Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. [...] | Continue reading
Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds. [...] | Continue reading
The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. There is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam s … | Continue reading
Windows 11 24H2 is set to arrive on existing devices this fall with several new features, mostly Copilot-related improvements. [...] | Continue reading
Microsoft is now using a Windows driver to prevent users from changing the Windows 10 and Windows 11 default browser manually or through software. [...] | Continue reading
Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week. [...] | Continue reading
Microsoft has fixed a known issue causing 0x80073cf2 errors when using the System Preparation (Sysprep) tool after installing November Windows 10 updates. [...] | Continue reading
A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023. [...] | Continue reading
Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers. [...] | Continue reading
Cancer treatment and research center City of Hope is warning that a data breach exposed the sensitive information of over 820,000 patients. [...] | Continue reading
Recent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us. [...] | Continue reading
Data breach alerting service Have I Been Pwned (HIBP) warns that SurveyLama suffered a data breach in February 2024, which exposed the sensitive data of 4.4 million users. [...] | Continue reading
Omni Hotels & Resorts has confirmed a cyberattack caused a nationwide IT outage that is still affecting its locations. [...] | Continue reading
Jackson County, Missouri, is in a state of emergency after a ransomware attack took down some county services on Tuesday. [...] | Continue reading
The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor. [...] | Continue reading
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin. [...] | Continue reading
Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month. [...] | Continue reading
AT&T is facing multiple class-action lawsuits following the company's admission to a massive data breach that exposed the sensitive data of 73 million current and former customers. [...] | Continue reading
Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them. [...] | Continue reading
Microsoft Copilot is a powerful asset for companies, but with it comes an increased risk of data exposure. In this article, Varonis demonstrates prompt-hacking examples that can expose sensitive data. [...] | Continue reading
Microsoft has confirmed that some Outlook.com users are experiencing issues with emails being blocked and marked as spam when trying to email Gmail accounts. [...] | Continue reading
The Chinese 'Winnti' hacking group was found using a previously undocumented malware called UNAPIMON to let malicous processes run without being detected. [...] | Continue reading
Google announced a new Chrome security feature that ties cookies to a specific device, blocking hackers from stealing and using them to hijack users' accounts. [...] | Continue reading
Google has agreed to delete billions of data records collected from 136 million Chrome users in the United States, as part of a lawsuit settlement regarding alleged undisclosed browser data collection while in Incognito mode. [...] | Continue reading
Russia's Prosecutor General's Office has announced the indictment of six suspected "hacking group" members for using malware to steal credit card and payment information from foreign online stores. [...] | Continue reading
Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. [...] | Continue reading
The Indian government says it rescued and repatriated 250 citizens who sought jobs in Cambodia, only to be forced into conducting cybercrime once they arrived. [...] | Continue reading
Google has started automatically blocking emails sent by bulk senders who don't meet stricter spam thresholds and authenticate their messages as required by new guidelines to strengthen defenses against spam and phishing attacks. [...] | Continue reading
The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server. [...] | Continue reading
MarineMax, self-described as one of the world's largest recreational boat and yacht retailers, says attackers stole employee and customer data after breaching its systems in a March cyberattack. [...] | Continue reading
Impersonation scams in the U.S. exceeded $1.1 billion in losses last year, according to statistics collected by the Federal Trade Commission (FTC), a figure that is three times higher than in 2020. [...] | Continue reading
Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems. [...] | Continue reading
Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022. [...] | Continue reading
Generative AI services like Midjourney and OpenAI's DALL-E can deliver the unimaginable when it comes to stunning artifacts produced from simple text prompts. Sketching complex art imagery may be AI's specialty, yet some of the simplest tasks are evidently what AI struggles with … | Continue reading
AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them. [...] | Continue reading
Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism. [...] | Continue reading
An infostealer malware campaign has reportedly collected millions of logins from users of various gaming websites, including players that use cheats, pay-to-cheat services. [...] | Continue reading
Today, Red Hat warned users to immediately stop using systems running Fedora development versions because of a backdoor found in the latest XZ data compression tools and libraries. [...] | Continue reading
U.S. users have just a few more days to make the transition from Google Podcasts as the company moves forward with the process of discontinuing the service globally. [...] | Continue reading
A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command. [...] | Continue reading
The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. [...] | Continue reading
Penetration testing plays a critical role in finding application vulnerabilities before they can be exploited. Learn more from Outpost24 on the costs of Penetration-Testing-as-a-Service vs classic pentest offerings. [...] | Continue reading
A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. [...] | Continue reading
Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. [...] | Continue reading
CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks. [...] | Continue reading
Microsoft has released the optional KB5035941 preview cumulative update for Windows 10 22H2, introducing widgets on the lock screen, Windows Spotlight on the desktop, and 21 other fixes or changes. [...] | Continue reading
The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities. [...] | Continue reading
A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies. [...] | Continue reading