Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise. [...]

Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware. [...]

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers. [...]

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found. [...]

Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments. [...]

The threat group has leaked data that it claims was stolen in the breach and is promising more government-targeted attacks. [...]

Activity dubbed ‘Raspberry Robin’ uses Microsoft Standard Installer and other legitimate processes to communicate with threat actors and execute nefarious commands. [...]

Source code and Bitcoin transactions point to the malware, which emerged in March 2020, being the work of APT38, researchers at Trellix said. [...]

A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices. [...]

Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses. [...]

The threat group known as TA410 that wields the sophisticated FlowCloud RAT actually has three subgroups operating globally, each with their own toolsets and targets. [...]

At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure. [...]

Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found. [...]

A campaign by APT37 used a sophisticated malware to steal information about sources, which appears to be a successor to Bluelight. [...]

Connections that show the cybercriminal teams are working together signal shifts in their respective tactics and an expansion of opportunities to target victims. [...]

Threat actors have developed custom modules to compromise various ICS devices as well as Windows workstations that pose an imminent threat, particularly to energy providers. [...]

The DoJ is charging its founder, 21-year-old Portuguese citizen Diogo Santos Coelho, on six criminal counts, including conspiracy, access device fraud and aggravated identity theft. [...]

Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay. [...]

Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times. [...]

Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. [...]

Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages. [...]

This fresh malware strain extends the functionality of typical trojans with advanced functionality and a series of modules for launching various types of threat activity. [...]

The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit. [...]

QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch. [...]

A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin. [...]