There are patches or remediations for all of them, but they're still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do? [...]

They’re either new or old REvil & DarkSide wine in new bottles. Both have a taste for deep-pocketed targets and DarkSide-esque virtue-signaling. [...]

Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam. [...]

Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email. [...]

The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP. [...]

Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection. [...]

The software-engineering platform is urging users to patch the critical flaw ASAP. [...]

Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware. [...]

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. [...]

Cheap, easy and prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes. [...]

Deep-pocketed clients' customers & suppliers could be in the attacker's net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM. [...]

Podcast: Nothing, says a ransomware negotiator who has tips on staying out of the sad subset of victims left in the lurch, mid-negotiation, after REvil's servers went up in smoke. [...]

Podcast: Can a new SIM card and prepaid service from an MVNO help? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block spyware attacks. [...]

HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs. [...]

First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app. [...]

The gang is using a new brute-forcer – “Diicot brute” – to crack passwords on Linux-based machines with weak passwords. [...]

Just days after President Biden demanded that Russian President Putin shut down ransomware groups, the servers of one of the biggest groups mysteriously went dark. [...]

Professors, journalists and think-tank personnel, beware strangers bearing webinars: It’s the focus of a particularly sophisticated, and chatty, phishing campaign. [...]

The attacks are enabled by a now-patched vulnerability in ForgeRock's Access Management, a popular platform that front-ends web apps and remote-access setups. [...]

The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a worldwide supply-chain attack on MSPs and their customers. [...]

The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data. [...]

The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers' bank-card data. [...]

Threat actors are planting Cobalt Strike backdoors by malspamming a bogus Microsoft update along with a SecurityUpdates.exe. [...]

The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users' profiles defaced. Next, hackers posted its user database online. [...]

Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices. [...]