A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defense industry. [...]

Google has released a security update for Chrome web browser to address the third zero-day vulnerability that hackers exploited this year. [...]

Cybersecurity firm Kaspersky has released a tool to detect if Apple iPhones and other iOS devices are infected with a new 'Triangulation' malware. [...]

The SpinOk malware was found in a new batch of Android apps on Google Play, reportedly installed an additional 30 million times. [...]

KeePass has released version 2.54, fixing the CVE-2023-32784 vulnerability that allows the extraction of the cleartext master password from the application's memory. [...]

A new Magecart credit card stealing campaign hijacks legitimate sites to act as "makeshift" command and control (C2) servers to inject and hide the skimmers on targeted eCommerce sites. [...]

Zyxel has published a security advisory containing guidance on protecting firewall and VPN devices from ongoing attacks and detecting signs of exploitation. [...]

State-sponsored North Korean hacker group Kimsuky (a.ka. APT43) has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centers, academic institutions, and various media organizations. [...]

Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million. [...]

A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool. [...]

Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems. [...]

Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. Russia blames these attacks on US intelligence agencies. [...]

A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab, a popular Python library used by numerous projects to generate PDF files from HTML input. [...]

Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware. [...]

A stealthy remote access trojan (RAT) named 'SeroXen' has recently gained popularity as cybercriminals begin using it for its low detection rates and powerful capabilities. [...]

Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners' personal information for over seven years. [...]

The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations in Indonesia, Brunei, and Vietnam. [...]

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. [...]

A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers. [...]

A new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play and collectively downloaded over 400 million times. [...]

Jimbos Protocol, an Arbitrum-based DeFi project, has suffered a flash loan attack that resulted in the loss of more than of 4000 ETH tokens, currently valued at over $7,500,000. [...]

Managed Care of North America (MCNA) Dental has published a data breach notification on its website, informing almost 9 million patients that their personal data were compromised. [...]

The notorious North Korean state-backed hackers, known as the Lazarus Group, are now targeting vulnerable Windows Internet Information Services (IIS) web servers to gain initial access to corporate networks. [...]

The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform to have two-factor authentication (2FA) turned on by the end of the year. [...]

A team of researchers at Georgia Tech, the University of Michigan, and Ruhr University Bochum have developed a novel attack called "Hot Pixels," which can retrieve pixels from the content displayed in the target's browser and infer the navigation history. [...]