Google's app for generating MFA codes syncs to user accounts by default. Who knew?
Akamai researchers discover a critical vulnerability in Kubernetes that can lead to remote code execution.
Adobe's September 2023 update addresses a new zero-day vulnerability (CVE-2023-26369) in Acrobat and Reader that attackers are exploiting in the wild.
Un ancien ministre de Vladimir Poutine et la famille du patron d'une entreprise publique russe, impliquée dans l'effort de guerre, se retrouvent dans les données inédites repérées par la RTS. Des liens avec la place financière suisse sont mis en lumière.
Ces révélations proviennent des documents confidentiels de la société de gestion de fortune zurichoise Finaport. Tout commence en janvier 2023 lorsque l'entreprise, sponsor officiel de l'Open de tennis de Zoug, est victime d'un piratage, comme le révélait le site Watson.
The rise of macOS infostealers continues with the latest entrant aiming to compromise business environments with targeted social engineering lures.
This is a fun bug I found while poking around at weird Windows file formats. It's a kind of classic Windows style vulnerability featuring broken signing, sketchy DLL loads, file races, cab files, and Mark-of-the-Web silliness. It was also my first experience submitting to the MSRC Windows bug bounty since leaving Microsoft in April of 2022.
Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.
The multinational aerospace corporation Airbus has launched an investigation into the recent leak of information allegedly stolen from the company.
The multinational aerospace corporation Airbus announced that it is investigating a data leak after cybersecurity firm Hudson Rock reported that a hacker posted information on thousands of the company’s vendors to the dark web.
Mozilla released emergency security updates today to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client.
The heap buffer overflow (CVE-2023-4863) vulnerability in the WebP Codec is being actively exploited in the wild.
With 70 zero-days uncovered so far this year, 2023 is on track to set a new record.
A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco's brand and is displayed first when performing a Google search.
A social engineering phone call lends authenticity to the attacker’s malicious email
Cybercrime crew BianLian says it has broken into the IT systems of a top nonprofit and stolen a ton of files, including what the miscreants claim is financial, health, and medical data.
As highlighted by VX-Underground and Emsisoft threat analyst Brett Callow earlier today, BianLian bragged on its website it had hit an organization that, based on the gang's description of its unnamed victim, looks to be Save The Children International. The NGO, which employs about 25,000 people, says it has helped more than a billion kids since it was founded in 1919.
Microsoft will pay legal damages on behalf of customers using its artificial intelligence (AI) products if they are sued for copyright infringement for the output generated by such systems, the company said on Thursday.
Outside of English, ChatGPT makes up words, fails logic tests, and can't do basic information retrieval.
The Dutch football association KNVB paid the ransom demanded by cyber criminals in a ransomware attack in April. The hackers stole Dutch and other football players’ passports, ID cards, home addresses, and salary slips and threatened to publish the data if the football association didn’t pay the ransom, the KNVB said on Tuesday.
Casino and hotel giant MGM Resorts International says a cybersecurity issue led to the shutdown of computer systems at its properties across the U.S.
Facebook’s Messenger platform has been heavily abused in the past month to spread endless messages with malicious attachments from a swarm of fake and hijacked personal accounts. These threat actors are targeting millions of business accounts on Facebook’s platform — from highly-rated marketplace sellers to large corporations, with fake business inquiries, achieving a staggering “success rate” with approximately 1 out of 70 infected!
Threat Analysis Group shares findings on a new campaign by North Korean actors targeting security researchers.
