State-sponsored actors are deploying the unique malware--which targets specific files and leaves no ransomware note--in ongoing attacks. [...]

A developer appears to have divulged credentials to a police database on a popular developer forum, leading to a breach and subsequent bid to sell 23 terabytes of personal data on the dark web. [...]

The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code. [...]

Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor. [...]

Cyber collective Killnet claims it won’t let up until the Baltic country opens trade routes to and from the Russian exclave of Kaliningrad. [...]

The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs. [...]

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers. [...]

Culture of ‘insecure-by-design’ security is cited in discovery of bug-riddled operational technology devices. [...]

Attackers are targeting a number of key vertical markets in the U.S. with the active campaign, which impersonates the organization and Microsoft to lift Office365 and Outlook log-in details. [...]

Attackers gained access to private account details through an email compromise incident that occurred in April. [...]

Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access. [...]

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns. [...]

Sabre and Travelport had to report the weekly activities of former “Cardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution. [...]

The novel cybercriminal group tapped the ever-evolving info-stealing trojan to move laterally on a network in a recent attack, researchers have found. [...]

The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario. [...]

The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity. [...]

The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020. [...]

Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said. [...]

The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn. [...]

Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks. [...]

Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin. [...]

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur. [...]

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug. [...]

More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access. [...]

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. [...]