP Phone Firmware Worldwide*Researchers reveal a new attack method to bypass popular web application firewalls*An updated variant of TrueBot that takes advantage of the Netwrix Auditor bug and the Raspberry Robin worm*Researchers discover Drokbk, a new malware that uses GitHub as a deadlock resolution system*Iranian Hackers Target Diamond Industry With Elegant Data Wiping Malware*Formbook malware is distributed via a OneNote Document Trojan*Hive ransomware group targeted by French sports brand Intersport*CommonSpirit Health suffered a ransomware attack that exposed 623,000 patient data*Cisco announces a high severity vulnerability affecting its 7800 and 8800 series IP phones*New Zerobot Malware Exploits Over 21 Vulnerabilities in Zyxel Firewalls, F5 BIG-IP Firewalls, and D-Link Routers*Compromised WordPress plugins redirect website visitors to push notification scams*The attacker made over 6,000 attempts to hack the ICMR server*The Vice Society ransomware gang attacked more than 30 schools in 2022*Hackers broke into CloudSEK's Confluence server with stolen employee credentials*Attackers found a vulnerability in the SiriusXM platform to remotely unlock and start cars*Amnesty International Canada was allegedly the target of a cyber attack from Beijing*Researchers have discovered the largest dark web "in the box"*Antwerp's digital partner suffered a cyberattack that disrupted the city's digital services*VTB Bank, the second largest financial institution in Russia, suffers a massive DDoS attack*Hackers sell personal data of 150,000 patients at Sree Saran Medical Center in Tamil Nadu*The André Mignot University Hospital in France suffers a ransomware attack*A chain of three harmless Linux vulnerabilities could allow hackers to gain full root privileges*A vulnerability in IBM Cloud databases for PostgreSQL allows unauthorized access*Researchers found malicious Android apps with over two million downloads in the Google Play Store*New Zealand health insurer Accuro suffered a cyberattack that compromised the data of 34,000 customers*Group of North Korean hackers using new and fake crypto applications to break into networks and steal cryptocurrency*Google patches a ninth zero-day vulnerability in its Chrome browser update*Previously undocumented data wiper CryWiper masquerades as ransomware*Attackers target unpatched Redis servers to exclude new Redigo* backdoorsVarious platform certificates used by OEM Android device vendors to digitally sign malware*Colombian healthcare provider Keralty suffers a ransomware attack that disrupts its operations*Schoolyard Bully malware infected over 300,000 devices to harvest Facebook account credentials*New malware-as-a-service DuckLogs used by thousands of cybercriminals*Researchers have discovered that some NPM tools fail to detect security vulnerabilities*NVIDIA fixes critical GPU display driver vulnerabilities in Windows and Linux*North Korean attackers use new Dolphin gate to spy on South Korean targets*Google released Chrome 108 to fix serious memory vulnerabilities*Hackers broke into GoTo's development environment and cloud storage; Impact on your LastPass affiliate*Researchers found outdated OpenSSL used on devices from Dell, HP, and Lenovo*Hive ransomware claims responsibility for attacking Guilford College in North Carolina*Attackers Using Trigona Ransomware Increase Attacks Worldwide*Malicious Android app "Symoo" detected with 100,000 installs on Google Play Store*Lanner has patched over a dozen vulnerabilities in BMC firmware*Southampton County, Virginia, reported theft of people's personal information following a ransomware attack*Acer releases patches for high severity vulnerabilities that allow you to disable Secure Boot*Fraudsters used the FC Barcelona website domain for a third-party scam campaign*More than 5.4 million Twitter user records are freely available on a hacking forum*Researchers have discovered a critical remote code execution vulnerability in Windows Internet Key Exchange*Ransomware group targets Belgian community but attacks police*New ransomware attacks against Ukrainian organizations linked to the Russian group Sandworm*Google patches a zero-day vulnerability in its Chrome browser update*Vice Society Ransomware Group is responsible for the attack on Cincinnati State CollegeHackers Target Windows Gamers with Miners and Information Stealers via Fake MSI Afterburner*Researchers discovered a new stealthy variant of RansomExx ransomware developed using the Rust* programming languageHackers have injected spyware into new variants of the SoftVPN and OpenVPN Trojan software*Millions of Android devices require patches for ARM Mali* GPU vulnerabilitiesDucktail threat actors targeting Facebook business accounts via WhatsApp*Security researchers have revealed a cross-tenant vulnerability in the AWS AppSync* servicePro-Russian hackers claim responsibility for DDoS attack on European Parliament website*AIIMS Server in Delhi Suffers Cyber Attack Disrupting Patient Care*An issue with the Sophos and McAfee scan engines causes the Cisco Secure Email Gateway filter to be bypassed*Researchers found a sudden increase in WM-themed phishing emails*Sharkbot Banking Trojan Distributed Via Fake Android File Managers*Threat actors targeted discontinued Boa web servers to infiltrate powerful organizations*Over 1,500 Mobile Apps Lose Algolia API Keys*Google Chrome Data Stealer Extension "VenomSoftX" Used to Steal Cryptocurrency and Passwords*Researchers have found that cybercriminals are increasingly adopting Aurora Infostealer malware into their operations*Attackers trying to bypass 2FA of crypto exchange platforms via Team Viewer and fake support chat*Daixin Team hacker group claims to have stolen 5 million AirAsia passenger and staff data*DraftKings Clients Suffer Credential Stuffing Attack and Lose $300,000*New AXLocker ransomware group steals Discord accounts of infected users*Attackers use Google Ads to spread Royal* ransomwareNew variants of LodaRAT malware are deployed alongside other sophisticated malware*Hackers exploit Windows zero-day vulnerability to deploy QBot* malwareIndian Central Depository Services Limited announces that its network has been compromised by malware*More than 22,000 students targeted by credential phishing attacks impersonating Instagram*Critical Omron PLC vulnerability exploited by sophisticated malware targeting industrial control systems*Atlassian fixes critical vulnerabilities in Crowd Server and Bitbucket Server*Samba fixes vulnerability that leads to DoS attacks and remote code execution*Chinese hackers deliver custom malware to government organizations via Google Drive*The previously unknown ARCrypter ransomware is expanding its attacks around the world*Researchers discovered a new version of RapperBot malware targeting game servers*Investigators discovered a phishing kit posing as well-known brands to target US consumers*Attackers exploit a DLL hijacking bug in the Windows 10 Control Panel to infect systems*Disneyland Cybercrime Group uses Punycode to counterfeit popular bank brands.F5 fixes various vulnerabilities and security issues in its products*CISA revealed that the federal agency was hacked by Iranian hackers using the Log4Shell exploit*Pro-Russian Hackers Claim Responsibility For DDoS Attack On FBI Websites*Mozilla announced the release of Firefox 107 with high-impact vulnerability patches*Hundreds of Amazon RDS instances expose users' personal information*PCspooF vulnerability in TTE affecting network technology used in aircraft and spacecraft*State-sponsored Chinese hacker group that targets government and defense organizations in Asian countries*Security researchers revealed details of vulnerabilities in Zendesk Analytics Service*Spotify's backstage developer platform is vulnerable to a critical RCE bug*Researchers discover a new version of DTrack Backdoor aimed at European organizations*Researchers discover new malware KmsdBot that mines cryptocurrency and launches DDoS attacks*Malicious for-profit group "Fangxiao" uses 42,000 websites for brand identity fraud*Researchers have identified an information disclosure vulnerability in Aiphone* intercom productsRussian hackers infected Ukrainian organizations with new Somnia ransomware*New phishing campaign targets taxpayers in Spain to steal bank information*Cisco fixes 33 security vulnerabilities in its enterprise firewall products*Foxit fixes four code execution vulnerabilities in its PDF reader*A new blackmail scam threatens to leak confidential information from websites around the world*A 24 hour outage made Royal Mail tracking unavailable*Rise Up, a Canadian grocery retail giant affected by Black Basta Ransomware*New BadBazaar Android Spyware Linked to Chinese Cyberspies*Two malicious Android apps distributing the Xenomorph* banking Trojan have been detectedUS seizes 18 domains used to recruit money mules*New version of IceXLoader malware released by phishing emails*Workok Threat Group hides new data-stealing malware in PNG files*Spymax RAT Android Malware Targets Indian Armed Forces*Lenovo fixes high severity vulnerabilities that allow attackers to disable UEFI Secure Boot*New StrelaStealer data-stealing malware targets Outlook and Thunderbird* accountsIntel and AMD address multiple security vulnerabilities in their Tuesday updates*SAP has released patches for critical vulnerabilities in BusinessObjects and SAPUI5*Massive Google SEO Poisoning Campaign Hacks 15,000 Websites*LockBit 3.0 Ransomware spreads Amadey Bot malware via phishing emails*Cloud9 Chrome Botnet uses malicious extensions to remotely control victims' browsers*Citrix fixes a critical authentication bypass vulnerability in its ADC and Gateway products*VMware fixes three critical vulnerabilities in Workspace ONE Assist*Siemens and Schneider Electric fix multiple security vulnerabilities in their products*SocGholish Operators expands its malware preparation infrastructure for counter-defenders*Researchers found that Security Scanner URLScan accidentally exposes URLs and sensitive data*Cyberattack on PNORS technology leads to breach of Victorian schoolboy's medical records*The largest Canadian food company, Maple Leaf Foods, was exposed to a cyberattack*Robin Banks Phishing-as-a-Service (PhaaS) platform is back to steal bank accounts*Hackers use Microsoft Dynamic 365 voice of customer for phishing attack*CISA warns of critical vulnerabilities in three ICS* softwareApple releases Xcode update to fix Git* vulnerabilitiesVerified Twitter users point to a new phishing attack*New Crimson Kingsnake Group Poses as Law Firm in BEC Attacks Against Commercial Email Compromise*Indian government officials are the target of a new malware campaign*Users around the world are having trouble accessing Twitter*RomCom RAT malware distributed via websites mimics SolarWinds NPM, KeePass, Veeam Software*LockBit ransomware gang claims cyberattack on German manufacturer Continental*Cisco has patched high-severity vulnerabilities in email, identity, and web security products*The ALMA radio telescope suffers a cyberattack that forces it to shut down all its operations*Splunk fixes 9 major vulnerabilities in its enterprise product*Fortinet has patched 6 high-severity vulnerabilities across its various products*Researchers have discovered multiple vulnerabilities in Checkmk's IT infrastructure monitoring software*Threat actor distributing malware to hundreds of US news sites*Malicious PyPI packets found to drop "W4SP" information-stealing malware *The infamous Emotet malware has resumed operations after a five-month hiatus*Vodafone Italy has announced a data breach after its retailer FourB suffered a cyberattack*Hacker steals 130 GitHub repos from Dropbox in data breach*Malicious VPN app infects Android users with SandStrike* spywareMalicious Android apps downloaded over a million times and detected in the Google Play Store*OpenSSL releases patches to fix two serious vulnerabilities in the open source library*Microsoft has patched a critical RCE vulnerability found in Azure Cosmos DB Jupyter notebooks*Air New Zealand hack compromises multiple user accounts*Threat actors abusing antivirus software to spread LODEINFO malware targeting Japanese organizations*Australian defense company suffers ransomware attack*Researchers have discovered a vulnerability in the Galaxy Store app for Samsung*Label Printing Giant Multi-Color Corporation confirms data breach*Bed Bath & Beyond Inc suffers a data breach*US bank exposes data breach affecting 11,000 customers*Veja Tickets suffers a major card data breach that lasts 2.5 years*Michigan Medicine suffered a data breach affecting 33,000 patients*ConnectWise fixes RCE bug that left thousands of servers vulnerable to attack*Twilio, a cloud communications company, announces another data breach*Google patches the seventh zero-day vulnerability in its Chrome browser*Cyberattack on Aurubis forces shutdown of IT systems*Researchers discover Android Malware Dropper on Google Play with 130,000 installations*(Video) Independent Living Systems Healthcare Suffers Data Breach | 4M Users Data Exposed | CTI ReportThreat actors using Clop ransomware to encrypt devices previously infected with the Raspberry Robin worm*The latest Fodcha ransomware botnet has appeared*Drinik Android malware masquerades as an official tax administration tool, targeting users from 18 Indian banks*Australian Clinical Labs has announced a data breach after months of data leaks*Microsoft fixed sync issue in vulnerable drivers blacklist*Medibank confirms that hackers accessed customer personal information during a ransomware attack*New version of FurBall Android malware to spy on Iranian citizens*Aurora Health (AAH) Lawyer Suffers a Data Breach That Exposed the Data of 3 Million Patients*Ursnif malware goes from stealing bank accounts to accessing computers*Hackers Exploit Microsoft Azure SFX Vulnerability to Hijack Service Fabric* ClustersApache has fixed the RCE vulnerability in its Commons* open source text libraryWordPress patched 16 vulnerabilities with security update 6.0.3*Researchers have discovered a previously undetected PowerShell backdoor that infected more than 60 users*Microsoft suffers a data breach due to a misconfigured server exposing customer information online*Cobalt Strike Releases Out-of-Band Security Update for Critical RCE Vulnerability*DiceyF attackers use GamePlayerFramework in attacks on Asian casinos*Hong Kong government agency network targeted by hackers in year-long campaign*Ransom Cartel Ransomware has similar features to Notorious REvil Ransomware*Black Basta Ransomware Gang Empregando Qakbot para eliminar Brute Ratel C4 Framework*MyDeal suffers from a data breach in which 2.2 million personal customer details were stolen*Australia's largest health insurer, Medibank, suffers ransomware attack*A zero-day vulnerability in Windows Mark of the Web gets a free unofficial patch*End of Life of 45,000+ VMware ESXi Servers*Venus ransomware encrypts Windows devices through publicly accessible remote desktop services*New PHP version of Ducktail malware targets business Facebook accounts*Zimbra zero-day vulnerability used to compromise more than 900 servers*Microsoft researchers discovered a new prestigious ransomware targeting organizations in Ukraine and Poland*Colombian government suffers data breach exposing undercover Australian police officers*Tata Power, the largest electricity company in India, affected by a cyber attack*Microsoft Office 365 may disclose message content due to vulnerable email encryption mode*Hackers Distribute Copybara Android Banking Malware Using TOAD Tactics*Magniber Ransomware targets Windows users via fake antivirus and security updates*A critical flaw in Siemens SIMATIC PLCs allows hackers to steal cryptographic keys*Cloudflare Mitigates Largest DDoS Attack on Minecraft* Gaming Platform ServerWindows, macOS and Linux systems targeted by the new Alchemist Attack Framework*Scammers misuse Google Forms in new Covid-19-themed phishing campaignUnofficial WhatsApp application "YoWhatsApp" steals user account*Hackers create font clone packs to trick developers into attacking the supply chain*Aruba fixed critical authentication bypass and RCE errors in its EdgeConnect Enterprise Orchestrator*POLONIUM Threat Group Uses Creepy Malware in Cyber Espionage Against Israeli Organizations*Microsoft Exchange servers targeted to remove Lockbit ransomware*Researchers warn of a critical RCE vulnerability in the VM2* sandbox libraryAdobe fixes critical bugs in ColdFusion, Adobe Commerce and other products*Microsoft Patch Tuesday Security Advisory: Late 2022*Caffeine, a phishing platform as a service, makes it easy to launch phishing attacks*Researchers discover new Emotet* delivery and evasion techniquesToyota Passkey falsely disclosed on GitHub and customer details exposed*Pro-Russian Hackers Take Down US Airport Websites With Large-Scale DDoS Attacks*Android security updates for October patches Critical vulnerabilities*Hackers Target Solana Cryptocurrency Holders Through Fake Ghost Security UpdateDark Web Carding Market BidenCash publishes details of 1.2 million stolen credit cards*Intel Alder Lake* UEFI Firmware Source Code LeakedCallback scammers amplify their social engineering techniques*Taiwanese chipmaker 'ADATA' dismisses recent RansomHouse data breach claims*Fortinet fixes critical authentication bypass bug in FortiGate firewalls and FortiProxy* web proxiesThreat actors actively exploiting a zero-day RCE vulnerability in Zimbra Collaboration Suite*Eternity Hackers Group offers new LilithBot Malware-as-a-Service through Telegram Channel*Details of newly patched macOS* Archive Utility VulnerabilityTelstra's third-party platform suffers a breach exposing its employees' information*A new bug in Linux kernel 5.19.12 that crashes the screens of Intel* laptopsHackers break into the City of Tucson's network and steal information from more than 125,000 people*Researchers discover a new "Maggie" backdoor targeting multiple Microsoft SQL* serversConsumer bank Chase Bank suffers outage affecting UK customers*Trojanized Comm100 live chat app to spread malware in supply chain attacks*US Alert: Hackers use new custom malware to steal data from US defense organization*Hackers inject malicious JavaScript into scammers' crypto websites to steal crypto funds*Popular Chinese-language YouTube channel distributing malicious Tor browser installer*A high severity vulnerability in the Packagist PHP repository could lead to a supply chain attack*Cheerscrypt, a Linux-based ransomware associated with Chinese hackers*Researchers warn that Microsoft Exchange zero-day mitigation can be bypassed for on-premises servers*Hackers trying to exploit exploits use Microsoft Exchange ProxyNotShell, not GitHub*BlackCat added NJVC to its data leak site*Threat actors abusing web browser application mode to create desktop phishing pages*After Data Breach, "DNS" Retail Chain Confirms Data Breach*CISA adds critical vulnerabilities in Bitbucket Server and Microsoft Exchange to the Known Exploited Vulnerability (KEV) catalog*Hackers exploit vulnerable WordPress sites to inject SolarMarker* malwareAn unidentified attacker has hacked into Shangri-La Hotel Group's customer database*Investigators uncovered several fake LinkedIn profiles for CISOs from large organizations*Cisco has patched several high severity vulnerabilities in its network software*Lazarus attackers use new BYOVD technique in cyber attacks*Scammers launch cobalt attack flares through fake US government job ads*Microsoft confirms that new zero-day bugs in Exchange are being exploited wildly*Microsoft Spots Lazarus Hackers Using Open Source Software*Indian government platform in Swachh city suffers data breach*Researchers have discovered new zero-day vulnerabilities in Microsoft Exchange that are being actively exploited for attacks*Hackers Use New Malware to Defraud VMware ESXi Servers*Hackers exploit vulnerabilities in Ethernet VLAN stacking to launch DoS and MiTM* attacksInvestigators Uncover New Covert Attack Campaign Targeting Military Companies*World's Leading Business Media Brand Fast Company Under Attack by Attackers*New Chaos malware launches DDoS attacks on Windows and Linux* devicesThe Internal Revenue Service has warned Americans about the huge increase in smishing attacks*Cybercriminals distribute macOS malware through lucrative job offers posing as Crypto.com*Optus suffers a data breach resulting in the publication of 10,200 customer records*NullMixer malware distributed via malicious websites posing as cracked software*Hackers spread Graphite malware using a new code execution technique*New information-stealing malware, Erbium, targets popular video games with fake cracks and cheats*Tibetan companies attacked by Chinese hackers with new LOWZERO* backdoorWhatsApp fixed 2 major zero-day bugs affecting iOS and Android versions*Researchers found the "Scylla" ad fraud campaign on the Google Play Store and Apple Store*Attack on Universities, Telecom Companies and ISPs Discovered by Researchers*Android users attacked by malware that steals information about bogus rewards apps for Indian banks*Several npm packages released by crypto exchanges were compromised*Microsoft Endpoint Configuration Manager phishing vulnerability fixed by Microsoft*Microsoft SQL Server targeted by new TargetCompany* ransomware attacksA new RCE firewall bug exploited by attackers in Sophos Firewall; Repair available*A global blackout affects YouTube live broadcasts*GitHub users target a new phishing campaign*Threat actors actively exploiting critical Magento vulnerabilities*Threat actor hacked into Microsoft Exchange servers to implement a phishing campaign*CISA adds a critical RCE bug in ManageEngine to its catalog of known exploited vulnerabilities*Threat actors use LinkedIn smart links to avoid detection in a phishing campaign*More than 39,000 unauthenticated Redis servers are exposed to the Internet*CISA Warns of Several Vulnerabilities Discovered in Dataprobe Power Distribution Units*15-year-old Python vulnerability affects more than 350,000 open source repositories*Oracle fixed a critical vulnerability in its cloud infrastructure*Hackers steal $162 million in digital assets from cryptocurrency trading firm Wintermute*Attackers broke into the 2K gaming support platform to infect gamers with malware*Security company Imperva stopped a long-running DDoS attack with 25.3 billion requests*Hive ransomware claimed responsibility for the attack on the New York Racing Association*Attack on fintech Revolut reveals data of 50,000 users*Microsoft and VMware Alert on Chromeloader* Malware CampaignUS government agencies targeted by sophisticated lures in phishing attacks*American Airlines suffered a data breach that exposed employee and customer information*Uber Sues Contractors For Non-Compliance, Claims Threat Group Lapsus$ Was Behind Cyberattack*LastPass development systems were accessed for four days in a data breach*A hacker claims to have stolen the source code and assets of GTA 5 and 6*Security researchers have discovered new attacks by the notorious hacker group TeamTNT*North Korean attackers targeted media companies with the malicious putty ssh client*BlackCat and Quantum ransomware groups use Emotet malware to deliver payloads*A ransomware attack causes a data breach at the New York Ambulance Service*A hacker is selling the personal information of 219,000 Starbucks customers in Singapore*Organizations must patch Stuxnet vulnerabilities, says CISA*Uber's internal systems were breached, revealing vulnerability reports*Threat actors spread a new malware package via YouTube*Akamai mitigates another record DDoS attack in Europe*Hive ransomware takes responsibility for attack on Bell Tech Solutions*Phishing campaign targeting Greek taxpayers to steal victims' passwords*Scammers use Queen's Death to steal users' Microsoft credentials in phishing attacks*Lenovo has fixed several BIOS vulnerabilities in the September 2022 security updates*FBI Warns of Hackers Targeting Healthcare Payment Processors*Hackers target nuclear and genomics researchers through multi-person phishing techniques*Hackers Compromise Software Vendor Magento in Supply Chain Attack*Cyber espionage attacks on Asian governments and organizations*WPGateway Zero-Day Vulnerability Actively Exploited in the Wild*Actively Exploited Apex One RCE Vulnerability, Warns Trend Micro*Microsoft Patchday Security Advisory: September 2022*Lorenz Ransomware Gang Exploits Vulnerability in Mitel MiVoice VOIP* DeviceGhostSec hacktivist gang claims responsibility for compromising 55 PLC Berghof in Israel*Researchers Discover New “Zanubis” Android Banking Trojan Targeting Peruvian Banks*Steam Community Accounts Get Hacked by New Browser-in-Browser Attacks*Apple has patched the actively exploited zero-day vulnerability in its security updates*US Rental Company U-Haul Confirms Data Breach, Customer's Driver's License Information Revealed*Ransomware developers use a new encryption technique to evade detection*See Also[SOLVED] 60 points: Choose two traffic trackers and...A fast and efficient way to monitor and troubleshoot SQL Server performanceThe Experience Watchtower: The 22 Best Tools for Digital Experience Monitoring - ObkioPonad 10 najlepszych narzędzi i systemów monitorowania serwerów Ubuntu [przegląd 2023] – SematextSix major HP firmware vulnerabilities fixed in over a year*Administrators Urged to Patch High Severity Vulnerability in ConnectWise Automate Tool*Lantern malware abuses WeTransfer file-sharing service for phishing attacks*Albania suffers another cyberattack attributed to Iran*5 Million Zero-Day Attacks Blocked in BackupBuddy WordPress Plugin*Bumblebee malware now uses a new stealth infection technique*New GIFShell attack technique to create a reverse shell with Microsoft Teams GIFs*North Korean group APT Lazarus targets US energy sector*Iranian threat group DEV-0270 abuses BitLocker functionality to encrypt Windows* systemsAgency of the General Staff of the Portuguese Armed Forces suffers cyber attack*Threat actors found after initial compromise with PowerShell Empire*New Moisha ransomware actively targets multiple organizations*Attackers Hack 200,000 The North Face Accounts in Credential Stuffing Attack*APT42 threat group distributing custom Android spyware via SMS phishing campaigns*Cisco refuses to patch zero-day vulnerability in EoL routers*HP fixes a fatal error in its Support Assistant tool*New Shikitega Linux malware avoids detection with multi-stage deployment*Ransomware Attack Hits Second Largest US School District Unified Los Angeles*Mirai Variant Moobot Botnet Targets Vulnerable D-Link Routers*InterContinental Hotels Group affected by a cyber attack that disrupts IT systems*Zyxel has patched a new critical RCE vulnerability in NAS firmware security updates*Ransomware attacks abuse Genshin Impact Game's anti-cheat driver to kill antivirus*EvilProxy phishing toolkit allows hackers to steal authentication tokens to bypass MFA*TikTok denies security breach claims and says leaked data has nothing to do with it*QNAP Fixes Photo Station Zero-Day Vulnerability Exploited in Ransomware Attacks* DeadboltItaly's energy sector affected by BlackCat Ransomware Group*NFL San Francisco 49ers acknowledge data breach; Information stolen from 20,000 people*French clothing store Damart attacked by Hive ransomware; $2 million ransom demanded*SharkBot malware strikes back to steal credentials*Threat actors stole victim data using Prynt Stealer Backdoor*The IRS accidentally leaked personal information of 120,000 taxpayers*Google Chrome emergency update fixes a new zero-day vulnerability*Samsung suffers a data breach; Personal data of leaked users*Chilean government agency hit by new ransomware attack*New Instagram Phishing Campaign Targets Thousands of Accounts With Blue Badge Offer*More than 1,000 iOS apps detected with AWS credential leaks*Famous social networking platform Twitter suffers outage, thousands of users reported connection problems*Ragnar Locker ransomware gang claims cyberattack against airline TAP Air Portugal*Malicious Google Chrome browser extensions downloaded by 1.4 million users*A vulnerability in the Android app TikTok allows hackers to hijack accounts*A new bug in Google Chrome allows websites to write to the clipboard without user consent*Apple has patched an iOS zero-day vulnerability that is actively exploited in older iPhone models*Microsoft Azure outage takes Ubuntu virtual machines offline worldwide*Russian streaming platform START announces a data breach*Threat actors hide malware in images from the James Webb telescope*Chinese threat actors are actively targeting the Australian government via ScanBox malware*New Golang-based 'Agenda' ransomware targeting educational and healthcare institutions*Vodafone Idea denies data breach and reveals call details of 20 million customers*Baker & Taylor, the largest provider of library solutions affected by ransomware attacks*2.5M US Student Loan Account Details Exposed in Nelnet Data Breach*Akasa Air data breach exposes passengers' personal information*Russian attackers use new malware to hijack ADFS*Iranian Hackers Use Log4j 2 Vulnerabilities to Attack Israeli Companies*CISA has added 10 new actively exploited vulnerabilities to its catalog*Threat actors extracted LastPass source code using a compromised developer account*DoorDash service reveals new data breach related to Twilio hack*Threat actors use fake Cthulhu World P2E project to distribute data-stealing malware*A critical RCE vulnerability discovered in Atlassian Bitbucket Server*India database leak reveals bank and federal police details*Researchers found that more than 130 entities were affected by the Okta* phishing attackCanadian manufacturer Bombardier Recreational Products (BRP) suffers a cyberattack*Phishing campaign targets PyPI maintainers and leads to hijacking of PyPI packages*Cisco is patching two high-severity vulnerabilities affecting its Nexus* Enterprise Series switchesMozilla fixes various vulnerabilities in Firefox and Thunderbird* productsNew SPS Malicious Attack Weaponizes SPS for Hacking Enterprise and OT Networks*Researchers found a new BEC campaign that uses the MITM attack to monitor Microsoft 365 accounts*Plex warns users to reset passwords after detecting a data breach*IBM fixes high severity vulnerabilities in its MQ* messaging middlewareDominican Republic government agency suffers Quantum* ransomware attackResearchers reveal 8-year-old DirtyCred vulnerability in Linux kernel*Google researchers have identified Iranian hackers using a new tool to steal victims' email data*A hospital affected by a ransomware attack in France demands a ransom of 10 million dollars*Attackers targeted hotels and travel companies with phishing campaigns*Greek natural gas operator DESFA suffers a cyberattack*GitLab fixes a critical RCE vulnerability affecting its Community and Enterprise edition*Researchers find RTLS systems vulnerable to MiTM attacks and location manipulation*Scammers used a compromised PayPal account to send phishing invoices to PayPal users*Novant Health Privacy Breach Disclosed; Affects 1.3 million patient records*Researchers discover new "Escanor" malware weaponized in Microsoft Office documents and Adobe PDF*Grandoreiro detected banking malware targeting employees of Spanish and Mexican manufacturers*CISA warned of a critical SAP vulnerability being exploited in the wild*Researchers discovered 241 NPM and Python packages that Cryptominer dropped on Linux* systemsAttackers infect vulnerable WordPress sites to distribute RAT and Trojan malware*FBI Alert: Attackers Use Proxy and Configurations in Credential Stuffing Attacks*Attackers compromised full-byte Bitcoin ATM servers with a zero-day bug*Chinese group APT41 will target 13 companies worldwide in 2021*Amazon fixes a critical bug in its Ring app*Cozy Bear attackers actively target Microsoft 365 users*Researchers describe elusive DarkTortilla Crypter used to spread malware*Threat actors using the Bumblebee Malware Loader to compromise Active Directory*Cisco Patches High Severity Vulnerability in Secure Web Appliance*Google blocked the largest HTTPS DDoS attack in history*A new MailChimp data breach exposes the email addresses of DigitalOcean customers*North Korean attackers infect candidates with macOS* malwareMalicious browser extensions downloaded by over 7 million people since 2020*Google released a security update to fix a zero-day bug in Chrome browser*Apple fixes two actively exploited vulnerabilities in security updates for iPhone, iPad, and macOS*Clop ransomware gang damages UK water company, but wrongly attributes victims*BharatPay suffers a data breach, exposing personal information and transaction data of 37,000 online users*Hacker loots 20,000 items worth $6 million from CS:GO* trading siteResearchers discovered AEPIC leaks and SQUIP bugs in Intel and AMD processors*Twilio data breach exposed the phone numbers of 1,900 Signal users*Behavioral Health Group Notifies Clients of Data Breach Affecting 198,000 Patients*Malicious PyPi packages targeting Counter-Strike servers with DDOS attacks*Judiciary of Córdoba suffers ransomware attack by Play*Security researchers have discovered a vulnerability in UEFI bootloaders signed by Microsoft*New SOVA malware variant now encrypts Android files*Realtek eCos SDK vulnerability exposes multiple routers to remote attacks*CISA and FBI Alerts on Zeppelin* Ransomware AttacksVLC Media Player Banned in India, Banned Website and Download Link*A malicious MiMi chat application launches a new rshell backdoor on Mac and Linux systems*Researchers have discovered vulnerabilities in Xiaomi smartphones with MediaTek chips*Scammers abusing Google and Microsoft Azure web app websites to steal cryptocurrency wallets*Zimbra Authentication Bypass Vulnerability Actively Exploited to Break Over 1000+ Mail Servers*Security researchers identify critical flaws in Device42's IT asset management platform*Threat actor deploys new RAT malware in Cuba ransomware operation*Cisco confirms that Yanluowang Ransomware Group hacked its network in May 2022*Cybersecurity firm discovers vulnerabilities in Indian insurance policy bazaar*Cisco fixed a vulnerability that allowed RSA private keys to be stolen on ASA and FTD devices*Service Outage Linked Microsoft to Cisco Meraki Firewall IDR False Positive Alert*Palo Alto Networks has patched a vulnerability discovered in the PAN-OS* firewall configurationIBM patches multiple vulnerabilities in cloud, voice and other security products*CheckPoint researchers discovered 10 malicious Python packages that steal developer credentials*CISA Warns Administrators About UnRAR and Windows Vulnerabilities Exploited in the Wild*Cloudflare is also affected by the threat actors responsible for the Twilio data leaks*New "Dracarys" Android Spyware Is Distributed Via Fake Signal Messaging App*Microsoft Patchday Security Advisory: August 2022*Chinese attackers used new malware to sneak behind the doors of government and defense organizations*Cloud communications company Twilio announces data breach*New Orchard Botnet used Bitcoin founder's account information to create malicious domains*Email marketing company Klaviyo suffers data breach*A cyber attack forces the multinational retailer 7-Eleven to close all its stores in Denmark*Threat actors abuse Hostinger's domain preview feature in phishing attacks*F5 fixes 21 vulnerabilities in its quarterly security updates*North Korean attackers are posing as the world's largest cryptocurrency company, Coinbase, to target the fintech industry*Hackers abuse Snapchat and American Express websites in phishing attacks*New "GwisinLocker" ransomware encrypts vulnerable ESXi servers*Slack resets user passwords after bug reveals encrypted passwords*Akamai reports largest DDoS attack in history with 659.6 million packets per second*Cyberattack on UK managed service provider causes NHS disruption*A zero-day bug exposes 5.4 million Twitter accounts*The Association of German Chambers of Industry and Commerce (DIHK) affected by a cyber attack*More than 280 million sensitive data of Indian citizens exposed online*CISA urges users to patch vulnerable Zimbra email suites*First Choice Community Health Care affected by a data breach*New phishing campaign targets Microsoft email services to launch BEC* attacksResearchers discovered a critical vulnerability affecting 29 models of DrayTek Vigor* routersFixed vulnerability in WordPress Download Manager plugin hosted on 100,000+ websites*Researchers discovered a new "ParseThru" bug affecting Golang-based applications*NVIDIA fixed several security vulnerabilities in the GeForce security update*Google Patched Multiple Vulnerabilities in Chrome Browser Updates*Cisco fixes critical security vulnerabilities in its VPN routers*CERT-In identifies high severity vulnerabilities in Mac, iPhone, iPad, ChromeOS and Firefox* browsersAttackers stole Wiseasy employees' passwords to access nearly 140,000 Wiseasy payment terminals*VMware has patched a critical authentication bypass vulnerability that affects multiple products*Taiwanese websites suffer from DDoS attacks ahead of House Speaker Nancy Pelosis's visit*Google published its security bulletin for Android operating systems in August 2022*Semikron, the leading German semiconductor manufacturer, suffers a ransomware attack*GitHub's vulnerability actions workflow allows you to run commands*More than 3,200 apps are losing Twitter API keys that allow hackers to hijack users' Twitter accounts*Security researchers have discovered a random file deletion bug in Directory Traversal in CompleteFTP software*Cybersecurity Firm Halborn Warns of New MetaMask* Phishing CampaignMicrosoft reports Outlook errors when reading Uber receipt emails*European pipeline operator “Creos Luxembourg” affected by BlackCat* ransomware attackSubzero malware exploiting vulnerabilities in Windows and Adobe*North Korean threat actor uses malicious browser extensions to spy on email accounts*A security researcher discovered XSS bugs in Google Cloud, DevSite and Google Play*LockBit ransomware hackers abuse Windows Defender to upload Cobalt Strike*Investigators uncover a massive network of 11,000 fake investment sites targeting Europe*OneTouchPoint suffers a data breach that affects 30 health centers*Android adware apps are promoted by Facebook Ads*The Federal Communications Commission has warned Americans about the increase in smishing attacks*Malicious Android apps deliver banking malware to users' devices via the Google Play Store*.LibreOffice fixes various security vulnerabilities*Microsoft 365 is experiencing an outage impacting the North America admin center*Threat actors using hacked Microsoft SQL servers as proxy servers to steal bandwidth*Hackers steal payment card information from Discord users with malicious npm packages*Cloud services shut down by a Kansas MSP to prevent cyberattacks*Hackers exploit vulnerabilities in Nuki Smart Lock to open ports*New "Robin Banks" phishing service targeting clients of financial organizations*Threat Agents Hacking Microsoft Exchange Servers Using IIS* BackdoorsNew "Ducktail" Phishing Campaign for LinkedIn Experts*Hackers use malware and adware to infect 28 apps from the Google Play Store*Threat Actors Hack Blockchain Music Platform "Audius"; $6 million stolen*Hackers using WebAssembly-encoded cryptominers to evade detection*New version of Amadey malware distributed through software cracks in SmokeLoader* campaignHackers use GoMet backdoor to attack Ukrainian software company*FileWave MDM vulnerabilities expose 1,000 organizations to remote attacks*Researchers found CosmicStrand UEFI malware on Gigabyte and ASUS* motherboardsA zero-day vulnerability in PrestaShop is actively exploited to steal customer payment information*Policybazaar confirms a network breach in its IT systems*Critical bug fixed by Atlassian allows hackers to log into unpatched Confluence and Data Center servers*Attackers use DLL sideloading technique to drop QBot malware onto user systems*Zyxel releases security patches to address vulnerabilities in its firewall products*Scammers Target Punjab State Power Corporation Limited (PSPCL) Consumers in New Online Scam*An 'evil' threat actor claimed to have stolen the account details of 5.4 million Twitter users*Russian attackers break into Ukrainian news outlet TAVR Media to spread fake news about President Volodymyr Zelenskyy*Konni RAT malware used by North Korean hackers to attack European nations*SonicWall Instantly Fixes Critical SQL Injection Vulnerability*Hackers target new Linux "Lightning Framework" malware to install backdoors and rootkits*Hackers exploited fatal Google Chrome bug to infect journalists*'8220 Gang' Crypto Mining Group Targets Vulnerabilities in Linux* and Cloud ApplicationsGoogle Rouge "YouTube" Ad Redirects Users to Windows Support Scam*Oracle fixes 349 new vulnerabilities in its July 2022 critical patch update*Apple has patched multiple vulnerabilities across all of its devices*A new CloudMensis spyware aimed at Apple macOS users*A new cryptocurrency scam tricks users with a fake offer from Nvidia*Russian SVR attackers use Google Drive cloud services to evade detection*Belgium claims Chinese threat groups are targets of its defense and interior ministries*Attackers steal 50,000 payment card details from 300 US restaurants in web cloning campaigns*Knauf, a giant German building materials manufacturer hit by Black Basta* ransomware attackFBI alerts on fraudulent cryptocurrency apps used to deceive US investors*Cleartrip, owned by Flipkart, suffers a data breach*Albanian government suffers massive cyberattack and is forced to shut down websites and online services*Windows Network File System vulnerability leads to arbitrary code execution*Notorious Pegasus spyware infected smartphones of pro-democracy activists in Thailand*Threat actors compromised popular NFT site Premint and stole nearly $375,000 worth of NFTs*Cyberattacked Israel Ministry of Health website blocked access to users from abroad*Microsoft 365 service outage affects Outlook and Exchange Online*Qakbot Trojan malware increased its infection rate with new techniques*Juniper fixes critical vulnerabilities in Junos OS and Contrail* network productsAttackers impersonating GitHub leak metadata to mask malicious GitHub repositories*Colorado Springs Utilities notified customers after detecting a data breach*Researchers discovered a new Netwrix Auditor bug that allows hackers to compromise the Active Directory environment*Researchers reveal terms of service after publication on Google Chrome WebGPU*Threat actors using Digium Phone software to actively exploit VoIP servers*Threat actors actively exploit vulnerability in modern WPBakery page builder plugins*Threat actors targeting industrial operators using Trojan malware and a password cracking ecosystem*Mantis Botnet DDoS Attacks Affect Hundreds of Cloudflare Users*Microsoft has attributed the Holy Ghost ransomware to North Korean attackers*Pakistani Hackers Target Indian Students in New Phishing Email Campaign*Hackers Target PayPal Users Using Phishing Kits Installed on Hacked WordPress Websites*Nation-state hacker groups target journalists in spying and malware campaigns*New Retbleed Speculative Execution Attacks Affect Intel and AMD* ProcessorsPopular social networking site Twitter suffers outage; Users blocked from posting tweets*SAP fixed several vulnerabilities in its Security Patch Day in July 2022*Lenovo fixes three UEFI firmware vulnerabilities affecting more than 70 product models*Bandai Namco confirmed the cyberattack and is investigating the data leak*Lithuanian energy company “Ignitis Group” hit by DDOS* attackResearchers discovered new Android malware "Autolycos" in the Google Play Store, downloaded 3 million times*Uniswap lost $8 million worth of Ethereum cryptocurrencies in a large-scale phishing attack*Microsoft has discovered an exploit code for the MacOS Sandbox* Escape vulnerabilityNew “Luna Moth” Data Extortion Group Harms Organizations Through Fake Subscription Renewals*Microsoft has uncovered an AiTM phishing campaign targeting over 10,000 businesses since 2021*Malaysian and Indonesian Hackers Launch Cyber War Against Indian Businesses Over Nupur Sharma's Controversial Comments*The New York City Department of Motor Vehicles (DMV) warned of landslide attacks*Siemens and Schneider Electric have fixed several bugs in their ICS* productsVMware Patches Eight Month High Severity Vulnerability in vCenter Server*CISA urges federal agencies to patch a new high-severity vulnerability in Windows*Adobe fixes critical vulnerabilities in its Acrobat, Reader and Photoshop* productsMicrosoft Patchday Security Advisory: July 2022*North Korean hackers stole $620 million from Axie Infinity in a spear phishing attack*India's Central Public Works Department (CPWD) Faces Cyber Attacks Targeting Its Offices*Scammers launched a phishing campaign targeting everyday Amazon Prime shoppers*Attackers use Azure virtual machines and GitHub shares for cloud-based cryptocurrency mining*An ongoing PWN vulnerability allows attackers to remotely start Honda vehicles*Hackers pose as cybersecurity companies to trick victims into installing malware*Attackers compromised Goa Water Resources Department (WRD) server and demanded cryptocurrency as ransom*New 0-mega ransomware gang targets organizations in dual ransomware attacks*A new phishing campaign that uses the Follina vulnerability to implement the Rozena backdoor*Hackers target Russian users using a malicious browser extension*Cisco fixes a critical vulnerability in its enterprise communications solutions*Fortinet has fixed multiple vulnerabilities in its various products*Mangatoon data leak revealed information on 23 million accounts*Microsoft fixed a bug that caused Office apps to crash when opened with cloud documents*Canadian communications company Rogers experiences a major outage affecting cellular service*New Stealthy OrBit malware collecting information from Linux* systemsHackers Send Fake Copyright Claim Emails to Deploy IcedID* Banking MalwareHackers can exploit online coding learning sites to launch remote cyberattacks*CuteBoi Threat Group Deploys 1,200+ Malicious NPM Packages in Large-Scale Crypto Mining Campaign*Checkmate ransomware attacks on QNAP NAS devices connected to the Internet*Hacker and ransomware groups move from Cobalt Strike to Brute Ratel Post-Exploitation Toolkit*Fierce APT Threat Group Keeps Targeting Bangladeshi Military Units*Federal authorities warned of Maui ransomware attacks on healthcare facilities*OpenSSL fixes a high severity vulnerability in the cryptographic library*Huge US IT service provider "SHI" hit by potential malware attack*Marriott hotels suffer from a data breach that exposed 20 GB of guest data*A US professional finance firm experiences a data breach affecting the patients of 650 healthcare professionals*Microsoft is quietly patching Windows ShadowCoerce* NTLM Relay VulnerabilityThe NPM supply chain attack used the typosquatting technique to launch the supply chain attack*New RedAlert ransomware ring targets Windows and Linux VMware ESXi* serversBritish Army YouTube and Twitter account hacked to promote cryptocurrency scams*Google fixes a new actively exploited zero-day vulnerability in Chrome*Django fixes a high severity SQL injection vulnerability in its new version*Hackers sell stolen data of 1 billion Chinese for bitcoins*Jenkins has discovered several zero-day vulnerabilities in its various plugins*Multiple Brocade SANnav Storage Area Network (SAN) Faults Affecting Multiple Large Drives*Evilnum APT Group returns with updated TTPs aimed at Fintech companies*Microsoft warns that the Raspberry Robin worm is infecting hundreds of Windows networks via infected USB drives*A cyberattack on Geographical Solutions Inc. (GSI) shut down US unemployment benefits*Hackers sent fake ban notifications to verified Twitter accounts*Google warns users about the theft of photos, audio logs and call logs by the Slice Payments app*RCE Vulnerability Discovered in Zoho Manage Engine AD Audit Plus Bug*Information-stealing XFiles malware now exploits Follina* cyberattack vulnerabilityToll fraud malware targets Android devices by automatically subscribing to premium services*NFT giant OpenSea reports data breach and warns users of phishing attacks*Macmillan Publishers Suffers Ransomware Attack; Forced network shutdown*Norwegian government websites suffer multiple DDoS attacks*Attackers stealthily deploy new malware to penetrate Microsoft Exchange servers around the world through backdoors*A new information stealer "YTStealer" targets YouTube content creators to steal authentication tokens*MITRE has published the list of the 25 most dangerous software errors of 2022*Walmart previene el ransomware Yanluowang*CISA urged administrators to patch high-level Linux PwnKit vulnerability*Microsoft patches Azure FabricScape vulnerability that allows hackers to hijack vulnerable Linux clusters*Amazon fixes a serious vulnerability in its Android Photos app*A notorious raccoon-stealing malware is back with new malicious abilities*Researchers found over 900,000 Internet-exposed Kubernetes instances vulnerable to data-exposed cyberattacks*Hackers reused the same compromised Zola website account credentials to gain access to user accounts*Threat actors install new "ZuoRAT" malware on unpatched SOHO routers*The cumulative update released by Microsoft for Windows 10 KB5014666 contains various bug fixes and new printing features*AMD, the famous American semiconductor company, investigates the allegations of data theft from RansomHouse*Unidentified attacker installed credit card readers in West Bank ATMs*The new banking malware for Android "Revive" masks the BBVA Bank's 2FA application*Chinese APT group compromises building automation systems by exploiting Microsoft ProxyLogon* vulnerabilityThe National Institute of Standards and Technology (NIST) publishes new guidelines to protect macOS* systemsA cyberattack hit Iran's major steel mills, forcing production at factories*Vice Society ransomware group claims responsibility for attack on Innsbruck Medical University*A new phishing technique uses Microsoft WebView2 applications to bypass multi-factor authentication*LockBit ransomware gang infects users via fake copyright infringement emails*The US Federal Trade Commission warns against extortionists targeting the LGBTQ+ communityMicrosoft mitigates high-severity vulnerabilities in Edge web browser, affecting more than 150 million users*Fast Shop, a Brazilian retailer, has announced a blackmail cyberattack*Cybercriminals use Mitel Zero Day to raise suspicion of a ransomware attack*Malicious PyPi Python packages sending stolen AWS keys to insecure websites*A Japan-based automotive fabric distributor, TB Kawashima, has been confirmed in a cyberattack*Hackers encrypt ISGEC Heavy Engineering Limited data and need Bitcoin to decrypt it*US subsidiary of automotive hose maker Nichirin suffers ransomware attack*CISA Warns of Threat Actors Exploiting Log4Shell Vulnerability to Hack VMware Servers*New Quantum Builder allows attackers to easily launch malicious Windows* 'LNK' attacksA new phishing campaign targets Microsoft 365 users to steal Metamask recovery phrases*Vulnerable QNAP NAS devices become targets of DeadBolt ransomware* attacksItalian Spyware Vendor Infects Android and iOS Users Through Internet Service Providers*SMA Technologies' OpCon UNIX Agent Critical Vulnerability Receives Patch*Chinese hacker group disguises cyber-espionage operations as ransomware attacks*The Lithuanian NCSC warned of an increase in DDoS attacks on government websites*Google fixed 14 vulnerabilities with the release of Chrome version 103*Chinese hackers distribute the 'Nimbda' loader included in the 'SMS Bomber' tool to install the information-stealing Trojan payload*MEGA fixes several critical vulnerabilities in the encryption algorithm*Cloudflare experiences massive outage due to network configuration error*Icefall 56 vulnerabilities affect operating system devices used in various industries*New APT group ToddyCat targets Microsoft Exchange servers*Yodel parcel company suffers cyber attack that interrupts delivery services*Microsoft 365 service outage affects Microsoft Exchange Online and Teams*A new phishing campaign steals Microsoft 365 credentials via fake voicemail*New DFSCoerce NTLM Relay Attack Allows Attackers to Take Control of Windows* DomainGlobal HR Firm RobertHalf Warns Users About Credential Stuffing Attacks*BRATA Banking Trojan for Android is Now Evolving into an Advanced Persistence Threat*Another increase in ECh0raix ransomware attacks detected on QNAP NAS devices*Hackers Drop Malicious Cobalt Attack Beacons in New Phishing Campaign*Cisco has confirmed that it will not fix RCE errors on legacy VPN routers*A new Android banking malware "MaliBot" distributed as a cryptomining app or Chrome browser*Researchers identify dozens of flaws in Siemens' industrial network management system*The US Department of Justice dismantled Russia's RSocks* botnet infrastructureA vulnerability in Cisco devices allows hackers to bypass authentication*Ninja Forms plugin patch forcibly updated on millions of sites*Chinese hackers exploited the Sophos Firewall zero-day bug weeks before the official patch release*Africa's largest supermarket, Shoprite Holdings, hit by ransomware attack*Critical ADM vulnerability fixed by Citrix in its security updates*Panchan's new peer-to-peer botnet compromises multiple Linux servers in education*Travis CI Public API registries exposed to thousands of GitHub, AWS and Docker tokens*A new "Hertzbleed" side-channel attack affects Intel and AMD* processorsCloudflare detects and mitigates the largest HTTPS DDoS attack*Microsoft patched the actively exploited Windows MSDT zero-day vulnerability in its June 2022 security updates*ALPHV Ransomware Group has developed a new extortion technique*An unknown threat group hacked over 500 Indian websites and demanded an apology from Muslims around the world*Android adware and data-stealing malware downloaded over 2 million times from the Google Play Store*Nonprofit healthcare company Kaiser Permanente confirms data breach affecting more than 69,000 people*Microsoft Patchday Security Advisory: June 2022*Gallium Hackers Target Financial and Government Organizations Using New “PingPull” Malware*Attackers Deploying BlackCat Ransomware on Compromised Microsoft Exchange Servers*Threat actors using a new Linux rootkit malware "Syslogk" in cyberattacks*A stealthy Linux "Symbiote" malware targeting financial firms in Latin America*Malicious PyPI package "keep" contains password stealing due to typos*Hello XD Ransomware Group now removes a backdoor when encrypting systems*New PACMAN hardware attack can bypass Pointer Authentication (PAC) on Mac systems*AvosLocker and Cerber2021 Ransomware Gang are actively targeting unpatched Atlassian Confluence servers*Google Patched Multiple Vulnerabilities in Chrome Browser Updates*Iranian Hackers Use DNS Backdoor to Attack Energy Sector*Hackers spread new information-stealing malware via hacked software CCleaner Pro*Several botnets are now exploiting the critical Atlassian Confluence RCE vulnerability to deploy cryptominers*Researchers identify a new China-linked APT group that has been spying on organizations for 10 years*New advanced malware "Symbiote" infects all Linux processes and steals account credentials*Threat Actors have compromised online gun stores in the US to steal customers' credit card details*Emotet malware now collects credit card information from the Google Chrome browser*Medical provider Shields Health Care Group suffers data breach, data of more than 2,000,000 people exposed*Google fixed several critical Android bugs in the June 2022 security updates*Hackers abused Facebook Messenger in a large-scale phishing campaign to steal victims' credentials*Two Critical U-Boot Vulnerabilities Revealed in Linux*-Based Embedded SystemsBlack Basta ransomware targets vulnerable VMware ESXi servers*Threat actors deploying the new "SVCReady" malware via phishing campaigns*Chinese government hackers compromise US telcos to spy on network traffic*Black Basta Ransomware Group deploys QBot malware into its operations*The Italian city of Palermo was hit by a cyberattack that affected a variety of operations and services*LockBit Ransomware Group claims to have infiltrated Mandiant Company's network*Hackers are actively exploiting a critical zero-day vulnerability in Windows in a phishing campaign*Sensitive data from pharmaceutical giant Novartis exposed in recent cyberattack*Hacking group WatchDog mines cryptocurrency in newly launched cryptojacking campaign*Android malware "SMSFactory" discreetly enrolls users in premium services*Hackers stole NFTs from Bored Ape Yacht Club via Yuga Lab Discord server hack*GitLab fixes a critical account takeover vulnerability in its Enterprise Edition*Malware identified by researchers controlling thousands of websites on the Parrot TDS network*Chinese threat group LuoYu uses WinDealer malware in man-on-the-side attacks*Foxconn Mexico manufacturing plant affected by ransomware attack*Microsoft Banned Malicious OneDrive Apps Used in Polonium* AttacksA new Clipminer malware brought its operators $1.7 million through transaction hijacking*Hackers are actively exploiting the new Atlassian Confluence zero-day vulnerability in the wild*Attackers targeted hundreds of insecure Elasticsearch databases in a ransomware attack*SideWinder APT Group creates a fake VPN app for Android on the official Google Play store*RuneScape phishing campaign steals game account details and banking PIN*A zero-day vulnerability in Windows Microsoft Office gets a free unofficial patch*Researchers found that more than 3.6 million MySQL servers are publicly accessible*Costa Rican public health network affected by Hive* ransomware attackAttackers can hijack WhatsApp accounts using the call forwarding method*Chinese APT Hackers Are Actively Exploiting New Microsoft Office RCE Vulnerability in the Wild*A new variant of the XLoader botnet hides its C2 servers using the probability method*Zoom has released security patches to address four critical vulnerabilities in its video conferencing application*Cisco researchers discovered multiple vulnerabilities in the open automation software platform*Hackers use a new Microsoft Office zero-day bug to run PowerShell commands*The Austrian state of Carinthia attacked by the BlackCat* ransomware gangAttackers use new WSL-based malware to steal web browser cookies*EnemyBot malware includes new exploits for critical web servers and vulnerabilities in content management systems*FBI: Attackers Trade on Hacker Forums with Access Data to US Educational Institutions*Security researchers released a proof-of-concept (PoC) exploit for the critical VMware bug*Microsoft has discovered several vulnerabilities in Android applications*Threat actors stole nearly 100,000 NPM user account credentials in GitHub OAuth Breach*Zyxel has fixed several security vulnerabilities in its products*Windows 11 KB5014019 patch affects Trend Micro UMH drivers and breaks ransomware protection*Scammers pose as the QuickBooks support team in a phishing attack*Threat actor uses stealthy BPFDoor malware to infect Linux and Solaris* systemsMicrosoft has published a guide to mitigate KrbRelayUp LPE attacks on Windows* systemsNew Linux-based "Cheers" ransomware targets vulnerable VMware ESXi servers*Researchers have noticed an increase in the rate of ChromeLoader malware infections targeting Windows and Mac* systemsThe developers have warned users to stop using Linux Tails 5.0 distributions until the next release*Popular Python and PHP Libraries Compromised to Steal Users' Amazon AWS Keys and Credentials*Russian government agencies targeted by fake Windows update campaign*Researchers have discovered a new variant of Chaos* ransomwareTrend Micro has patched a DLL hijacking vulnerability in its security solution*Mozilla has patched zero-day vulnerabilities in its various products*Indian airline SpiceJet suffers a ransomware attack that affects departures*Hackers attacked security researchers with fake Windows PoC* exploitsUS automaker General Motors (GM) suffers Credential Stuffing attack and discloses customer information*Chinese Twisted Panda APT Group Targets Russian Defense Institutes With Spy Attacks*A new unpatched vulnerability in PayPal allows hackers to steal funds from PayPal users*Issues with the Microsoft Store app have been fixed with Emergency Updates for Windows 10*Russian IoT botnet fronton to launch disinformation campaigns on social media*Chicago Public Schools Suffers Major Data Breach After Ransomware Attack*Predator spyware actively infects Android users in zero-day attacks*Hackers use PDF documents to remove Snake Keylogger* malwareThreat actors promote a new cryptocurrency scam with fake Elon Musk YouTube videos*Cisco has patched a zero-day vulnerability in IOS XR router software*Vidar malware is distributed via fake Windows 11 downloads*PyPI Releases Malicious Backdoor Package Targeting Windows, Linux, and Mac OS*North Korean hacker group Lazarus uses Log4J vulnerability to infect VMware* serversQNAP Warned Customers About New DeadBolt Ransomware* AttackMedia giant's Nikkei unit in Singapore suffers ransomware attack*Microsoft is noticing a massive increase in XorDDoS malware activity targeting Linux* devicesThe most sophisticated BlackCat (ALPHV) ransomware gang targeting various organizations*(Video) Top 5 Biggest Data Breaches in Australia | NordVPNNVIDIA fixes ten bugs in Windows* GPU display driversMicrosoft warns against brute force attacks on MSSQL* database serversVulnerabilidades críticas corregidas por VMware en sus diversos productos*WordPress fixed critical vulnerabilities in Jupiter theme and core Jupiter plugins*Over 200 apps found distributing Facestealer spyware via the Google Play Store*Millions of attacks exploiting the vulnerable WordPress Tatsu Builder plugin*Various third-party web crawlers steal user-entered data before sending it*CISA Alerts on Actively Exploited Spring and Zyxel Vulnerabilities*A custom PowerShell RAT for German users looking for information on the Ukraine crisis*Apple fixes a zero-day vulnerability in its macOS and Watch* devicesManufacturing company Parker-Hannifin announces data breach following ransomware attack*HTML attachments are still used in phishing emails as they evade detection*Sophos fixes antivirus driver crash BSOD that was triggered after Windows update KB5013943*CISA warns about Windows updates on domain controllers*Fake Pixelmon NFT website infects users with password-stealing malware*Attackers promoted fake Binance NFT Mystery Box bots on YouTube to install RedLine* malwareSonicWall fixes new vulnerabilities in its SSLVPN SMA1000 devices*Pro-Russian hackers Italian government DDoS websites via "slow HTTP" technique*The Sysrv botnet variant is now exploiting new vulnerabilities to deploy cryptomining malware*Massive WordPress JavaScript Injection Campaign Redirecting Visitors to Malicious Websites*Zyxel closes critical vulnerability in its firewall products*Cobalt Mirage attackers use BitLocker and DiskCryptor in ransomware attacks*A Stealthy BPFdoor Backdoor Targeting Linux and Solaris* SystemsFBI and CISA warn of supply chain attacks on MSPs*Bitter Hacking Group targets Bangladesh government agencies with spear phishing campaigns*HP fixes high severity BIOS vulnerabilities by enabling kernel privileges*Hackers use IceApple's new post-exploit framework on Microsoft Exchange servers*Attackers spread another set of malicious apps through the Google Play Store*Researchers Warn Against DCRat Backdoor Selling On Russian Hacker Forums*Costa Rica declares a national emergency after cyberattacks by Grupo Conti Ransomware*Fraudsters Distribute Jester Stealer Malware in Phishing Attacks*Microsoft Patches Actively Exploited Windows LSA Spoofing Zero-Day Bug*Hackers Use Critical F5 BIG-IP Vulnerability for Destructive Attacks*FluBot Android malware targets Finland with new SMS phishing campaign*German auto industry targets month-long malware campaign*Microsoft Patchday Security Advisory: May 2022*Microsoft fixes a bug in Azure Synapse and Azure Data Factory pipelines*QNAP fixed a critical vulnerability affecting remote command execution in QVR*New Windows worm spreads from infected USB drives*The American manufacturer of agricultural machinery "AGCO" suffers a ransomware attack*Google Docs crashes when "E.E.E.E.E."*Attackers hijacked Ferrari subdomain to host fake NFT scam*New NetDooka malware framework distributed via PrivateLoader* malware distribution serviceInsecure ElasticSearch server instance exposed thousands of borrower data*New Chinese threat group Moshen Dragon targets Asian telcos*Security researchers reveal years of bugs in Avast and AVG* antivirus solutionGoogle fixes an actively exploited Linux kernel vulnerability in its Android security updates*North Korean hacker group 'APT38' linked to new ransomware strains*Threat actors targeting Microsoft logins from compromised UK NHS email accounts*Cisco fixes NFVIS vulnerabilities that allow access with root privileges*Q5 Warns Users of a Critical Vulnerability in BIG-IP RCE that Allows Device Acquisition*Hackers target Pixiv and DeviantArt artists to send malware to steal information*Pro-Ukrainian Hackers Are Actively Using Docker Images For Russian DDoS Sites*Threat actors distribute Magniber ransomware in a fake Windows 10* upgrade campaignOver Millions of Routers and IoT Devices Vulnerable to Unpatched DNS Vulnerability*Aruba and Avaya network switches are highly vulnerable to "TLStorm 2.0"* vulnerabilitiesThreat actors abusing Google's SMTP relay service to distribute phishing emails*Car rental giant Sixt suffers cyberattack and business interruption*Threat actors use Bumblebee malware instead of BazarLoader malware in cyberattacks*Attackers target Ukrainian sites from WordPress sites compromised by DDoS attacks*Synology Warns Customers About Critical Netatalk Bugs Affecting Its Various Products*Russian threat group attacked Romanian government websites with a DDoS attack*Austin Peay State University ransomware attack*A YouTuber encourages his followers to DDoS attacks against Russia*Popular social media app Whatsapp stops working, users report connection issues*An NPM flaw allows attackers to add other developers to their malicious packages*Critical vulnerabilities that Microsoft en Azure Database for PostgreSQL Flexible Server fixes*The RIG Exploit Kit exploits a bug in Internet Explorer to spread RedLine malware*China-linked Mustang Panda threat group now targets Russian state officials*Hive0117 Threat group targeting Eastern European organizations in phishing campaign*QNAP has warned customers to disable AFP until critical bugs are fixed*Microsoft has disclosed a new "Nimbuspwn" vulnerability in the Linux* operating systemThreat actors actively exploiting a critical vulnerability in VMware RCE to implement backdoors*Threat actors actively proliferating Emotet malware via Windows* shortcut filesThe multinational beverage company Coca-Cola suffers a network breach*Confidential American Dental Association data stolen by Black Basta ransomware*North Korean APT group attacks journalists with "Goldbackdoor" malware*French hospital group suffers cyber attack; Administrative data and exposed patients*Critical flaw in Ever Surf Wallet allows attackers to steal victim's cryptocurrency*Atlassian fixed a critical authentication bypass bug in Jira Seraph*Hackers insert "More Eggs" malware into resumes sent to corporate hiring managers*Critical flaw in Cisco Umbrella's default SSH key allows credential theft*UPI suffers non-compliance, social media flooded with non-payment claims*T-Mobile confirms that its internal network was invaded by the Lapsus$* threat groupSeveral critical bugs discovered in SmartPTT and SmartICS* industrial productsQNAP urges users to mitigate critical Apache HTTP server outages*LemonDuck and TeamTNT hack Docker servers in cryptomining malware campaigns*A critical vulnerability in the Android chipset allows attackers to access users' media files*New variant of BotenaGo botnet targeting Lilin Security Camera DVR devices*Amazon Web Services fixes container leak in Log4Shell hotfix*Russian threat group uses new Ptered variants to infect selected Ukrainian units*Hive Ransomware Group targets vulnerable Microsoft Exchange servers*The Emotet botnet increased its infection rate in March 2022*CISA Warns of Actively Exploited Vulnerability in Windows* Print SpoolerQNAP warned customers to protect NAS devices from cyber attacks*Lenovo has disclosed vulnerabilities in UEFI firmware drivers affecting more than 100 notebook models*Israeli group NSO uses a new iOS bug to release spyware on iPhone devices*CISA Warns of North Korean Hacking Group Targeting Cryptocurrency Industry*A threat actor stole $655,388 in cryptocurrency from Apple's iCloud*Hackers use fake Windows 11 update campaign to infect users*Decentralized finance project Beanstalk lost $182 million in quick lending attack*Cisco patches a critical authentication bypass vulnerability in its WLC software*JekyllBot: 5 Mistakes Lead Hackers to Compromise Aethon TUG Hospital Robots*Hackers accessed several private GitHub repositories using stolen OAuth tokens*Scammers targeting T-Mobile customers in SMS phishing attacks*A vulnerability in the Rarible NFT Marketplace allows attackers to steal users' crypto assets*Wind turbine manufacturer Nordex suffers Conti ransomware attack*Oil India Limited (OIL) suffers a ransomware attack*Threat actors targeting Ukrainian government agencies with IcedID malware and Zimbra* exploitsOldGremlin ransomware group returns with new malware targeting Russian companies*CISA Warns of Actively Exploited Windows Local Privilege Escalation Vulnerability*Google patches an actively exploited vulnerability in its Chrome browser*Malware campaigns targeting African bank employees using RemcosRAT* malwareRussian hackers use Industroyer2 malware to attack Ukraine's power grid*Federal Agencies Issue Joint Advisory on APT Groups Targeting ICS/SCADA Devices*Hackers are actively exploiting a critically patched VMware vulnerability*WordPress developers fix critical bug in Elementor plugin*New Tarrask malware hides scheduled tasks using Windows* vulnerabilityHP fixes critical bugs affecting 15 million endpoints in Teradici PCoIP software*Hashnode blog platform reported with critical LFI vulnerability*Microsoft Patch Tuesday Security Advisory: April 2022*Italian luxury fashion house 'Ermenegildo Zegna' confirms ransomware attack*Threat actors use Spring4Shell exploits to install Mirai* malwareUS manufacturer Snap-on suffers a data breach*Researchers warn of FFDroider and Lightning* data-stealing malwareQbot operators now distribute malware via MSI Windows Installer Packages*Android banking Trojan mimics bank customer service calls*Atlassian's current outage may be extended by an additional two weeks*Threat Actors Distribute New META-Malware in Spam Campaigns*Chinese threat actors are actively targeting Indian power grid organizations*New Octo malware allows attackers to remotely take control of Android devices*A new "Parrot" traffic control system infects 16,500 websites to deploy malware*New “Denonia” Malware Targets Serverless AWS Lambda with Crypto Miners*Hackers collect data on malicious Android apps with millions of downloads*Threat actors use new "FFDroider" malware to steal social media accounts*An ongoing Atlassian outage impacts Jira and Confluence customers*OpenSSL Loop Vulnerability Affects Palo Alto Networks Firewalls and VPNs*Scammers use malicious shopping apps to steal banking information from Malaysian customers*British retail chain The Works suffers a cyberattack*VMware fixes critical vulnerabilities in its various products*CISA Issues Warning About Active Exploitation of Critical Spring4Shell Vulnerability*Researchers Link Chinese Threat Group 'Cicada' to Widespread Spying Attacks*Hackers hijack email marketing company Mailchimp for phishing attacks*FIN7 hacker group using stolen credentials and software supply chain attacks*Various hacker groups use the war between Russia and Ukraine to spread malware*Threat actors trade new and sophisticated malware on Russian hacker forums*Beastmode DDoS Botnet Takes Advantage of New TOTOLINK Bugs to Enslave Routers*New RAT malware "Borat" appears on hacker forums and offers various resources*Hacking a broken cable could allow attackers to remotely stop EV charging*VMware fixes critical vulnerability in Spring4Shell RCE in multiple products*A 15-year-old bug in the PHP Pear repository could lead to a supply chain attack*Vulnerability actively exploited by Trend Micro patches in its Apex Central product*Threat actors deploy new Android spyware to collect sensitive user data*American Express suffers a massive outage affecting payment services*Threat actors abusing static Microsoft Azure web pages for phishing attacks*Hackers use fake Trezor privacy breach emails to steal users' cryptocurrency assets*CISA advises federal agencies to fix critical vulnerability in Sophos* firewallCritical vulnerability in GitLab allows hackers to take over user accounts*Palo Alto Networks Bug Leak Customer Support Case Attachments*Apple fixes two zero days on its iPhones, iPads and Macs*Zyxel fixes critical authentication bypass vulnerability in its firewall and VPN products*Vulnerable Wyze Cam devices allow hackers to view video streams*Chinese Hackers Install New "Fire Chili" Rootkit on Vulnerable VMware Horizon Servers*Viasat confirmed that satellite modems were compromised with AcidRain malware*Developers release a fix for a zero-day vulnerability in the Spring Java Framework*A new zero-day vulnerability in the Spring Java Framework allows remote code execution*OpenSSL Fatal Error Affects Most QNAP NAS Devices*IT and Software Company Globant Suffers Data Breach; 70 GB of data is stolen*Viasat's KA-SAT satellite service suffers a cyberattack*A new spear phishing campaign targets opponents of the Russian government with Cobalt Strike*Russian phishing attacks target European and NATO forces*FBI Warns Election Officials About Credential Phishing Campaigns*Transparent Tribes Hackers Attack Indian Government Officials With Modified MFA Tool*Mars Stealer malware spreads via Google OpenOffice ads*New "Verblecon" Malware Infects PCs Hacked With Cryptocurrency Miners*CISA wants attacks on Internet-connected UPS devices*Shutterfly announces data breach following Conti* ransomware attackThreat actors using infected WordPress sites to launch DDoS* attacksThe Honda vehicle's remote keyless system is vulnerable to repeated attacks*Threat actors target vulnerable Microsoft Exchange servers via response-chain hijacking attacks*Purple Fox Hackers Are Actively Using a New Variant of FatalRAT* in Recent Malware AttacksThe Muhstik botnet targeting Redis servers recently disclosed a vulnerability via a newly disclosed vulnerability*An emergency update for Google Chrome fixes the zero-day bug used in attacks*A critical vulnerability in Sophos Firewall allows remote code execution*The Chinese hacker group “Scarab” was seen attacking Ukraine amid the invasion of Russia*Threat actors distribute a Vidar Infostealer via malicious email attachments*Hackers attack Azure developers through more than 200 malicious NPM packages*Social engineering attacks put Morgan Stanley client accounts at risk*Western Digital Updates My Cloud OS to Fix Critical Vulnerability*Threat actors spread the new version of JSS Loader RAT via malicious Microsoft Excel add-ins*North Korean hackers are actively exploiting the recently patched zero-day bug in Chrome*VMware Releases Patches for Carbon Black* Application Control VulnerabilitiesNew vulnerabilities in WPS Office give hackers access to bookmakers*Threatening China-linked actor "Mustang Panda" targets European diplomats and ISPs*Thousands of MikroTik routers abused in Glupteba and TrickBot campaigns*Microsoft Confirms LAPSUS$ Blackmail Group Hack, 37GB of Source Code Leaked*New Dell BIOS bugs affect millions of Inspiron, Vostro, XPS and Alienware systems*Several models of HP printers are vulnerable to remote code execution attacks*Greece's public postal service "ELTA" suffers a ransomware attack*Researchers Reveal Custom MacOS Malware Created by Chinese Hackers*A new crypto scam called "CryptoRom" abuses iPhone resources to target mobile users*New "Snake" backdoor targets French companies via open source package installer*Hackers attack banking networks with a new rootkit to compromise ATMs*Threat actors distributing BitRAT malware as a Windows 10 license activator*Hackers impersonating legitimate domains with a new browser-in-browser (BITB) attack*Opatch releases unofficial patch for Windows zero-day bug that grants administrator privileges*Hackers infect Android users with password-stealing malware "FaceStealer"*Internet Systems Consortium (ISC) fixes fatal errors in BIND* serverA new Cyclops Blink botnet variant actively targeting ASUS routers*Europe warns of plane GPS glitches linked to Russian invasion*Unprotected Microsoft SQL and MySQL servers targeted by Gh0stCringe* malwareSolarWinds warns about attacks on web help desk instances*More than hundreds of websites hosted by GoDaddy were attacked through backdoors in a single day*CISA added 15 known vulnerabilities exploited in attacks*OpenSSL fixes a high severity DoS vulnerability*Hackers use Log4j exploits to infect Linux* machinesA massive phishing campaign uses more than 500 domains to steal credentials*Automotive giant DENSO suffers data breach*QNAP Warned About Linux "Dirty Pipe" Vulnerability Affecting Its NAS Devices*Threat actors used CaddyWiper data to clean malware in Ukraine attacks*New Linux vulnerability allows hackers to elevate privileges*Researchers have found new evidence linking Kwampirs operators to the Shamoon malware*Bridgestone Americas suffers data breach after ransomware attack*Vulnerable package managers allow attackers to infect developer systems*Giant video game developer Ubisoft revealed a cyber attack, services interrupted*New variant of Google Authenticator MFA codes for Aberebot Trojan Harvest users*Attackers use the YouTube platform to infect gamers with malware*Threat actors use custom hacking tools in cyberattacks*Emotet botnet with more than 100,000 bots to carry out cyberattacks*Iranian threat group targets Turkey and Arabian Peninsula in malware attack*Threat actors using Mitel devices to launch DDoS attacks Reflection*Websites of Russian federal agencies compromised in a supply chain attack*CISA Conti ransomware alert updated with 100 domains used in cyberattacks*Chinese threat actors target European diplomatic institutions in phishing attacks*Scammers posing as government officials and law enforcement agencies in fraudulent scams*Coinbase Blocks Over 25,000 Blockchain Addresses Linked to Russian Individuals*A new Linux vulnerability allows hackers to access the root of vulnerable systems*Microsoft fixes a critical Azure bug that exposes data from other customers*Rompetrol gas station chain in Romania suffers Hive* ransomware attackUkraine's Computer Emergency Response Team warns of new phishing attacks*TerraMaster fixes critical vulnerabilities in its NAS (Network-Attached Storage) devices*Researchers identify SharkBot malware masquerading as Android antivirus on the Google Play Store*Threat actors use stolen NVIDIA code signing certificates in cyberattacks*The Russian government shares the list of DDoSing IP addresses of Russian organizations*Vulnerable versions of the Linux kernel allow hackers to execute arbitrary commands*A new security bug affects thousands of self-managed GitLab instances*Mozilla security updates fix two critical zero-day vulnerabilities in Firefox*Lapsus$ Hacking Group Allegedly Shares Samsung Electronics' Sensitive Data*Cisco Releases Patches for Expressway Series and TelePresence VCS* ProductsResearchers propose a new side-channel attack on homomorphic cryptography*New York State Attorney General Warns Users Affected by T-Mobile Data Breach*More than 71,000 NVIDIA employee credentials compromised as a result of a data breach*Researchers uncover malware campaign impersonating venture capital firm using phishing emails*Developers fix critical vulnerabilities in popular PJSIP* media libraryResearchers reveal critical vulnerabilities in surveillance software VoIPmonitor*Threat actors using Log4Shell vulnerabilities to launch DDoS attacks and cryptomining*Belarus National Threat Group Actively Attacks European Government Agencies*TrickBot operators upgrade their AnchorDNS backdoor to AnchorMail*Threat actors abuse Google ads to send hundreds of e-bike phishing sites*China-linked Daxin malware actively targets various government infrastructures in espionage attacks*TeaBot malware reappears on Google Play as a QR code scanning app*Insurance giant “AON” suffered a cyberattack over the weekend*Second new "IsaacWiper" malware hits Ukraine amid Russian invasion*Auto giant Toyota shuts down production after cyberattack on supplier*Video surveillance Giant Axis Communications suffers massive network outages*Threat actors abusing content filtering devices in DDoS amplification attacks*An Infostealer malware "Jester Stealer" updated with new malicious features*Threat actors use ransomware as bait in cyberattacks in Ukraine*Vulnerability in Visual Voice Mail Android app allows attackers to steal users' passwords*NHS Urges Users to Patch Okta Advanced Server Client RCE Vulnerability*The American multinational technology “Nvidia” suffers a cyberattack*Targeted Citibank customers are phished with fake suspension alerts*UNC2596 Threat Group exploits vulnerabilities in Microsoft Exchange to install ransomware payload*Hackers use the official Microsoft store to inject malware into victim systems*Threat Actor Group “APT27” Hits US Defense Firms With Stealthy SockDetour Backdoor*Deadbolt ransomware operators actively target ASUSTOR NAS devices*Researchers identify new destructive cleaner malware used in attacks in Ukraine*CISA Warns of Actively Exploited Vulnerability in Zabbix* Network Monitoring PlatformResearchers reveal a new "small sieve" of malware used by MuddyWater hackers*Researchers warn of a new Russian botnet created from hacked firewall devices*25 Malicious JavaScript Libraries Allow Hackers To Steal Discord Tokens And User Environment Variables*Threat actors using Dridex bots to deploy ransomware payloads to infected networks*Chinese Researchers Discover Details About Equation Group's Bvp47 BackdoorResearchers discover a 9-year-old bug in Horde Webmail software*Massive DDoS attacks hit Ukrainian authorities and banks again*Researchers reveal a new phishing technique that bypasses multi-factor authentication*Chinese threat group 'APT10' targets Taiwanese companies in supply chain attack*Hancom Office software vulnerable to code execution attacks and memory corruption*Scammers stole $1.7 million worth of NFTs from OpenSea users in a phishing attack*Threat actors actively scan vulnerable MS SQL servers to implement Cobalt* attack indicatorsA new Android banking Trojan targeting Europeans detected in the Google Play Store*The American logistics company “Expeditors International” suffers a massive cyber attack*Major cookware distributor 'Meyer Corporation' suffers data breach after ransomware attack*Islamic Republic of Iran Broadcasting (IRIB) affected by cyberattack*WordPress Force Update UpdatePlus plugin patch on millions of websites*Iranian Threat Group Exploits Log4j Vulnerabilities to Compromise VMware Horizon* ServersPseudoManuscrypt Botnet has been following CryptBot techniques since May 2021*Monzo Online Banking users are the target of a new phishing attack*Popular online store for e-cigarettes in jeopardy for loading Credit Card Skimmer*Adobe has updated its security advisory for critical vulnerabilities*High Severity Vulnerability Patched by Cisco Affects Cisco Email Security Appliance*Hackers use Microsoft Teams chats to spread malware*Researchers Warn of Golang-Based Kraken Botnet Targeting Windows* SystemsCyber Threat Group “Team Moses” Targets Israeli Organizations*The Red Cross blamed the attack on the state-sponsored hacker group*BEC scammers pose as CEOs in virtual meetings*See AlsoWprowadź światło w ciemność dzięki Meraki Network Monitoring! Nie daj się ponieść ciemności - ObkioPorównanie ApexSQL i SolarWinds Database Performance Monitor i DatadogSecPro 21: 👥 Mądrość społeczności, rzeczywistość ataku dnia zerowegoBewaak eenvoudig de netwerkbandbreedte met deze 6 toolsTrickbot malware targets companies known to steal user data*Researchers have revealed a high severity vulnerability in Apache Cassandra*High Severity Vulnerabilities Resolved by VMware Affecting Multiple Products*BlackCat Ransomware Group reivindica ataque Swissport Ransomware*Ukraine's defense and two banking sectors affected by a massive DDOS attack*Threat actors using Mylobot malware to send cyber bullying emails*Researchers attribute ShadowPad malware attacks to Chinese threat groups*Japanese sportswear company Mizuno suffers ransomware attack*Moxa fixes 5 critical vulnerabilities in its MXview* softwareUkraine Suffers Massive Ongoing Hybrid War*NFL team San Francisco 49ers attacked by Blackbyte* ransomwareGoogle is rolling out a Chrome update to fix zero-day in its Chrome browser*Adobe Patched Critical Zero-Day Vulnerability Affects Adobe Commerce and Magento Users*Croatian mobile operator 'A1 Hrvatska' suffers data breach*Researchers have identified a sophisticated new rust-based ransomware attack*CISA added 16 new vulnerabilities to its catalog of known exploits*Elephant Modified by Threat Group Installed Fake Digital Evidence for Indian Activists*Apple fixes an actively exploited zero-day bug in its security updates*Threat actor group 'APT29' targets European diplomats with phishing emails related to COVID-19*FritzFrog botnet infects 1500 hosts in one month*Research reveals stealthy operating strategies modified by a group of advanced threats*Vulnerable PHP Everywhere plugin poses high risk for thousands of WordPress sites*Iranian Threat Group Uses Backdoor Called Marlin In New Spy Campaign*Hackers Infected Hundreds of Magento Sites in MageCart Attacks*FBI warns users of growing number of victims of SIM swap fraud and hijacking*Advance Threat Group uses a new implant to infect companies in the Middle East*Threat actors target European Android users with Smishing attacks*Kimsuki Hacker Group uses commodity RATs with custom Gold Dragon malware*Google fixes two critical bugs until February 2022 Android security updates*Vulnerable Mimosa wireless broadband products face remote attack*SAP fixes several security vulnerabilities in February 2022 Security Patch Day*Vodafone Portugal suffers a massive cyberattack*Microsoft Patchday Security Advisory: February 2022*Politically motivated threat group targeting Indian military and diplomatic assets*Medusa malware targets Android users in Smishing* campaignsLeading sportswear manufacturer Puma suffers data breach after ransomware attack*Errors in DPD Group package tracking can reveal personal customer data*Vulnerable Argo-CD exposes sensitive data from Kubernetes applications*US media giant News Corp hit by persistent cyberattack*Researchers have identified a new ransomware-as-a-service (RaaS) operation in cyberattacks*Israeli company QuaDream exploits iPhone vulnerability to deploy spyware*Swiss airline Swissport affected by ransomware attack*Chinese threat actors are actively exploiting a Zimbra zero-day vulnerability to steal email*Cisco Fixes Several Bugs Discovered in Small Business RV* Series RoutersIntuit warns of a phishing campaign that sends blocked emails from fake accounts*Antlion Hackers Target Manufacturing and Financial Institutions Through Customized Backdoors*Threat actor group "Moses Team" uses new StrifeWater RAT in ransomware attacks*Vulnerabilities in UEFI firmware affect at least 25 PC vendors*Threat actors use SEO poisoning techniques to install malware bundles*New malware used by SolarWinds hackers went unnoticed for years*Software de ataque de Kenyon Produce (KP) Snacks Company contra ransomware*Morley Companies Inc. Reveals Ransomware Attack After Data Breach*ESET fixes high severity vulnerability affecting its various products*Cute Kitty Threat Actor Group Uses New PowerShell Backdoor in Cyber Espionage Attacks*SolarMarker malware uses new techniques to survive on compromised systems*Researchers Reveal New Iranian Hacking Campaign Targeting Turkish Users*Researchers have found a new variant of Oski malware called "Mars Stealer" in cyberattacks*Phishing scammers use malicious CSV files to drop malware*German mineral oil company Oiltanking severely affected by cyber attack*British Council suffers data breach, 144,000 records exposed*Gamaredon Threat Group uses new malicious files in a phishing attack*Samba patched a critical vulnerability that allowed hackers to gain root access*Hackers misuse UPnP routers for malicious activities*WordPress fixes a critical vulnerability in a plugin with over a million downloads*Russian threat actors use stealthy malware in cyber-espionage campaign dubbed StellarParticle*Taiwanese Electronics Manufacturer Delta Hit by Conti Ransomware*Hackers take over CEO accounts with rogue OAuth apps*Phishing operators using a Windows update to install malware*Researchers discover more than 20,000 DCIM systems vulnerable to attacks*Mobile phones of Finnish diplomats infected with Pegasus* spywareWindows vulnerability patched with new public exploits allows hackers to become administrators*Linux version of LockBit ransomware targeting VMware ESXi* serversDiscord suffers major outage due to API and database issues*Chaes banking Trojan hijacks Chrome with malicious extensions*New FluBot and TeaBot campaigns abuse Android devices around the world*Phishing attack impersonates shipping giant “Maersk” to deploy malware*Video game company BANDAI NAMCO shuts down servers to prevent cyberattacks*Apple patches a new zero-day exploit to hack macOS and iOS devices*Federal government warns against backdooring of networks of companies of the APT27 group*Linux system service error allows rooting on all major distributions*DazzleSpy malware targets macOS users in a watering hole attack*Threat actors using compromised accounts to send mass phishing emails*Premium Subscription-Based Scam Targeting Android* UsersTrickBot malware operators added new techniques to evade detection*Russian threat group targeting defense and government industries*New DeadBolt ransomware targets QNAP devices and demands 50 BTC for master key*Primer ataque a VMware Horizon Server Access Broker en ataques Log4Shell*Canadian government hit by cyberattack, some services disrupted*Threat actors broke into the Segway store to steal customers' credit card details*Emotet spam campaign using an unconventional IP address to avoid security detections*Phishing campaign that uses malicious PowerPoint files to spread malware*Threat actors are now actively targeting a critical fix for SonicWall RCE*Two CWP bugs allow code to run as root on Linux* serversBRATA Android malware strikes back with enhanced capabilities and wipes device after data theft*Hackers encrypt the internal servers of the Belarusian railway * in protestResearchers identified a new UEFI firmware implant in cyberattacks*Hackers Opened the Doors to Over 90 WordPress Themes and Plugins in Supply Chain Attacks*Researchers discover 2 bugs in Zoom software leading to zero-click attack*SonicWall provides a temporary solution for firewall stuck in reboot loop*CISA reveals 17 new vulnerabilities exploited in attacks*Cyber espionage campaign of the Molerats threat group in the Middle East*McAfee Agent update fixes two high severity vulnerabilities*F5 fixes 24 vulnerabilities in its BIG-IP, BIG-IQ and NGINX Controller API* productsThe Netherlands National Cybersecurity Center warns of ongoing Log4j threats*WordPress plugin flaw puts users of 20,000 sites at risk of phishing and code injection*Various spyware campaigns to steal login details from industrial companies*DoNot hacking group targeting government and military installations in South Asia*Indonesia central bank launches ransomware attack, Conti data leaks*Cisco bugs grant remote attackers root privileges via debugging mode*Red Cross cyberattack leaks data of 515,000 people*SolarWinds Patches Serv-U Vulnerability Exploited by Log4j* AttacksRussian attackers use signature-based malware service to deploy malware*Scammers posing as the US Department of Labor in a phishing campaign*A new stealthy malware targets users' cryptocurrency wallets and passwords*Researchers reveal a critical bug in the SAP NetWeaver AS ABAP and ABAP* platformsA critical flaw in IDEMIA's biometric identification devices allows unauthorized access*Large-scale phishing campaign targeting renewable energy companies*Researchers link new White Rabbit ransomware to hacker group FIN8*Earth Lusca hackers target high-value government and private sectors*Microsoft releases emergency patches for Windows Server and VPN bugs*Fashion giant Moncler announces data breach after ransomware attack*Microsoft warns of fake ransomware targeting Ukraine in data wipe attacks*High severity CSRF errors in 3 WordPress plugins affecting 84,000 sites*Nintendo Warns of Fake Websites Offering Fake Switch Discounts*eNom Data Center Migration Process Takes Websites Offline*Zoho fixes a critical vulnerability in Desktop Central*An unknown npm dependency error affected the Create React Facebook app*Vulnerable Apple Safari Browser Allows Hackers to Track User Activity*Cybercriminals abuse public cloud infrastructure to distribute multiple RATs*Goodwill's ShopGoodwill e-commerce platform suffers a data breach*Cisco fixes a critical bug affecting Unified CCMP and Unified CCDM*Qlocker Ransomware returns to attack QNAP NAS devices worldwide*Defense firm Hensoldt announces ransomware attack*Massive cyberattack paralyzes several Ukrainian government websites*North Korean Hackers Are Stealing Millions From Cryptocurrency Startups Worldwide*Group of financially motivated hackers targeting cryptocurrency startups*Threat actors have compromised FIFA 22 accounts using social engineering techniques*Vulnerabilities Patched by AWS That Exposed AWS Customer Information*Sentinel LABS has released an unofficial patch for the privilege escalation vulnerability that affects all Windows* devicesOceanLotus Threat Group uses web files to install backdoors*Magniber Ransomware Gang now uses signed APPX files in attacks*Critical bug that Microsoft is fixing in the Windows* HTTP protocol stackApple fixed a persistent Denial of Service (DoS) bug called "doorLock"*Ransomware operators use Log4Shell exploit to infect VMware Horizon* systemsMicrosoft Patchday Security Advisory: January 2022*New SysJoker backdoor actively targeting Windows, macOS and Linux* usersThreat Actors Deploying New RedLine Malware Via Omicron Statistics Counter Fake App*KCodes NetUSB Kernel Module Bug Affects Millions of Routers Worldwide*CISA warns federal agencies about old bugs that are still being exploited*Threat Actor Group 'Patchwork' infects users with Ragnatela* malwareResearchers link 'Abcbot' botnet operation to cryptomining botnet operators Xanthe*Threat actors targeting cybersecurity researchers and developers in a malware campaign*Government Hackers Use New PowerShell Backdoor in Log4j* AttacksVulnerable open source NPM libraries "Cores" and "Forgers" break thousands of applications*Linux version of AvosLocker ransomware that encrypts VMware ESXi* serversResearchers discover a vulnerability like Log4Shell in the H2* database consoleA new "Night Sky" ransomware targeting businesses*Microsoft Warns of Continued Attacks Exploiting Bugs in Apache Log4j*Y2K22 bug affects SonicWall email security and firewall products*Hackers use BadUSB to attack defense companies with ransomware*NHS warns of unknown hacker group exploiting Log4Shell on VMware Horizon*FluBot malware operators targeting Europe posing as Flash Player application*FinalSite affected by a ransomware attack that disrupted thousands of schools*QNAP warns of attacks on NAS devices exposed to the Internet*North Korean hacker group "Konni" attacks Russian Foreign Ministry*Credential stuffing attacks affect 1.1 million users in 17 organizations*US Online Pharmacy "Ravkoo" Suffers Data Leak After AWS Portal Hack*Hackers abuse Google Docs commenting feature to plant malware*FBI Warns of Ongoing Google Voice Authentication Scams*Microsoft is releasing an emergency update to address Windows* Remote Desktop issuesThreat actors injecting Web Skimmer code to steal sensitive information*US. Cellular announces data breach after hacking billing system*McMenamins Hotel Chain Suffers Data Breach After Ransowmare Attack*Apple iOS vulnerable to "DoorLock" denial-of-service errors*Broward Health Company Announces Data Breach Affecting 1.3 Million People*Threat actors deploying Purple Fox malware via malicious Telegram droppers*Microsoft Releases Workaround to Resolve Exchange Server Outage*Kyoto University loses 77TB of research data due to backup failure*NETGEAR leaves six major vulnerabilities unpatched in its Nighthawk router*PulseTV reveals data breach on 200,000 credit cards*Researcher discovers vulnerability in Uber's email system*New iLOBleed rootkit wipes data from compromised HP Enterprise servers*AvosLocker Ransomware Group Releases Post-Decryptor Breaching US Police Force*Firmware attack can leave persistent malware in hidden SSD area*Chinese APT hackers use Log4Shell flaws to attack an academic institution*Popular Cryptocurrency Trading Platform ONUS Suffers Ransomware Attack Via Log4j Hack*Storage devices from different vendors affected by encryption software bugs*Norwegian media giant Amedia suffers blackouts due to cyber attack*Researchers reveal new automated cryptomining malware attacks with updated evasion tactics*Apache releases Log4j 2.17.1 to fix remote code execution bugs*RedLine malware steals passwords saved in Chromium*-based web browsersBlackTech Cyberespionage APT targets Japanese companies using Flagpro* malwareThreat actors have attempted to compromise Master Passwords of LastPass users*Researchers identify Riskware app infiltration in Samsung Galaxy Store*Threat actors actively abusing MSBuild to run indicators of Cobalt attacks*Photo service giant Shutterfly attacked by Conti* ransomwareThe Ech0raix ransomware group is actively scanning for vulnerable QNAP NAS devices*„Spider-Man: No Way Home“-Película-Torrent liefert Crypto-Mining-Malware*Multiple vulnerabilities in Garrett metal detectors allow hackers to change settings*Global IT service provider Inetum suffers ransomware attack*Android banking Trojan spreads via fake Google Play Store page*Blackmagic fixes critical execution bugs in daVinci code*Dridex Operators Target Covid-19 Victims Through Omicron Phishing Spoofs*Monangalia health system suffers from email breach affecting 400,000 people*NVIDIA and HPE fix Apache Log4j library vulnerabilities in their products*Researchers discover a new variant of Babuk* ransomwareDell's new BIOS updates cause laptops and desktops to have trouble booting*Apple fixes macOS vulnerability behind Gatekeeper bypass*Researchers uncover a new phishing campaign targeting cryptocurrency exchange CoinSpot*Threat actors delivering stealthy BLISTER malware to Windows* devicesPro Wrestling Tees Announces Data Breach, 31,000 Customer Information Compromised*Apache fixes two serious vulnerabilities in its HTTP* serverBug in Microsoft Azure App Service exposes client source code repository*CISA, FBI and NSA Launch Joint Scanner and Advisor for Log4j Vulnerabilities*Chinese-language espionage group targeting the government and transportation sectors*Researchers discover secret backdoors in the firmware of Auerswald's COMPACT 5500R phone system*All generations of mobile phones, from vulnerable 2G to newly identified cellular network vulnerabilities*FBI: Threat Actors Actively Using New Zoho Zero-Day* Since October 2021Over 820,000 vulnerable WordPress sites under attack*The PYSA ransomware group was behind the major attacks in November 2021*Scammers impersonate pharmaceutical company “Pfizer” in phishing attacks*Sony Life Insurance employee arrested for stealing $154 millionHackers Take Over Vulnerable Windows Domains Through Elevation of Privilege Vulnerabilities*Researchers suspect 'Cytrox' is spreading 'Predator' spyware on iPhones*Cybercriminals infected the network of the US federal agency with a backdoor*Malicious Android app spreads new Joker malware, infecting over 500,000 Android users*Hackers distribute new Stealthy DarkWatchman malware via phishing emails*Threat actors have revived TellYouThePass ransomware in Linux and Windows Log4j* attacksThreat Actors Exploiting Log4j Vulnerability to Deploy Dridex* Banking MalwareWestern Digital asks users to update their My Cloud devices*Logistics company "Hellmann" warns users of BEC emails after ransomware attack*Threat actors infected over 35,000 computers with the new PseudoManuscrypt* malware in 2021Threat Actors Targeting Fans of the Spider-Man Franchise with Credit Card Harvest*VMware fixes critical bug in Workspace ONE UEM*Phorpiex Botnet resurfaces with a more sophisticated twist*Khonsari Ransomware Group Targeting Self-Hosted Minecraft Servers*Apache releases a new patch to fix the third Log4j vulnerability*Researchers suspect that a new attack vector identified in Log4j exploits could expand the attack surface*State-sponsored Iranian hacker abused Slack API to steal data from Asian airlines*Leading US brewery and hotel chain "McMenamins" hit by Conti* ransomware attackLog4j hackers move on to injecting Monero miners via RMI*Credit card skimmers target the e-commerce industry through Magecart attacks*DDoS mitigation service provider "Cloudflare" experiences widespread latency and wait times*A new spy campaign targeting telecommunications companies in the Middle East and Asia*Hackers steal Microsoft Exchange credentials using "Owowa"* backdoorThreat actors start exploiting second Log4j vulnerability as third bug emerges*Apple releases iOS update for remote jailbreak exploitation*PyPi removes 3 Python packages suspected of installing a Trojan horse on victim systems*Virginia IT Agency Suffers Ransomware Attack*Kronos, Provider of Workforce Management Solutions, Suffers Ransomware Attack*Over 300,000 MikroTik devices remain vulnerable to remote hacking exploits*AWS suffers a second outage this month, affecting Twitch, Zoom, PSN, Hulu and others*Vulnerabilities in Wi-Fi and Bluetooth chips allow hackers to steal passwords*Researchers identify "ALPHV" as the most sophisticated ransomware of 2021*Threat actors actively exploiting the Log4Shell vulnerability to distribute malware to vulnerable computers*Partially Patched Dell Computer Drivers Still Vulnerable to Windows* Kernel-Level AttacksThreat actors target German online banking users with new phishing campaigns*Volvo Cars Suffers Ransomware Attack, R&D Information Revealed*Investigators link 'XE Group' to eight years of credit card theft*Apache Foundation releases security patch for second Log4j* vulnerabilityMicrosoft Patchday Security Advisory: December 2021*Mojang Studios Releases Emergency Minecraft Update Amid Critical Log4j Vulnerabilities*Threat actors launching Agent Tesla malware using PowerPoint macros in ongoing phishing campaigns*Hackers Deploy Notorious "TinyNuke" Information Stealing Malware Targeting French Users*Researchers Reveal the Building Blocks of the Widespread Banking Trojan Qakbot*AWS announces the cause of a recent massive outage*Research shows an active campaign exploiting over 1.6 million vulnerable WordPress sites*17 Malicious NPM Packages Let Attackers Steal Discord Tokens*Google releases an emergency Chrome update to fix zero-day for its Chrome browser*South Australian government data breach reveals information on over 80,000 employees*Threat Agents Targeting Enterprises Using New Zero-Day Exploit for Log4j* Java LibraryStrongPity Hacker Group Ships Malware Containing Malicious Notepad++ InstallersDark Mirai Botnet actively targets unpatched TP-Link routers*Hackers Target US Universities Through Office 365 Phishing Campaigns*Hikvision IoT devices vulnerable to attack by the Moobot botnet*Emotet Malware now installs Cobalt Strike directly on infected devices*Fujitsu Cites Violation of Japanese Ministries for Credential Theft by ProjectWEB*Cox Communications Publishes Data Breach Post, Hacker Poses as Support Agent*SanDisk SecureAccess bug allows brute force attacks on vault passwords*Google fixes high severity Use-After-Free vulnerabilities in its Chrome browser*SolarWinds Hackers Target Government and Corporate Organizations Worldwide*Fake KMSPico software steals victims' cryptocurrency wallets*Hackers use fake "spam notification" phishing emails to steal Microsoft* credentialsSonicWall fixes multiple security vulnerabilities in its SMA 100 series devices*Grafana fixes zero-day bug after exploits spread via Twitter*Popular Cloud Service Providers Affected by Multiple Eltima SDK Vulnerabilities*AWS suffers outage affecting shipments from Ring, Netflix and Amazon*QNAP warns users to protect NAS devices from Bitcoin miners*Conti ransomware targets Scandinavian hotel group Nordic Choice*Hundreds of SPAR stores experience major disruption in the North of England*BitMart Crypto Exchange Loses $200 Million in Crypto Tokens After Hack*Microsoft seizes domains used by Chinese state hacking group APT15*Research reveals 17 malicious frameworks used to attack air-gapped networks*Pakistani “SideCopy” Threat Actor Targeting Indian and Afghan Governments*Malicious ad campaigns Proliferation of malicious Chrome extensions and backdoors*Threat Actors Deliver "BRATA" Android Banking Malware Via SMS Phishing Campaign*Researchers Reveal 14 New XS Leaks Attacks on Popular Web Browsers*Finland's National Cyber Security Center Warns of New Banking Malware Campaigns for Android*Threat actors using the RTF template injection method in phishing campaigns*Phishing actors are actively exploiting users through an Omicron* phishing campaignZoho fixes a critical ManageEngine bug that was exploited in the wild*Spyware Pegasus is said to have hacked iPhones of the State Department and US diplomats*Scammer convicted of stealing millions of dollars in crypto through SIM hijacking*Threat actors promoting malicious Android apps to steal Malaysian banking credentials and MFA codes*(Video) THE Interview That "Solves The Human Condition And Saves The World!"BlackByte Ransomware Group exploits proxy shell bugs to deploy web shells on vulnerable Microsoft Exchange servers*New "NginRAT" Malware Actively Targeting E-Commerce Servers*Planned Parenthood LA announces data breach following ransomware attack*Threat actors proliferate Emotet via fake installation packages for Adobe Windows* applicationsFour Android banking Trojans infected more than 300,000 Android devices in 2021*Mozilla fixes a critical bug in its cross-platform cryptographic library*TrickBot malware authors adopt new ways to evade detection*Russian threat actors use Babadeda Crypter to avoid detection*Hardware giant "HP" fixes critical bugs from 8 years ago in its multifunction printers*Ohio-based DNA testing company, DNA Diagnostics Center, reveals data breach affecting 2.1 million people*“Sabbath” ransomware operators target critical infrastructure in the US and Canada*North Korean defectors and journalists targeted by new Chinotto malware*Threat actors using compromised Google Cloud instances to mine cryptocurrency*Maritime service provider "Swire Pacific Offshore" suffers ransomware attack*Threat actors hide new Linux malware payload in cron jobs to steal credit card data*Stealthy hacker group “WIRTE” targets Middle Eastern governments*Researchers Warn of Attacks on Recently Patched Apache HTTP Server Vulnerability Exploited in the Wild*Japanese multinational conglomerate Panasonic announces network attack after data breach*Furniture retail giant IKEA's email systems affected by a cyber attack*Researchers publish a new zero-day vulnerability in the Windows 10 Mobile Device Management service*APT C-23 Hackers Target Middle Eastern Users With New Android Spyware Variant*Researchers discover a new stealthy JavaScript malware that launches multiple Windows-based RATs*Iranian Threat Actors Exploit Microsoft's MSHTML RCE Flaws to Steal Google and Instagram Credentials*Group of advanced hackers targeting the bio-industry with a new strain of malware*Researchers have linked North Korean attackers to multiple credential theft campaigns*Malicious Python libraries steal Discord tokens and install reverse shells*PHP deserialization error on CloudLinux Immunity360 can lead to remote code execution*Corporate Cyber Espionage Threat Group 'RedCurl' Strikes With New Hacking Tools*Cisco fixes a critical bug in its Cisco ASA and FTD* firewallsMediaTek chip failures affect 37% of all smartphones and IoT worldwide*VMware fixes multiple vulnerabilities in vCenter Server and Cloud Foundation*More than 6 million Sky routers vulnerable to takeover attacks for 17 months*New "SharkBot" Android Banking Malware Hits Targets in US, UK and Italy*US wind turbine giant Vestas suffers data breach*Iran Airlines “Mahan Air” hit by cyberattack*Threat actors actively exploiting the new Windows* installer zero-day flawUS SEC Warns Investors About Ongoing Phishing Attacks*Utah Medical Center suffers a data breach; 582,000 patient records stolen*Threat actors hacking into vulnerable Microsoft Exchange servers to hijack internal email chains*GoDaddy suffers a data breach affecting 1.2 million customers*Android malware BrazKing returns with new stealth techniques*Threat actors abusing the Glitch Cloud service to host ephemeral phishing sites*APT Group has been using FatPipe VPN Zero Day Bug since May 2021*Vulnerable e-commerce sites are allowing hackers to deploy new Linux* backdoorsAttackers using domain spoofing techniques to bypass malicious traffic*Attackers distribute Emotet malware in new spam campaigns*NETGEAR fixes pre-authentication buffer overflow bug affecting multiple products*New TikTok phishing attack on influencer accounts*Emotet Botnet returns with TrickBot* malwareMicrosoft has released emergency updates to address Windows Server authentication issues*Fixed NPM private package name leak and authorization fatal error*The new version of Google Chrome 96 destroys the web applications of Twitter and Discord*WordPress sites seeking to display fake ransomware notes*Fatal errors detected in BIOS firmware affect multiple Intel* processorsHackers actively target Alibaba ECS instances to deploy encryption malware*Lazarus attackers target security researchers using the IDA Pro* Trojan applicationThe attackers hacked into FBI email servers to spread a spam campaign*US retail giant Costco exposes data breach after identifying credit card skimmers*A zero-day bug in the Windows User Profile service gets a free unofficial patch*BotenaGo malware targets millions of routers and IoT devices with 33 exploits*TrickBot hackers abused Microsoft's app installer in spam campaigns*WP Reset PRO plugin allows attackers to hijack websites*Netflix, Instagram and Twitter users target new Android malware*TeamTNT Cybercrime Group actively targets vulnerable Docker servers*German medical software company Medatixx suffers ransomware attack*Palo Alto fixes several vulnerabilities in PAN-OS*Clop Ransomware Gang now uses SolarWinds Serv-U vulnerability to attack*Zombie-themed phishing emails infecting users with MirCop ransomware*New Variant of Mekotio* Banking Trojan Discovered in the WildMicrosoft Patchday Security Advisory: November 2021*Microsoft has warned administrators to fix vulnerabilities in Exchange Server*Cisco fixes issues with encrypted credentials and default SSH keys on its Catalyst PON switches*Researchers reveal a critical RCE vulnerability in the TIPC module of the Linux kernel*Scammers harvesting Microsoft O365 and Google logins via fake confirmation emails*Researchers reveal two critical SQL injection bugs in Philips Healthcare IT solution*Prominent stock trading platform "Robinhood" suffers data breach *Electronics giant "MediaMarkt" hit by Hive* ransomware attackThreat actors actively targeting Sitecore XP RCE bug fixed*Central Depository Services (India) Limited announces data breach*Babuk ransomware delivered via Microsoft Exchange ProxyShell* vulnerabilitiesNew Android rooting malware "AbstractEmu" takes control of mobile phones with root access*CISA publishes catalog of known exploited vulnerabilities for various products*UK Labor Party reveals ransomware attack following data breach*Critical bug in Cisco Policy Suite Encrypted SSH key allows remote hackers to access root*US defense contractor Electronic Warfare Associates (EWA) suffers data breach*Google fixes actively exploited kernel bugs in its November Android patch*Microsoft suffers outage and blocks access to Onedrive and Sharepoint files*More than 30,000 unpatched GitLab servers vulnerable to critical RCE bugs have already been patched*More than 1.6 million devices infected with Pink Botnet in China*Investigators discovered several critical bugs in Pentaho Business Analytics software*Threat actors used Amazon SES token stolen by Kaspersky in Office 365 phishing campaigns*Threat actors distribute Chaos Ransomware via fake Minecraft "Alt List" text files*Threat actors deploying Snake Infostealer malware via phishing emails*Iranian Hackers Attack Israeli Web Hosting Provider Cyberserve*Health system of a Canadian province affected by cyberattack*Researchers Reveal New Spook Ransomware Engineered in Prometheus Code, All Victims Reveal*Pirate sports broadcaster hacked into major US sports leagues and attempted to extort $150,000 from MLB*Hive Ransomware Group releases new variants capable of encrypting Linux and FreeBSD devices*Israeli internet company hit by ransomware attack led by Iranian hackers*UMass Memorial Health Care Center suffers data breach*Google fixes bug that caused Chromebooks to fail to enroll devices*Google fixes two zero-day bugs in Chrome browser*MacOS bug allows hackers to use rootkits*OptinMonster Flaw WordPress plugin allows website hijacking*Threat actors targeting YouTubers in phishing campaigns*Cybercriminals deliver ransomware via malicious NPM packages*Apple fixes 22 vulnerabilities in iOS and iPadOS* devicesIranian gas station attacked by cyberattack*Hackers use new Squirrelwaffle malware in spam campaigns*Attackers used a new Yanluowang* ransomware in targeted attacksRussian attackers deliver malicious documents in phishing campaign*WordPress plugin bug can lead to outright takeover of vulnerable sites*South Korean telecommunications company 'KT Corporation' suffers nationwide blackout*CISA is recommended to fix a critical bug in the language software*NPM library hijacked by an attacker to compromise Windows and Linux* devicesMacOS malware uses new evasion techniques*The new PurpleFox backdoor uses WebSockets for C2 communication*SCUF Gaming International suffers data breach: 32,000 customers affected*Attackers spreading malware via Korean webhard and torrent sites*New threat group targeting organizations in South Asia using custom malware*Chinese attackers exploited Windows zero-day vulnerability in cyberattacks*FBI Alerts on Fake Government Websites Used to Steal Sensitive Information*The telecommunications company "Sinclair Broadcast Group" affected by a ransomware attack*The University of Sunderland suffers a cyberattack*Olympus US systems affected by a cyber attack*Ecuador's largest bank "Banco Pichincha" hit by cyberattack*Microsoft fixed compatibility issues in cumulative update KB5006674 for Windows 11*Attackers use mathematical symbols in phishing campaigns*Microsoft Azure customer affected by a large DDoS attack*Microsoft Patchday Security Advisory: October 2021*Apple fixes a zero-day bug in an emergency update to iOS 15.0.2*Google fixes four serious bugs in its Chrome browser*American Pacific City Bank attacked by AvosLocker* ransomwareThreat Actors Targeting Linux Devices With New FontOnLake* RootkitFIN12 Ransomware Group Aggressively Attacks Healthcare*Cox Media Group announces ransomware attack following data breach*Threat actors posing as "QuickBooks" in ongoing phishing campaigns*Global beer company BrewDog reveals confidential information of 200,000 customers*Researchers reveal new Android malware infecting Android phones*Telco 'Syniverse' announces database breach *Vulnerability patched by Microsoft prevents security updates for Azure Virtual Desktops*Apache emergency update patched with incomplete fix for actively exploited bug*Researchers reveal the UEFI bootkit that has been using Windows systems since 2012*Live streaming platform "Twitch" suffers a massive data leak*APT "ChamelGang" group targeting the fuel, energy and aviation industries*Researchers reveal several critical deficiencies in Honeywell Experion PKS and ACE controllers*Apache patches a zero-day vulnerability in its web server*The Telegraph suffers a major data breach; Leaked 10TB database*Researchers link different malware attacks to Chinese cyber-espionage group*Unknown ransomware group encrypting VMware ESXi servers using Python script*Industry publication Sandhills globally impacted by ransomware attack*Misconfigured Apache Airflow servers lose credentials*New Atom Silo Ransomware Group Targets Unpatched Confluence Servers*Unpatched bug allows contactless payments from locked iPhones*Threat actors target Commerzbank customers through new malware campaign*Hackers Steal Crypto From Coinbase Clients With MFA Bug*The "GhostEmperor" threat actor group backdoors Windows 10 systems with a rootkit*WhatsApp, Instagram and Facebook suffer massive outage due to configuration error*Google fixes two zero-day bugs in its Chrome browser*Hackers distribute Flubot Android malware via fake security updates*QNAP Fixes 3 Fatal XSS (Stored Cross-Site Scripting) Bugs Affecting NAS Devices*MoneyLion Announces Credential Stuffing Attacks After Data Breach*Neiman Marcus announces massive data breach; 4.3 million users affected*Amnesty International's Pegasus rogue antivirus affects Windows* systemsJVCKenwood attacked by CONTI* ransomwareThreat actors hijack the Windows bootloader using the UEFI Bootkit*Microsoft Warns of Cyber Attacks on Active Directory FS* ServersHackers steal bank accounts of users of the PIX do Brasil payment system*Researchers link new Tomiris backdoor to hackers behind SolarWinds* hackThe giant transport company "Forward Air" suffers a data breach*Microsoft suffers an MFA outage; Blocked access to Microsoft 365 services*Threat actors distribute new versions of Jupyter malware via MSI* installersThreat actors steal financial data from 378 banking and wallet apps via "ERMAC" malware*Various cyber attack campaigns abusing the Atlassian Confluence* RCE bugColossus ransomware targets a prominent US auto company*Worldwide outage of the Twitter web client*Threat actor targeting Indian government with commercial RATs as part of Operation Armor Piercer campaign*QNAP fixes two critical bugs in its QVR* softwareThe well-known communication provider "Bandwidth.com" affected by a DDoS attack*New "BloodyStealer" Malware Targets Popular Gaming Platforms*Google fixes fatal zero-day bugs in its Chrome browser*Researcher Posts Exploit Codes for 4 iOS Zero-Day Bugs on GitHub*Microsoft Warns Organizations About Large-Scale Phishing-as-a-Service Operations*Colombian Real Estate Company “Coninsa Ramon” Suffers Data Breach*Scammers target users in the US and Canada with new Android malware*SonicWall addresses a critical security vulnerability in its SMA 100* series productsThreat Actors Exposing Web Shells Through Nagios RCE Vulnerabilities*Researchers Reveal Remote Code Execution Bugs in AWS WorkSpaces*NETGEAR patches a vulnerability in its routers that allows remote code execution*Threat actors using BitRAT to attack South American organizations through spam campaigns*Cisco fixes three critical bugs in its IOS XR* softwareApple fixes a zero-day bug used to hack iPhones and Macs*Threat Actor Group FamousSparrow is breaking into hotels around the world via ProxyLogon* exploitsCyber criminals deploy rootkit via new bug in Microsoft Windows*Threat actors target companies in Latin America with new banking Trojan*Threat actors deploy new malware campaigns to mine cryptocurrency*Cring Ransomware Group is actively exploiting ColdFusion vulnerabilities patched decades ago*Microsoft Exchange Autodiscover Flaw leaks 100,000 Windows credentials*Russian threat actors use TinyTurla malware as a secondary backdoor*VMware has patched a critical arbitrary file upload vulnerability in its vCenter Server*Researchers have discovered a new zero-day vulnerability in macOS Finder*Republican Governors Association servers breached by Microsoft Exchange cyberattack*A US farmers' cooperative suffered a BlackMatter* ransomware attackMore than 1.4 million COVID-19 test results issued by various hospitals in Paris*Scammers Sending Spam Emails To Promote Elon Musk-Themed Cryptocurrency Scams*VoIP.ms affected by a DDoS attack; Multiple services affected*AMD fixes an information disclosure bug in its chipset driver*Travis CI, a leader in integration services, fixes a critical security vulnerability*Researchers uncover 'Operation Layover' phishing campaign targeting the airline industry*Threat actors using new malware to compromise the Windows Subsystem for Linux* environmentTamil Nadu public administration affected by ransomware attack*NETGEAR fixes third critical bug in its smart switches*Microsoft fixes a critical open management infrastructure bug affecting Azure cloud services*Adobe fixes 36 critical security vulnerabilities in its products*Threat actors pose as the US Department of Transportation to steal Microsoft* credentialsSouth African Department of Justice Suffers Ransomware Attack*Microsoft warns about information leaks in Azure* container instancesCybercriminals use new Linux Cobalt attack beacons during ongoing cyberattacks*Nitro Software fixes a remote code execution bug in its Nitro Pro PDF*Threat actors distribute new ZLoader malware using fake TeamViewer* installerMillions of PCs Affected by HP Omen* Privilege Escalation BugMicrosoft Patchday Security Advisory: September 2021*Telecom provider "MyRepublic" suffers data breach*New Android Banking Trojan Dubbed "S.O.V.A" Emerges with Increasing Capabilities*TeamTNT Hacker Group steals credentials using new open source tools*Apple Fixes Zero-Click iPhone Exploit Using Pegasus Spyware*Google fixes 2 zero-day bugs in its Chrome browser*"FudCo" Spam Empire is affiliated with a software company based in Pakistan*Howard University Suffers Ransomware Attack Shutting Down Network*Threat actors targeting Kurdish ethnic groups through mobile spyware attacks*New Windows Day 0 attack targeting users via weaponized Office documents*Meri's botnet launches a DDoS attack with 22 million RPS*Cisco is fixing several critical bugs in its IOS XR software*Threat actors leaked 500,000 Fortinet VPN credentials on Hacker Forum*Zoho fixes critical vulnerability in its ManageEngine ADSelfService Plus* solutionCritical bug in HAProxy leads to HTTP request smuggling attack*FIN7 group provides a backdoor into Windows 11 alpha-themed Word documents*Bug in Ribbonsoft's dxflib library allows attackers to remotely execute commands*New malware family uses CLFS log files to evade detection*Threat actors hacked into the Jenkins project's Confluence server to install Monero miners*NPM, Package Manager fixes a critical bug in the Package Pac resolver*Microsoft links SolarWinds Serv-U SSH zero-day attack to Chinese hackers*NETGEAR fixes critical bugs in its smart switches*Threat actors take advantage of the confluence bug to install cryptocurrency miners*Billions of multi-vendor Bluetooth devices remain highly vulnerable to BrakTooth bugs*Dallas Public School suffers data breach*Immigration Canada is accepting an additional 7,300 applications in the TR-to-PR program due to a technical error*Cisco Fixes Critical Authentication Bypass Bug in NFV Infrastructure Software (NFVIS)*More than 60,000 parked domains were vulnerable to domain hijacking attacks*Autodesk Attacked by SolarWinds Hackers Using Sunburst Backdoor*LockFile Ransomware Bypasses protection through intermittent file encryption*Microsoft Exchange ProxyToken flaw allows attackers to access users' email messages*Multiple Vulnerabilities Identified in Fortress S03 Wi-Fi Home Security Systems*Threat actors selling GPU-based malware via hacker forums*Annke fixes a stack-based buffer overflow bug in its video surveillance product*Synology announces Open SSL vulnerabilities affecting its NAS devices*Attackers abusing proxy applications to monetize malware campaigns*QNAP announces OpenSSL bugs affecting its NAS devices*New York Credit Union Announces Insider Threat; 21 GB of sensitive data destroyed*Google app bug prevents users from making and receiving calls*Attackers distribute phishing emails via open redirect links*Researchers warn users of four emerging ransomware clusters*FIN8 Threat Group Attacks Financial Institutions With Sardonic Backdoor*US computer retailer in the crosshairs of new SideWalk* backdoorCritical F5 BIG-IP vulnerability affects customers in sensitive industries*VMware fixes four major bugs in the vRealize Operations Manager API*Microsoft Power App loses 38 million sensitive data records due to misconfigured tables*Threat actors are actively exploiting 15 vulnerabilities to hack Linux systems*Microsoft Warns Customers About Azure Critical Cosmos DB Vulnerability*Cisco fixed a critical bug in its APIC software*The Boston Public Library experiences a system-wide outage*Cyber criminals using BazaLoader malware via fake DDoS notifications*Emsisoft Releases Free Decryptor for SynAck* Ransomware VictimsCompromised WhatsApp mod delivering malicious payloads via supply chain attacks*Threat actors share ShadowPad malware among Chinese spy groups*NSO Group Deploys Pegasus Spyware Through New Zero-Click iPhone Exploit*OpenSSL vulnerabilities can be exploited for various cyberattacks*ACROS Security releases a micropatch to fix the PetitPotam bug*Mozi, an IoT botnet, targets network gateways and IoT devices*Threat actors actively exploiting newly disclosed vulnerabilities in the Realtek SDK*AT&T denies data breach after hackers auctioned off 70 million user databases*Google publishes information about Windows AppContainer vulnerabilities without patches*Cloudflare foils the largest DDOS attack ever recorded*Microsoft Exchange servers attacked by the new LockFile* ransomwareSAC Wireless, a subsidiary of Nokia, reveals a data breach after the Conti* ransomware attackPhishing campaign used XSS flaw on UPS website to spread malware*Vulnerable Microsoft Exchange servers are targeted by ProxyShell* vulnerabilitiesAttackers used the Citrix* vulnerability to access US Census Bureau servers.Critical vulnerability discovered in the Universal Plug-and-Play (UPnP) service of several Cisco routers*BadAlloc Bug Affects BlackBerry QNX Real-Time Operating System (RTOS)*Chase Bank suffers data breach due to technical failure*Data exfiltration attacks can bypass Cisco security products*Ransomware Attacks Affect Rural Maine Wastewater Treatment Plants*Memorial Health System, Florida, Suffers Ransomware Attack*Attackers targeting multiple users in Mexico via the Neurevt* TrojanAdobe fixes critical vulnerabilities in Photoshop*Critical bug in ThroughTek peer-to-peer (P2P) SDKs affecting millions of IoT devices*Fortinet delays fix of zero-day bug in its Web Application Firewall (WAF)*Various Realtek related bugs affecting their Wi-Fi SDKs; Impact on nearly a million IoT devices*Tokyo Navy Branch in Singapore Suffers Ransomware Attack*Threat actors selling Ficker's information-stealing malware as malware-as-a-service (MaaS)*Iranian government-affiliated hacker groups conducting cyber-espionage activities in Israel*Attackers use "CAPTCHA" images to trick users into ignoring browser warnings*Brazilian State Treasury suffers ransomware attack*Threat actors can exploit Middlebox-related bugs for reflected TCP augmentation*Threat actors spread WarzoneRAT via compromised WordPress sites*TA505 Threat Group Installation of ServHelper RAT with new techniques*Various STARTTLS related bugs found in popular email clients*Trend Micro fixes wild zero-day vulnerabilities*T-Mobile Suffers Massive Data Breach; Data theft of 100 million customers*The infamous AlphaBay Darknet marketplace has reopened*Microsoft has detected hackers using Morse code in phishing campaigns to evade detection*Threat actors using CAPTCHA-protected phishing campaigns*Scammers posing as FINRA in an ongoing phishing campaign*Various flaws in the Wodify Fitness platform allow hackers to take control*New AdLoad malware variant evades Apple's XProtect defenses*Ford breakdown reveals sensitive information from internal systems*Attackers can now eavesdrop on DNS traffic through flaws in managed DNS services*Intel Releases Patches for Critical Bugs in NUC 9 Extreme Laptops and Linux* Ethernet DriversCinobi Banking Trojan Targets Cryptocurrency Exchange Users Through Malvertising*One Million Stolen Credit Card Details Leaked on Carding Marketplace*Gigabyte suffers a RansomEXX* ransomware attackMicrosoft confirms another zero-day error in the Windows print spooler*Accenture hit by LockBit* ransomware attackAttackers stole $600 million worth of cryptocurrency*Researchers revealed eCh0raix ransomware targeting NAP and Synology NAS devices*Microsoft Patchday Security Advisory: August 2021*Adobe has patched several critical vulnerabilities in its products*Russian federal officials targeted by Chinese threat actors*Chinese threat actors target prominent Southeast Asian telcos*The city of Joplin suffers a ransomware attack*FatalRAT Trojan uses Telegram*New FlyTrap malware puts thousands of Facebook accounts at risk*New Chinese Spyware Used in Widespread Cyber Espionage Attacks*VMware parchea las vulnerabilidades de Access and Identity Manager de Workspace ONE*INFRA:HALT errors affect the built-in TCP/IP stack, widely used in OT devices*Cisco: Firewall Manager RCE error is a zero-day entry patch*Go & Rust languages affected by critical IP address validation flaw in "net" library*Leak in New York Public Schools; confirm employees*Threat actors are actively exploiting vulnerable home routers*Sun marker malware targeting the healthcare and education sectors*The attacker scans Microsoft Exchange servers for a ProxyShell vulnerability*New APT Threat Group Targeting Microsoft IIS* ServersGoogle has patched several serious vulnerabilities in the Android operating system*BlackMatter ransomware Linux variant that encrypts VMware ESXi* machinesNew Vultur Android malware abuses accessibility services*Energy Group ERG reports minor outages after ransomware attack*Google fixes various Chrome vulnerabilities*New Cobalt Strike DoS Vulnerability Allows Attackers to Shut Down Servers*Advanced Technology Ventures reveals a data robot attack*Cisco fixes pre-authentication vulnerabilities in its VPN routers*Romanian Cryptojacking Attackers Target Linux* DevicesMultiple TransLogic Firmware Vulnerabilities Discovered; Major Impact on North American Hospitals*The Lazio region of Italy suffers a ransomware attack*New Meteor malware in Iranian rail attack*Fixed various vulnerabilities in WordPress Download Manager*Fixed a serious HTTP vulnerability in Node.js*Russian attackers compromised email accounts of the Federal Prosecutor's Office*New vulnerabilities could allow attackers to compromise Zimbra's server via email*Researchers discover new Haron* ransomware gangA new removal of .Stolen ransomware from disk snapshots Post-disk encryption*LockBit 2.0 Ransomware uses Group Policy to encrypt Windows domains*Attackers compromised Chipotle's marketing account to send phishing emails*Multiple bugs discovered in 3 open source software*DarkSide Ransomware Gang returns as a new BlackMatter Ransomware*Attackers install PlugX malware variant on compromised MS Exchange servers*Northern Ireland suspends post-COVID data breach certificate service*Attackers posing as aerobics trainers to attack employees*Android Trojan distributed by APT attackers via Syrian e-government portal*UC San Diego Health suffers data breach after phishing attack*Oracle fixes critical bugs in its products*LemonDuck malware targeting Windows and Linux* systemsSignal fixes a critical bug in its Android versions*Apple fixes a zero-day exploit exploited in the wild*XCSSET malware for MacOS targets Telegram accounts and Google Chrome data*Researchers announce 3 zero-day failures in Kaseya Unitrends backup solution*Kaseya Receives Universal Decryptor Tool to Help Victims*Critical vulnerabilities reported in Etherpad*The Campbell Conroy & O'Neil law firm suffered a ransomware attack*Malicious NPM package steals Chrome passwords on Windows via recovery tool*China raped dozens of pipeline companies between 2011 and 2013, federal authorities say*Akamai suffers a DNS failure; Known websites and online services affected worldwide*Dell patches 3 critical vulnerabilities in OpenManage Enterprise Service*Atlassian fixes a critical vulnerability in its Jira Data Center and Jira Service Management Data Center products*Ecuador's state-owned CNT Telco suffers a ransomware attack*Juniper fixed several bugs in its products*Attackers using Remco's RAT via Visual Basic*Microsoft seizes homoglyphic domains used in BEC* campaignSaudi Aramco Suffers Data Breach; 1TB of stolen data for sale*A 16-year bug affects millions of HP, Samsung and Xerox printers*Bug discovered in Fortinet allows attackers to run code as root*WIFIDemon leads to remote code execution attacks on iOS devices*Card attackers use unique techniques to evade detection*Cisco fixes major bugs in its ASA and FTD* software releasesPegasus Spyware infects the mobile devices of prominent employees around the world*WildPressure APT targets Windows and macOS systems via a new malware variant*Google fixes zero-day vulnerability in its Chrome browser*D-Link fixes several security vulnerabilities in its router version v1.13B03* DIR-3040*Scammers Target Comparis Group Users After Ransomware Attack*Multiple vulnerabilities in NuGet packages affect the .NET* platformWindows Hello Authentication Bypass Vulnerability Patched by Microsoft*Recent ZLoader malware attacks use a new macro-related delivery method*Sage X3 fixes several security vulnerabilities in its Enterprise Resource Planning (ERP) product*Attackers spread BazarBackdoor malware via nested RAR and ZIP archives*SonicWall warns of impending ransomware attacks on SMA 100 and SRA* VPN devicesVMware fixed crashes in ESXi and ThinApp applications*Chinese hackers use SolarWinds Zero-Day to attack US defense companies*The new victim's computer screen shows a live feed of the BIOPASS RAT*Passwords generated by Kaspersky Password Manager used in brute force attacks*Adobe Patch Tuesday - July 2021 Security Notice*Microsoft Patchday Security Advisory: July 2021*Kaseya fixed several VSA bugs exploited in REvil* ransomware attackFlaws in Cisco BPA and WSA can lead to privilege escalation attacks*Mitsubishi Electric corrected bugs in air conditioning control systems*A fashion retailer suspected of a data breach after a ransomware attack*SolarWinds fixes a zero-day bug that was exploited in the wild*Insurance company CNA suffers data breach after ransomware attack*Mint Mobile Suffers Data Breach; Hackers Porting Victims' Phone Numbers*Morgan Stanley reports data breach after provider reported Accellion hackNobelium Hacking Group allegedly accessed Microsoft* customer support toolsCryptomining scam targeting victims via rogue Android apps*Malspam campaign delivering Cobalt Strike payloads masquerading as Kaseya VSA Security Update*Microsoft fixes a critical edge bug that leads to UXSS* attacksCISA announces 15 vulnerabilities affecting Philips Vue Healthcare products*Pro-Trump social media site GETTR suffers data breach*QNAP fixes critical bug in NAS backup and disaster recovery solution*Insurance giant AJG reports data leak after ransomware attack*Wizard Spider Threat Actor Group Linked to New Diavol* RansomwareNETGEAR Fixes 3 Critical Bugs in DGN-2200v1 Series Routers*Microsoft urges Azure users to update their PowerShell tool*Threat actors hacked Mongolian certificate authority to deploy backdoors*Threat Actors Targeting Unpatched Cisco ASA Devices Aggressively Launch PoC*Kaseya Suffers Massive Ransomware Attack; Hundreds of businesses affected worldwide*Giant Retailer Closes 500 Stores After Kaseya Ransomware Attack*Microsoft Releases Emergency Patch for Windows Zero-Day PrintNightmare* VulnerabilityAttackers target Microsoft Halo development servers through dependency hijacking*Law Enforcement Seizes Servers for DoubleVPN Service*WD storage devices vulnerable to ongoing cyberattacks*LinkedIn suffers data breach, data of 700 million users exposed*DarkRadiation Ransomware Group targets Linux and Docker instances*Threat actors using WIM files to bypass security solutions via phishing emails*Microsoft signs rootkit malware disguised as Windows* driversUnpatched bugs in PlingStore applications can lead to supply chain attacks*Scammers pose as FINRA support in new phishing campaign*Fortinet parchea 2 vulnerabilidades en su Web Application Firewall (WAF)*High Severity Vulnerabilities Detected in Vulnerable NVIDIA Jetson Chipsets*Spam campaign hides 'handwritten' links in Tinder profile pictures*Pakistani Hackers Target Indian Energy Company With ReverseRat*Mercedes-Benz suffers data breach*Multiple errors in Dell SupportAssist; Affects 30 million PCs*Researchers discover a vulnerability in the 2G* mobile data encryption standardConti Ransomware Gang leaked subpoena documents from the City of Tulsa Police Department*MassNotify Covid-19 tracking app will automatically install on Android phones in Massachusetts*Fixed a critical vulnerability in the VMware Carbon Black application control*A partially fixed bug in SonicWall affecting 800,000 firewalls*Open Design Alliance SDK Vulnerabilities Affecting Multiple Vendors*South Korea's nuclear research agency was hacked with a VPN bug*Multiple vulnerabilities discovered in Schneider PowerLogic* devicesZephyr RTOS fixed several bugs in its Bluetooth LE stack*See AlsoDe 7 beste Citrix-software voor prestatiebewakingHealth giant Fleury Group suffers ransomware attack*Palo Alto Networks has patched a critical vulnerability in Cortex XSOAR*Fixed Microsoft high noise bug on Windows 10*Threat actors send fake blackmail emails posing as the DarkSide Gang*Wegman's supermarket chain suffers a data breach*Andariel Hacking Group Targets South Korean Industry With New Malware Campaign*Polish officials in the crosshairs of Russian cyberattacks*Russian Consumer Watch bans VyprVPN and Opera VPN services*Gelsemium hackers target NoxPlayer with supply chain attack*Reproductive Biology Associates Clinic Sofre Ataque de Ransomware*Critical bug in ThroughTek allows spying on millions of cameras*Newly discovered iPhone bug may disable iPhone Wi-Fi functionality*Researchers Warn of SolarMarker Malware Deployed Via SEO Poisoning*Attackers circumvent Office 365 MFA in BEC* attacksAttackers can access victim information through a vulnerability in Microsoft Power Apps*Instagram bug allows attackers to see user's private account details*Propane service provider AmeriGas announces a data breach*Cake Box suffers a data breach; Customer credit card numbers disclosed*Clop ransomware gang suspects arrested in Ukraine*Fixed Google zero-day bug in Chrome web browser*Scammers send fake billing devices to steal cryptocurrency*Thousands of VMWare vCenter servers remain vulnerable to remote code execution attacks*Apple fixed 2 zero-day crashes on iOS devices*Hackers can spy on Samsung Mobile users with pre-installed apps*Interpol took down several fake online pharmaceutical websites*The Spanish Ministry of Labor and Social Economy suffers a cyberattack*Shutdown of the Avaddon Ransomware group*Grocery store giant Edward Don temporarily closes due to ransomware attack*7 Year Privilege Escalation Polkit Bug Affecting Linux* DevicesMcDonald's announces data breach; Customer and Employee Information Disclosed*Audi and Volkswagen Suffer Data Breach; 3.3 million customers affected*Supermarket giant JBS pays $11 million to REvil Ransomware Group*The famous video game company Electronic Arts suffers a data breach*WAGO controller failures can cause interruptions in the industrial process*Stolen Slilpp credentials seized by police*Rapid CDN outage affected multiple sites*The latest Necro Python malware has new exploits and cryptomining capabilities*Phishing campaign targeting the United States Financial Services Commission (FINRA)*Memory and Storage Vendor ADATA Suffers Ransomware Attack*Vulnerability patched by Microsoft in the MSGraph* componentPuzzleMaker Threat Actors Targeting Windows 10 Systems with Chrome-day zero*STUN servers abused by DDoS attacks*New Siloscape malware targets Windows containers to access vulnerable Kubernetes clusters*Attackers actively target vulnerable VMware vCenter servers*Google fixed several critical bugs in the latest Android security updates*Adobe fixes 41 vulnerabilities in 10 products*Intel patches 73 vulnerabilities*Microsoft Patchday Security Advisory: June 2021*EvilCorp cybercriminals impersonate PayloadBIN to evade US sanctions*US truck manufacturer Navistar announces data breach*Cisco fixes high-risk vulnerabilities in various products*Open Source Stolen Credentials Disclosure App Have I Been Pwned*Software de ataque de ransomware Nantucket Steamship Authority*Researchers reveal a critical bug in Realtek's Wi-Fi module*Threat actors using SkinnyBoy malware with malicious MS Word documents*Threat actors bypass ransomware defenses in antivirus solutions through whitelisted apps*Huawei fixed privilege escalation bug on its USB LTE dongle*FUJIFILM suffers a ransomware attack*North Korean hacking operation against South Korean government entities*Various Cisco, Akamai, and Linux Products Affected by Lasso* Library VulnerabilityMultiple vulnerabilities reported in industrial switches from multiple vendors*Swedish health authority shuts down SmiNet database after multiple hacking attempts*Attackers exploit critical zero-day bug in WordPress* pluginResearchers have revealed two new attack techniques that alter the content of the certified PDF document*New phishing campaign detected targeting Walmart users*Two domains used in Nobelium* phishing campaign seizedFood giant JBS temporarily shuts down due to cyber attack*BazaLoader campaign distributes phishing emails to compromise users' Windows systems*FBI Reports Attackers Exploiting Unpatched Fortinet Devices*Researchers warn of Facefish backdoor infecting Linux* devicesA new bug in VSCode extensions may lead to supply chain attacks*Siemens fixes a high-severity memory protection bypass in its PLCs*Canada Post reports data breach following vendor ransomware attack*Threat actors distribute the AnyDesk Trojan installer through a malicious advertising campaign*SolarWinds Hackers Deploy New "NativeZone" Backdoor Through New Supply Chain Attack*Technical error in the Klarna mobile app reveals user data*New Epsilon Red ransomware abuses unpatched Microsoft Exchange servers*Threat actors actively exploiting a command injection flaw in on-premises SonicWall NSM products*TPG shuts down legacy TrustedCloud service after data breach*Threat actors using Data Wiper malware disguised as ransomware*Checkbox poll fixes arbitrary code execution bug exploited in the wild*Attackers impersonate devices via recently discovered Bluetooth bugs*HPE fixes critical zero-day bugs in Systems Insight Manager (SIM)*Office 365 error when sending email from Exchange Online and Outlook to the spam folder*Malware attack paralyzes Siegfried Group's network*Multiple Japanese authorities suffer data breaches in a supply chain attack*Hackers Sent Racist Registration Emails Pretending To Be From Walmart*Zeppelin ransomware is back in action with updated malware*Apple fixes a zero-day bug in the TCC Framework*Japan dating app omiai data breach; Data from more than 2 million exposed users*VMware fixes critical remote code execution bug in vCenter*CryptoCore campaign to hack cryptocurrency exchanges around the world*Scheme flood vulnerability allows hackers to identify users*Florida Water Treatment Plant Suffered Cyber Incident Before Poison Attack*Ivanti fixes a high severity vulnerability in Pulse Connect Secure VPN*Electronics giant Bose reports data leak after ransomware attack*Trend Micro Patches 3 Vulnerabilities in Home Network Security Appliances*Menacing Actor Behind Infamous UPMC Breach Convicted; He faces 7 years in prison*Apple 3 Days Zero patches affect macOS and tvOS* devicesMicrosoft releases mock tool for attack scenarios*23 Misconfigured Android Apps That Leak Users' Personal Information*Google fixes Chrome browser crash on Windows 10 and Linux* platformsGoogle fixes heap-based buffer overflow vulnerability in Chrome*CNA Financial paid a $40 million ransom to Evil Corporation*FBI Warns Organizations About Conti* RansomwareE-commerce giant Mercari suffers massive data breach in Codecov* incidentQNAP warns organizations about the impact of Qlocker ransomware on vulnerable HBS devices*Stolen Dominos India data for sale on the Dark Web*Air India hacked; Leaked information on 4.5 million passengers*Android releases fixes for 4 new zero-day vulnerabilities*New malware campaign offers fake ransomware*Slack messaging app experiences major outage*WP Statistics plugin vulnerability affected over 600,000 WordPress sites*Magecart hackers using a PHP-based backdoor via website favicons*New Bizzaro Banking Trojan Targets European and South American Banks*Experts Warn of Continued AutoHotkey-Based Malware Attacks*FBI Warns of Targeted Phishing Campaign Spreading Advanced Malware*Student insurance provider Guard[.]me suffers a data breach*Insurance giant AXA hit by ransomware attack*Threat actors deploying Lizar malware under the guise of an ethical hacking tool*APT36 group imitates legitimate Indian military and defense organizations*Monday[.]com source code accessed by Codecov hackers*Toshiba subsidiary hit by DarkSide Ransomware Group*Cisco behebt Zero-Day-Bug im Cisco AnyConnect Client*Access to Rapid7 source code in Codecov Supply Chain Attack*AMD fixes two bugs that bypass AMD's SEV protection system*Snip3 Crypter Service providing multiple RAT types*Hackers deliver malware via Microsoft Build Engine files*Citrix Patch Vulnerability in Workspace app for Windows*New Phishing Scam Using Cryptocurrency Recovery Phrases Via Twitter*Hacking of the colonial oil pipeline; $5 million ransom paid*QNAP warns of zero-day error on Roon servers*Herff Jones suffers data breach*New Lorenz ransomware affects multiple organizations around the world*Brenntag trick; $4.4 million ransom paid*DarkSide ransomware servers seized after postcolonial pipeline attack*Lemon Duck Crypto Miner Strikes Again*Irish Health Services Report Ransomware Attack; $20 million ransom demanded*Threat Actor Reveals Stolen Data to D.C. Police after the Columbia hack*FBI and ACSC warn of Avaddon* ransomware attacksVideoLan fixes automatic update error in VLC Media Player*Ransomware attack in the city of Tulsa, USA*All WiFi devices are vulnerable to FragAttacks*A new Qualcomm vulnerability affecting Android*-based mobile devicesOver 25% of outbound Tor relays spied on user activities on the dark web*Fixes 19 Google bugs without Chrome 90.0.4430.212*New Twitter feature shows sensitive information*Cuba ransomware partners with Hancitor for spam attacks*Jones Day Law Firm Affected by Data Breach*Attackers Exploit Authoritative DNS Servers via TsuNAME* DNS BugErrors in NatWest Bank scheduled payments can cost customers money*(Video) Bitterness and Dread | Exandria Unlimited: Calamity | Episode 2Russian hackers allegedly exploit 12 vulnerabilities in the wild*New stealthy rootkit targeting high-level organizations*Twilio and HashiCorp Report Cyber Attacks Following Codecov Supply Chain Hack*The UNC2529 threat group distributes three new malware strains via phishing emails*Six critical unresolved bugs discovered in the remote mouse app*Foxit Fixes Remote Code Execution (RCE) Vulnerability in Foxit Reader*Colonial pipeline suffers alleged ransomware attack*Microsoft Edge crashes when playing YouTube*Scammers posing as "SNL on Elon Musk" in a cryptocurrency scam*VMware corrige un error crítico en vRealize Business for Cloud Virtual Appliance*HP Enterprise fixes a critical bug in the Edge Platform Tool*New Windows "Pingback" Malware Using ICMP for C2* OperationsN3TW0RM ransomware targeting companies based in Israel*Alaska's judicial system went offline in a cyberattack*21Nails Exim Critical Bugs Affecting Vulnerable Linux Servers*Network Solution and Register.com report a DNS failure*Tesla car hacked remotely with drones*Dell fixes 12 year old bug in DBUtil* BIOS driverInsight Global Insider Threat publishes information on COVID-19*Complexcodes sells basic malware based on "WeSteal"* signaturesChinese attackers target Russia's largest nuclear submarine designer*A new malspam campaign distributing the Rust*-based Buer malware variantIntel and AMD chips are vulnerable to Spectre* side channel attacksPulse Secure Fixes VPN Zero-Day Vulnerability*LuckyMouse is designed for multiple organizations through the system upgrade toolkit*.Critical IP address validation vulnerability found in Python*Mount Locker ransomware uses new tricks to evade detection*ISC fixes various BIND vulnerabilities in DNS servers*Researchers uncover a new Iranian state-sponsored ransomware campaign*SolarMarket RAT uses Google SEO tactics to attract victims*First Horizon Bank Hacked; $1 million stolen*2 Apple fixed zero-day vulnerabilities in iOS*Chinese hackers target military organizations in Southeast Asia*Insidious backdoor infecting Linux* systemsFBI Shares 4 Million Email Addresses Stolen From Emotet Botnet*PHP Composer bug ends in widespread supply chain attacks*Hotbit Crypto Exchange Crashes After Cyber Attack*Stolen ParkMobile customer details exposed online*Whistler Resort Town Suffers Ransomware Attack*Microsoft discovered critical code execution bugs in IoT and OT devices*DigitalOcean data breach reveals customer billing information*Court of Rio Grande do Sul Suppresses Ransomware Attack*Attackers use SonicWall zero-day for ransomware attacks*F5 Reveals KDC Spoofing Vulnerability in BIG-IP Consoles*UnitingCare, Queensland Systems Derrubados*UK Merseyrail rail network affected by Lockbit ransomware*Google fixes critical RCE vulnerability in Chrome*Stolen MangaDex Database Leaked Online*NTLM Relay Attack Exploits Vulnerability in Windows* RPC ProtocolGuilderland Central Schools Affected by Malware Attack*Apple iCloud mail server failure*Fake Microsoft DirectX 12 employing crypto-stealing malware*DC Columbia Police Hacked; Redemption required*Oilfield services giant Gyrodata announces data breach*Microsoft Teams is down*Attackers spread FluBot malware through Android devices*Prometei botnet operators exploiting dubious Microsoft Exchange servers*New cryptomining malware turns vulnerable Windows and Linux devices into bots*Hacker Leaks 20 Million BigBasket Data for Free*Critical RCE bug reported in homebrew package manager *Hackers Leverage PulseSecure to Deploy SUPERNOVA* MalwareQlocker malware encrypts QNAP devices with 7zip*Twitter mistakenly sends spam emails*ToxicEye Trojan abuses Telegram to steal data*PasswordState is the latest victim of supply chain attack*WhatsApp Pink Malware automatically responds to Skype, Signal and other messengers*Idle online exchange; Microsoft 365 outage affects email delivery*Pareto Android Botnet Attacks Smart TV Ads*1.3 million Windows RDP Server credentials found on hacker forum*Fixed several security vulnerabilities in Google Chrome*Microsoft partially fixes vulnerability in Windows 7 and Server 2008 R2*Attackers infect the Google Play Store through fake apps*Data breach reported by Eversource Energy*Attackers are actively exploiting vulnerabilities in 4 Pulse Secure*Attackers Target Multiple Networks in Supply Chain Attack Following Codecov Data Breach*Gang Revil tried to blackmail Apple through an alleged Quanta hackResolving zero-day vulnerabilities in SonicWall Email Security*Remote Code Execution Vulnerabilities Discovered in Cosori Smart Air Fryer*"Tag Barnakle" malicious ad campaign compromises 120 ad servers*Attackers hack Android devices remotely via WhatsApp blocking*Lazarus APT uses BMP images to distribute Trojans*Geico suffers data breach; Stolen Insured Driver's License Numbers*Researchers found a campaign that imitated the Microsoft store, Spotify websites and the chess app*WordPress fixes XXE crash in PHP 8*Domino's India database hacked; 10 lakh credit card details leaked*Critical Remote Code Execution Vulnerability Discovered in Juniper Devices*Attackers exploit a critical bug in Facebook's live video feature*Multiple reported vulnerabilities in the EtherNet/IP stack for industrial systems*spread malware through Xcode projects; Infection of Apple M1*-based MacsAttackers steal credentials via Operation Overtrap*Fortinet launches a new variant of FormBook*Hackers gained access to the Capcom* ransomware attack through a vulnerable VPN deviceCritical zero-day vulnerability found in Desktop Window Manager (DWM)*Swinburne University, Australia, suffers a data breach*Twitter suffers global blackout*Google lanza Chrome 90*Cyberattack at the University of Hertfordshire, UK*Tata Communications data leaked through Route Mobile*More than 100 million devices are vulnerable to DNS exploits*Attackers manipulate popular app stores to distribute malicious apps*Researchers Reveal Second Chrome Zero-Day Exploit*SAP fixes critical bugs in SAP Commerce, NetWeaver and Business Client*Android spy RAT "BRATA" strikes back*New phishing campaign using fake antivirus billing alerts*Hidden malware without Fake Browserify NPM package*Adobe fixes 10 vulnerabilities in various products*QBot operators use QBot and IcedID malware as final payload*Malicious Facebook Ads Dropping Malware on Systems*Bakker Logistics suffers a ransomware attack*Microsoft Office 365 phishing campaign avoids detection with malicious Javascript code*10 malicious apps in App Gallery infected with Joker malware*Microsoft Patchday Security Advisory: April 2021*New malware "Saint Bot" that steals user passwords*IcedID malware distributed via contact forms*hacked swarm store; More than 600,000 stolen records discovered*Pharmaceutical giant "Pierre Fabre" suffers REvil* ransomware attackSeveral Gigaset Android smartphones are infected with malware*New Android malware automatically spreads to devices via WhatsApp autoresponders*Lazarus Hacking Group contraataca con Vyveva Backdoor*Rockwell Automation fixes 9 critical vulnerabilities in FactoryTalk AssetCentre*VISA warns of the increase in web data theft attacks*LinkedIn data breach; Data from 500 million users published on the dark web*Unpatched Fortinet VPN devices are exploited by Cring ransomware*Cisco fixes vulnerabilities in Cisco SD-WAN vManage software*Chinese Hackers Attack Vietnam's Government and Army*A new spear phishing campaign using malware using language-changing software*Attackers Target Companies with New “Janeleiro” Banking Trojan*Hackers Deploy "more_eggs" Malware Through Fake LinkedIn Job Ads*The European Commission and EU organizations suffer from cyberattacks*Booking.com fined $560,000 for DPA*VMware fixes critical RCE bug in Carbon Black cloud workload*Data from 279+ "fan-only" accounts posted online*TU Dublin and National College of Ireland suffer ransomware attack*Attackers actively exploit unpatched SAP applications*Hackers Exploiting the "BITS" Component of the Windows* Operating System$38 million gift cards sold by cybercriminals on Russian hacker forum*Fixed Microsoft Outlook "This item cannot be sent" error*Clop Ransomware Gang publishes sensitive data from various universities online*Attackers Target Japanese Industries With Multiple Backdoors*Fake jQuery plugin delivering malware to systems*Electronics manufacturer "Asteelflash" suffers from REvil* ransomware attackBrown University Suffers Cyber Attack*US Department of Justice Warns of Fake Phishing Campaign for Covid-19 Vaccine Research*FBI and CISA warn of attacks on unpatched Fortinet FortiOS servers*Threat actors attempt to blackmail Ubiquiti after data breach*Researchers report an increase in DDoS ransomware attacks*Fake pen testing company 'SecuriElite' targets security experts*Facebook data breach; Data from 533 million exposed users*Citrix fixes several hypervisor vulnerabilities*SolarWinds fixes four vulnerabilities in the Orion platform*Attackers hacked PHP's Git server to add backdoors*Malicious Android "System Update" malware compromises devices*Members of the German Bundestag are the target of a spear phishing attack*BazarCall malware infecting systems through malicious phone calls*New 5G vulnerability allows denial of service and data access attacks*Detected campaigns targeting players via malware hidden in game mods and cheats*Fat Face Announces Data Breach; Pay $2 million ransom*VMware fixes two critical bugs in vRealize Operations Manager*Harris Federation affected by a ransomware attack*Slack shuts down a new feature due to security concerns*npm fixes a critical network vulnerability in the "netmask" library*OpenSSL fixes two high severity vulnerabilities*Microsoft fixes Windows 10 Secure Boot vulnerability*Weintek fixes remote code execution bugs in its product line*Evil Corporation uses Hades ransomware to evade detection*Fixed two critical vulnerabilities in a WordPress plugin*FBI Alerts on Mamba Ransomware*Mobiwik Data Breach; Data from more than 5 million exposed users*Threat actors exploiting critical flaws in GE's Universal Relay products*Apple fixes zero-day vulnerability in Webkit* browser engineBackblaze reports data breach; 9245 user metadata exposed*Cloudflare's new Page Shield feature reports malicious JavaScript dependencies*Purple Fox operators target vulnerable Windows systems*Two dozen malicious Chrome extensions spread malware around the world*Microsoft fixes elevation of privilege bug in PSExec*Multiple vulnerabilities discovered in Cisco Jabber*Adobe fixes critical vulnerability in ColdFusion*CISA and FBI warn of phishing attacks spreading TrickBot* malwareColorado and Miami Universities Suffer Data Breach Due to Vulnerable FTA Accellion Servers*High availability server maker Stratus suffers ransomware attack*Shell suffers a data breach due to the use of vulnerable Accellion FTA servers*Attackers exploiting vulnerable Qualcomm graphics components on Android* devicesCNA Insurance Company Suffers Ransomware Attack; New malware family used*IoT Maker Sierra Wireless Reports Ransomware Attack; Website offline*Attackers take control of vulnerable Apache OFBiz ERP through RCE* vulnerabilityPhishing campaigns bypassing secure email gateways*Fake COVID-19 Aid Check Phishing Emails Download Dridex Trojan*Threat actors hacked into Windows, iOS and Android users via zero-day attacks*Mirai Botnet exploits critical vulnerabilities in network security devices*MangaDex closed after a cyberattack*Black Kingdom ransomware exploits zero-day errors in Microsoft Exchange servers*Ministry of Transport Warns Several Indian Government Organizations About Threats of Cyber Attacks*Fake Telegram desktop app downloads AZORult* malwareCISA Launches CHIRP SolarWinds* Malicious Activity Detection ToolCopperStealer-Malware kapert Social-Media-Konten*DDoS-as-a-Service uses Citrix devices*New XcodeSpy malware targets iOS and macOS* developersAcer suffers a ransomware attack; $50 million ransom demanded*Zoom screen sharing bug exposes sensitive data to unauthorized users*Post-error Microsoft files are missing in SharePoint*Phishing campaign targets US taxpayers*Pysa ransomware targets educational institutions in the US and UK*Twitter image can be misused to hide malicious files*Hackers leak stolen data through JPG files*Hackers accessed SolarWinds source code, according to Mimecast*Ransomware attack on smart city in Pune district costs project operators US$50 million*RTM and Quoter ransomware targeting Russian financial and transportation companies*A time zone error that crashes the iOS clock app*Microsoft Releases Mitigation Tool for Exchange Servers Affected by ProxyLogon Hack*WeLeakInfo Pirate Site Hacked *Phishing domains can now detect virtual machines with JavaScript*Blender Software Developer Reports Cyber Attack*Researchers Discover Nim-Based Malware Exploit Devices*Microsoft suffers from failure; Multiple services affected*Banking Trojan Metamorfo abuses AutoHotKey to steal user information*Threat actors exploiting Avira Antivirus to spread banking Trojans via DLL sideload attacks*New ZHtrap Botnet Malware Turns Infected Targets Into Honeypots*Fixed three privilege escalation vulnerabilities in the Linux kernel*Threat Agents Exploiting Linux-Based Systems With New RedXOR* MalwareA new zero-day vulnerability in WordPress allows website takeover*Google fixes zero-day vulnerability in Chrome*Mozilla fixes Linux bugs, Apple Silicon bugs Firefox 86.0.1*Molson Coors reports power outage*Windows 10 emergency updates fix printing errors*Researchers Unveil New Powerful Version of BADHATCH PoS* MalwareThe State Employment Agency suffers a ransomware attack*New DEARCRY ransomware exploiting vulnerable Microsoft Exchange servers*OVH data center reports massive outage*Second cyberattack on the Norwegian Parliament*Maryland attorney seizes fifth domain used in COVID-19 vaccine phishing attacks*Hackers accessed Verkada's live surveillance cameras*iPhone Call Recorder app reveals people's conversations*F5 BIG-IP released fixes for critical remote code execution vulnerabilities*Microsoft Releases 3 New Malware Strains That Are Not SolarWinds Hack*Microsoft Patchday Security Advisory: March 2021*GitHub users were forcibly logged out to fix a security bug*9 Android app in the Google Play Store powered by Malware Dropper*Researchers reveal side-channel attacks on vulnerable Intel CPUs*Global aerospace technology provider "SITA" suffers massive data breach*Apple fixes remote code execution vulnerability in WebKit*Adobe-Corrige-Falhas para Creative Cloud, Connect y Frame-Maker*Researchers Reveal New Tor-Based "gafgyt"* MalwareNew Sarbloh ransomware encrypts victims' files for political agenda*Flagster Bank suffers a data breach due to the use of vulnerable Accellion FTA servers*Google Chrome blocks port 554 as a countermeasure to NAT slipstreaming attacks*European banking authorities hacked Exchange servers*Microsoft phishing attack stealing user credentials*More than 15 UK schools have been affected by a cyber attack*Several Cisco products are subject to DoS attacks due to the Snort* vulnerabilityMicrosoft Releases Tool to Check ProxyLogon Security on Exchange Servers*Microsoft Outlook violated; More than 20,000 organizations affected worldwide*Supermicro Vulnerabilities, Pulse Secure Patches in BIOS and UEFI Products*Attackers hide ObliqueRAT Trojan in image files using steganography*GRUB2 fixes several high severity vulnerabilities in the bootloader*Over 6,700 VMware Servers Exposed After Exploit Code Released*Hackers implant malware on compromised websites using SEO techniques*More than 100 Italian banks attacked by the Ursnif Trojan*VMware fixes remote code execution vulnerability in View Planner*Attackers target investors through BEC* campaignsCompuCom Suffers Malware Attack Leading to Service Outage*Botnet campaigns abusing Bitcoin blockchains and deploying skidmap malware*AOL phishing campaign reports stolen user credentials*Researchers Discover DoS Vulnerability in Eclipse Jetty*Qualys suffered a data breach due to a zero-day vulnerability in the Accellion FTA server*PrismHR experiences major outages*Malaysia Airlines announces data breach*Chinese cybercriminals exploit 4 zero-day vulnerabilities in Microsoft Exchange*Universal Health Services lost $67 million in Ryuk ransomware attack*Google fixes zero-day vulnerability in Chrome*Dependency Confusion Vulnerability Exploited to Steal Linux/Unix* Password FilesRansomware attack on aviation giant Bombardier*Dutch e-ticket platform ticket counter suffers data breach*Chinese hackers target Indian power grids and seaports*Global dairy leader Lactalis hit by cyberattack*Drive corruption vulnerability in Windows 10*LazyScripter Actors Target Airlines With Remote Access Trojans*A new variant of Ryuk ransomware was observed to self-propagate on the local network*Cisco Fixes Critical Severity Authentication Bypass Vulnerability in Cisco ACI MSO*Sequoia Capital Suffers Data Breach After Failed BEC Attack*FriarFox browser extension for Tibetan organizations*Windows 10 BSOD issues have been fixed with Intel* wireless driver updatesGaper online dating app vulnerable to multiple critical zero-day bugs*The US Federal Reserve suffers a major default across the country*Researchers reveal a possible code injection bug in the NodeJS "system information" library*TD Bank recovery from a system-wide bank failure*XBOX Live suffers a global outage*Accellion vulnerability exposes pharmacy and staff data in Kroger data breach*Keybase fixes a bug that exposes deleted sensitive media to attackers*Threat actors deploying new variants of MINEBRIDGE RAT via Word documents*Powerhouse Management suffers large-scale DDoS attacks*WACUP fixes various bugs in Winamp Media Player*More than 8 million leaked COVID-19 test results*TietoEVRY's IT services suffer from a ransomware attack*Microsoft begins beta testing of Windows 10 21H1*VMware fixes critical non-vCenter* RCE bugPython Software Foundation fixes two vulnerabilities*US shares information about AppleJeus* malwareLinkedIn experiences two hours of global outage*Fake Adobe Flashplayer update installs an adware bundle*Brave Browser's "Tor Mode" filters onion queries in DNS traffic*Giant Underwriters Laboratories (UL) certification suffers from ransomware attack*Magecart Hackers Steal Credit Card Information Via Google Apps Script*Attackers target Apple's M1 chip via malicious adware extension*Cuba ransomware triggers privacy breaches in US cities and agencies*Dutch Research Council (NWO) Victim of a cyber attack*RIPE NCC suffers a Credential Stuffing attack*OpenSSL Project releases a new patch for three new vulnerabilities*VMware Patch Vulnerability in vSphere Replication Software*Windows 10 Secure Boot Patch exposes BitLocker recovery keys*Kia Motors USA suffers major IT outage*EMSISOFT discloses internal log data generated by its test products*EXMO Cryptocurrency Exchange Suffers DDoS Attack*Researchers reveal unpatched vulnerabilities in SHAREit for Android OS*Yandex Insider Threat Compromises 4,887 Customer Accounts*Telegram's "Top Secret" feature makes self-destructing media files visible to attackers*Siemens fixes various vulnerabilities in virtualization software*PayPal fixes XSS vulnerability in currency conversion feature*More than 30 mobile health applications that reveal records of millions of users*Fortinet Patches Multiple Vulnerabilities in SSL, VPN, and Web Firewall Products*Fixed critical XSS vulnerabilities in WordPress NextGen Gallery plugin*Windows Kernel Escalation Bug Zero-Day Privilege Fixed in Microsoft Patch Tuesday*CISA warns of serious security vulnerabilities in Fuji electrical products*Researchers reveal multiple vulnerabilities in YouPHPTube and AVideo*Dairy Suffers REvil* Ransomware AttackC-level executives targeted by phishing attacks*Over 3 Million Confidential Cook County Court Files Exposed*Mozilla improves Firefox security against super cookies and disables support for Adobe Flash*Role of Microsoft Azure vulnerable to privilege escalation and Docker leak*Various iOS, iPadOS and tvOS vulnerabilities patched by Apple*Law Enforcement Agencies Worldwide Shift Emotet Ransomware Gear*Oscorp: Android malware to steal credentials*Lebanese Cedar APT Targeting Telecoms, Hosting, and ISPs Worldwide*North Korean hackers target security researchers*Cisco reveals multiple vulnerabilities in small business routers*Researchers reveal critical vulnerabilities in F5 BIG-IP* productsReligious services known as "The Temple" suffer a DoS attack*Linux systems are attacked by FreakOut* malwareQNAP Warns Users About Dovecat Crypto Miner Malware*Microsoft reveals methods used by SolarWinds Hacker Group to evade detection*Stolen data from 1.9 million Pixlr users available on free forums*Explicit User Data Leaked From Adult Social Media Platform*Data of 4.1 million AnyVan users at risk of data breach*VLC Media Player fixes multiple remote code execution vulnerabilities*Cisco fixes PreAuth remote code execution vulnerabilities*LiveCoin Crypto Exchange Shut Down After Cyber Attack*Microsoft is enabling full automation support for Microsoft Defender AV*Cisco Fixes Windows DLL Injection Vulnerability in Cisco AnyConnect Secure Mobility Client*Malware Raindrop does not observe the SolarWinds hack*FireEye Releases Tool to Detect SolarWinds Hacking Techniques*SolarWinds Malware "Raindrop" Hidden Unmodified 7Zip Source Code*Oracle releases critical patches quarterly*Multiple Twitter Accounts Hacked in "Elon Musk" Crypto Scam*Malwarebytes attacked by SolarWinds* threat actorsApple removes vulnerable macOS features in macOS 11.2 Beta 2*Mistakes by cybercriminals expose stolen credentials in plain sight*Threat actors bypassing two-factor authentication for multiple cloud service accounts*Microsoft fixes zero-day vulnerability in Defender Antivirus*Google bans 164 offensive Android apps from the Play Store*Mozilla releases security updates for Thunderbird*Scammers blackmail Coinmama users for pornographic backlinks*Hard drive corrupted by Windows 10 error via command line *The NSA urges organizations not to use third-party DNS resolvers*Bitdefender Releases Free Decryptor for DarkSide Ransomware Victims*The Scottish Environmental Protection Agency (SEPA) suffers a Conti* ransomware attackMicrosoft announces zero login errors in Windows app mode*Threat Actors Compromising Mimecast SSL Certificates*Investigators discover United Nations data breach*Screensaver bypass vulnerability in Linux Mint* operating systemNohow International UK Cloud Data Breach*Threat actors exploiting the Windows "finger command" through a phishing campaign*Large-scale data breaches targeting the Russian Federation in 2020*Over 390,000 user data at risk in Capcom data breach*DoS vulnerability in RockWell Automation's RSLinx Classic software*Fractured COVID-19 vaccine data leaked online via hacker forums*Fake Trump scandal video spreading QNode* malwareSolarWinds Threat Actors Access Department of Justice Email Servers*FBI Warns Organizations About Egregor Ransomware*Pysa ransomware hits Hackney Council, leaked data is for sale*The FIN7 hacking group uses the JSSLoader* malwareIndian government websites reveal test results of COVID-19 patients*Campanha Earth Wendigo exfiltrating emails through JavaScript backdoor*British Airways plans £3bn breach-of-contract liquidation*A group of North Korean hackers attacks the supply chain, targeting stock investors*Multiple vulnerabilities in Fortinet FortiWeb WAF lead to arbitrary code execution*Phone and email scammers posing as ACSC*Ransomware attack paralyzes Funke Media Group*ElectroRAT malware extracts funds from 6,500 digital wallets*Lake Regional Healthcare suffers a ransomware attack*NameSouth data breached by NetWalker* ransomware group2017 Saber Corporation Data Breach Lawsuit Ruling*Microsoft's Windows Core Polaris Leaked Online*Data from 10,000 hacked American Express cardholders*Hello from Vodafone. Mobile suffers a data breach affecting 2.5 million user records*Hackers launch fraudulent attacks that leverage smart home devices*SolarWinds supply chain attack led hackers to access Microsoft source code*Secret Backdoor Account Discovered in Various Zyxel Firewall and VPN Products*CISA Releases Sparrow.ps1 Tool for Azure/M365*Japanese aerospace company Kawasaki warns of data breach*Japanese game developer Koei Tecmo suffers a data breach*FreePBX Developer Sangoma Technologies Attacked by Conti Ransomware*Authentication Bypass Vulnerability in SolarWinds Orion API*Whirlpool attacked by Nephilim* ransomwareAdobe Flash Player is reaching End of Life (EOL)*Chase Bank Security Alert Email Phishing Campaign*Cisco IP Phone TCP Packet Flood Denial-of-Service-Schwachstelle*Smart doorbell devices easily attacked by hackers*Bulletproof VPN service shutdown by cybercriminals*Bouncy Castle Authentication Bypass Vulnerability*Grupo chino APT Operation StealthyTrident*Reported Critical Vulnerabilities in Dell Wyse Thin Clients*Ransomware threat actors using "SystemBC" malware as a backdoor*QNAP fixes high severity vulnerabilities in NAS devices*CrowdStrike launches a reporting tool to check Azure AD permissions*Chinese mobile phone giant Xiaomi records millions of private internet and phone users*Al Jazeera journalists attacked by Pegasus* spywareVMware Vulnerability Exploited in SolarWinds* Supply Chain AttackCredential-stealing malware targeting financial institutions*Clop ransomware attack detected in Symrise*Microsoft Defender blocks known malicious SolarWinds binaries*Mozilla releases security fixes for various vulnerabilities*Sextortion Campaign for iOS and Android Users via Goontact Spyware*New Windows Trojan Steals Browser Credentials and Outlook Files*Multiple vulnerabilities discovered in 5G* network architectureWordPress Contact Form 7 Emergency plugin released*MoleRat APT variant steals sensitive data*Unauthenticated command injection flaws expose D-Link VPN routers to attacks*Android Frog Iranian Malware Spying on Instant Messaging Platforms*Samsung fixes critical Android bugs*Adobe releases security updates*Leaked COVID-19 Vaccine Data*Ransomware attack on Netgain* technologies70 lakh Indian cardholder data leaked on the dark web*FireEye Red Team security test and evaluation tools stolen by government-sponsored hackers*Microsoft Patch Tuesday Security Advisory: December 2020*Ransomware attack on a television production company – Banijay Group SAS*Maze in Cannon ransomware attack*DeathStalker APT Group offers hack rental service*Security Researchers Accidentally Discover Windows Zero-Day*Bandook malware targeting multiple industries*Windows 10 20H2 update fixes broken in-place update feature*Non-security updates for Microsoft Office products November 2020*Advanced Persistent Threat Attack gegen US-Threat-Tank*Huntsville City School District Closed Due to Ransomware Attack*Ryuk ransomware attacks online school platform K12*Malicious npm packages Installation of remote access trojans*IoT Chipmaker Advantech Hit by Conti Ransomware*Gootkit-Malware regresa con REvil Ransomware*Novo-Malware CursedGrabber*Delaware County Hit by DoppelPaymer Ransomware Attack*Hackers target COVID vaccine maker AstraZeneca*Peatix Event Management Organization - Inbox Privacy Attack*LidarPhone Attack turns smart vacuums into microphones*Data Breach at Mercy Iowa City Hospital*More than 300,000 hacked Spotify accounts*Industrial control system vendors warn of critical failures*Cisco Webex Phantomfehler*China-sponsored cybercriminal group targets Japan-affiliated organizations*Cisco Webex Meetings* API Cross-Site Scripting SchwachstelleMozilla lanza Firefox 83*Unprotected database exposed to scam targeting over 100,000 Facebook accounts*Mount Locker ransomware targeting TurboTax* filesChinese APT Group FunnyDream*Attacking the supply chain by spreading malware in South Korea*APT "Hackers for Hire" is aimed at financial and entertainment companies*Multiple vulnerabilities in Cisco Security Manager Software*New Jupyter malware phishing campaign*Makeover technique to bypass Office 365*Critical vulnerabilities discovered in the world's largest Android TV maker*E-shops with a vulnerable version of Magento*Cobalt Strike Toolkit source code shared online*Critical remote code execution vulnerability in Oracle WebLogic Server*Animal Jam Kids Virtual Playground suffered a data breach*Vulnerabilities in Unity Orchestrator SD-WAN*High severity vulnerability in Cisco IOS XR Software*Zero-day vulnerabilities in Chrome*Australian government warns healthcare industry of ransomware attack*Mozilla releases security updates*xHunt Hackers Attack Exchange Servers*Ransomware attack on software provider Blackbaud Cloud*Ransomware lands on X-Cart* e-commerce software platformUbuntu GNOME Display Manager vulnerability allows root access*Ransomware attack on Australian media surveillance company*Scammers posing as the IRS for payment fraud*Adobe releases security updates*WordPress Sites Open to Ecommerce Code Injection Attacks Bug Welcart*Fake Microsoft Teams updates malware campaign*Critical security updates for various Intel* productsGhimob Banking Trojan*Ransomware attack on the Italian brand of alcoholic beverages - Campari*Microsoft Patchday: November 2020*Pay2Key-Ransomware*Real social media app revealed*Critical vulnerabilities in the SaltStack* IT infrastructure management solutionPhishing attacks on Russian industrial companies*Arbitrary code execution vulnerability in Cisco AnyConnect*Multiple vulnerabilities in Google's Android operating system*Multiple vulnerabilities in Adobe*Folksam Data Breach*Bigbasket suffers a data breach: the data of 2 million users is now for sale on the Dark Web*Apple fixes iOS three zero days*Capcom affected by Ragnar Locker Ransomware*Dridex botnet steals bank details*Various security updates from VMware*Used USB drives reveal confidential information from previous owners*Nuevo Google Drive-Phishing-Kampagne*Cyberattack on the Vermont Health Network*Alibaba's online store RedMart suffers a data breach*Bank phone numbers are falsified to scam victims*Windows Zero-Day Vulnerability Publicly Disclosed*Massive data breach of Nitro software*Harvest Finance Cryptocurrency Service Hacked: $24 Million Stolen*New Emotet delivery method discovered*Cyber attacks hit schools and universities*Patients blackmailed in Finland*Red de bots Kashmir Black*Multiple vulnerabilities in Fujitsu M12 servers*IT service provider Sopra Steria attacked by Ryuk* ransomwareFixed high severity vulnerabilities in NVIDIA GeForce Experience*SQL injection vulnerability in Rapid7 Nexpose*Information disclosure vulnerability in the Linux kernel*Multiple security vulnerabilities identified in WAGO* Cloud Connectivity ControllersBrowser blocking scam campaigns*Various security updates from VMware*Zero-Click Vulnerabilities Identified in Linux* Bluetooth Software StackBrowser address bar spoofing vulnerabilities in various mobile browsers*Multiple vulnerabilities in HP Intelligent Management Center (IMC) software*High severity router vulnerability in Cisco IOS Software XR*Various security updates for the Google Chrome browser*gravity rat*Increase in scams related to QR codes*The latest version of Chrome and Edge generates random log files*Multiple vulnerabilities in Magento CMS*Various vulnerabilities in SonicWALL Sonic OS*Multiple vulnerabilities in the F2FS* toolkitJuniper Networks releases security updates*APT Silent Librarian*Unprotected home security camera clips posted online*Microsoft shuts down the TrickBot* malware networkDouble extortion ransomware attack against Software AG*Denial of Service Vulnerabilities in Allen-Bradley's Flex I/O System*Critical Update for Adobe Flash Player* Application PatchMicrosoft Patch Tuesday: End of 2020*Microsoft fixes critical remote code execution vulnerabilities*Information disclosure vulnerability in Apache Tomcat*Fitbit Spyware-Zifferblatt*MontysThree malware used in targeted industrial espionage attacks*Critical vulnerabilities found in QNAP Help Desk leading to device takeover*New Kryptojacking variant: Black-T*Vulnerability in Apple's T2 Mac Security Chips*Google releases patches for 50 vulnerabilities in Android systems*Trump Health Email Phishing Campaign Offers BazarLoader Trojans*Cisco fixes several vulnerabilities*BAHAMUT: contract hacking service*Bugs in leading antivirus software leading to privilege escalation*Facebook Ends China-Sponsored SilentFade Malware Campaign*Botnetz HEH*APT attack injects malware into Windows* error reportRansomware reaches COVID-19 clinical trial*Various vulnerabilities in the Google Chrome browser*Iranian Hackers Exploit Zerologon* VulnerabilityMassive data breach by state government in India*MosaicRegressor Malware Framework UEFI-Firmware-Bootkit*DDoS attacks by ransomware attack groups*Group APT XDSpy*Backdoors do not use Microsoft 365 and Azure Active Directory or the AADInternals PowerShell module*Vacina-Ransomware Racine*Token de phishing para acceso OAuth a Microsoft Office 365*Egregor-Ransomware*Interplanetary Storm botnet infects 13,000 Mac and Android devices*Multiple vulnerabilities in Wireshark Packet Analyzer*Palmerworm Spy Campaign*Swatch shuts down IT systems to prevent cyber attacks*Operation Sidecopy launches attack against defense forces in India*Microsoft removed 18 apps from Azure AD*Microsoft Windows XP source code leaked online*Multiple vulnerabilities in Apple products*247,000 Microsoft Exchange servers vulnerable to RCE*An error sin Windows Server 2016*Magento credit card theft malware*Federal agency hit by cyberattack*Chalubo DDoS botnet targets unsecured SSH servers*SUS hospitals affected by ransomware attack*End of support phishing campaign for Windows 7*Microsoft Office 365 outage reported in the US and Australia*Joker Trojan Horse*Taurus* malvertising campaignCisco fixes several security vulnerabilities*APT-C-43 steals military secrets*Microsoft Outlook Recruitment Campaign*installment mode*Instagram Heap Buffer Overflow Vulnerability*Release of Mozilla Firefox 81*Automated MEOW attack*RansomExx Ransomware ataca de Tyler Technologies*Phishing campaign targeting AT&T Global employees*TinyCryptor-Ransomware*Multiple vulnerabilities in the Google Chrome browser*Mozilla-Bug – Firefox-Android*-Browser-HijackingMaze Attackers adopt the Ragnar Locker VM technique*Chinese hackers attack US authorities*Multiple vulnerabilities in Apple Safari*Malware ZShlayer*Chinese hacker group APT41*Email Phishing Scam*Malware MrbMiner*MFA Bypass Vulnerability in Microsoft 365*Botnet Multimodulares Prometheus*Emotet Malware New spam campaign*Criptominerador Lemon Duck*Qakbot* malicious software(Video) Ghosts, Dates, and Darker Fates | Critical Role | Campaign 3, Episode 10Glupteba Trojan FAQs How do you respond to a healthcare data breach? › How to Manage a Healthcare Data BreachStart your incident response plan. If you suspect a data breach, it's critical to stop information from being stolen and repair your systems so a breach won't happen again. ... Preserve evidence. ... Contain the breach. ... Start incident response management. ... Investigate and fix your systems. Read The Full Story › What should be the first response to any actual or suspected data breach? › You should take several urgent steps when a data breach is detected. The first is to record the date and time of detection as well as all information known about the incident at the moment. Then, the person who discovered the breach must immediately report to those responsible within the organization. Explore More › How should responses to data breaches be handled? › Notify law enforcement. Report your situation and the potential risk for identity theft. The sooner law enforcement learns about the theft, the more effective they can be. Discover More Details › What is the most appropriate action that you should take when you encounter a data breach? › You need to stop the data leakage, remove the hacker, patch the system and keep evidence of a breach. Determine how to stop the breach from spreading. Eliminate the threat. Take your computers and servers offline. See More › What is the first step when dealing with a breach of data? › 1) Inform your Data Protection Officer: As soon as a personal data breach is identified, the first and foremost task is to inform and involve the DPO in your organisation. Explore More › What is the first step you should take after a data breach occurs? › Contain the Cybersecurity Breach The first step you should take after a data breach is to determine which servers have been compromised and contain them as quickly as possible to ensure that other servers or devices won't also be infected. Find Out More › What are five steps that data breach victims should follow? › What To Do After a Data Breach: 12 StepsConfirm the breach has happened (but be cautious of emails)Find out what sensitive data was stolen.Secure your log-ins, passwords, and PINS.Switch to an authenticator app for 2FA/MFA.Freeze your credit with all three bureaus.File a report with the Federal Trade Commission (FTC)More items...Jan 11, 2023 See Details › What are the four actions that companies should perform after a data breach? › Here's what companies should do immediately after detecting a data breach:Act Quickly. ... Contain the Breach. ... Perform a Damage Assessment. ... Identify and Fix Vulnerabilities. ... Inform Relevant Parties. ... Test Cybersecurity Defenses. ... Implement New Data Security Policies and Procedures.Mar 2, 2023 Discover More Details › What are the 5 steps of the data breach response plan? › At a high level, a data breach incident response plan should include the following five steps.Preplanning exercises. ... Define response teams and members. ... Create a contact list. ... Create a communications plan. ... Perform incident response. Read More › What is data breach response plan? › This data breach response plan (response plan) sets out procedures and clear lines of authority for OAIC staff in the event the OAIC experiences a data breach (or suspects that a data breach has occurred). A data breach occurs when personal information is accessed or disclosed without authorisation or lost. Find Out More › What are the 7 stages incident response plan? › In the event of a cybersecurity incident, best practice incident response guidelines follow a well-established seven step process: Prepare; Identify; Contain; Eradicate; Restore; Learn; Test and Repeat: Preparation matters: The key word in an incident plan is not 'incident'; preparation is everything. Get More Info Here › What are the 6 processes in incident response? › cyber incident response plan has 6 phases, namely, Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned. View Details › What are the 5 6 major stages of incident response? › The NIST incident response lifecycle breaks incident response down into four main phases: Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and Post-Event Activity. Tell Me More › What are the three 3 kinds of data breach? › Personal data breaches can include:access by an unauthorised third party;deliberate or accidental action (or inaction) by a controller or processor;sending personal data to an incorrect recipient;computing devices containing personal data being lost or stolen;alteration of personal data without permission; and.More items... View More › Do I need a data breach response plan? › As a company, you're obligated to take reasonable steps to protect any personal information from misuse, interference and loss as well as unauthorised access. Those 'reasonable steps' likely include having a data breach response plan. Get More Info › What is a data breach in healthcare? › A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information. Get More Info Here › How do you respond to a HIPAA breach? › Immediately report to privacy officer. All covered entities must have a privacy officer and security officer designated in writing. Train staff to immediately report suspected breaches to the privacy officer. – Immediate response may help avoid breach reporting obligation and/or penalties. Find Out More › What are the five steps of the data breach response plan? › At a high level, a data breach incident response plan should include the following five steps.Preplanning exercises. ... Define response teams and members. ... Create a contact list. ... Create a communications plan. ... Perform incident response. Read On › How long do you have to investigate a data breach? › Generally, an organisation or agency has 30 days to assess whether a data breach is likely to result in serious harm. See More › What happens if someone accidentally violates the HIPAA privacy Rule? › All violations of HIPAA that contravene an employer´s HIPAA policies will likely attract sanctions, while those that result in a complaint being made to OCR could result in enforcement action. Discover More Details › What happens if there is a breach in HIPAA? › Covered entities and specified individuals, as explained below, who "knowingly" obtain or disclose individually identifiable health information, in violation of the Administrative Simplification Regulations, face a fine of up to $50,000, as well as imprisonment up to 1 year. View Details › Is a HIPAA violation the same as a breach? › Some sources conflate the terms violation and breach. It is important for Covered Entities and Business Associates to understand the difference between the two terms and what is considered a breach of HIPAA because, while HIPAA violations can be the cause of HIPAA breaches, only HIPAA breaches are reportable events. View More › What happens when a company experiences a data breach? › A data breach puts financial records and personal information in jeopardy which can lead to identity theft and even leave you drowning in fraudulent charges. For obvious reasons, a data breach can be very bad news to any company that experiences one. Continue Reading ›
Guerra en Ucrania. Los queman con equipo. Los rusos no se mantienen al día con el retiro de los cadáveres [REPORTE EN VIVO] View
Secrete de la Institutul Cantacuzino în custodia militară. Primele dezvăluiri despre instituțiile critice pentru sănătatea publică View