The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military. [...]

The IndigoZebra APT is targeting the Afghan government using Dropbox as an API that leaves no traces of communications with weirdo websites. [...]

Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability. [...]

The bug in Edge's auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload. [...]

The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having “gone fully mainstream in the crimeware world.” [...]

The driver, called "Netfilter," is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers' geo-locations to cheat the system and play from anywhere, Microsoft said. [...]

For over three years, a vendor was recklessly driving the cloud-stored data of luxury-car-owning customers and wannabe buyers. [...]

“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There's an exploit. [...]

The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day. [...]

The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems. [...]

A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products. [...]

Akamai's 2020 gaming report shows that cyberattacks on the video game industry skyrocketed, shooting up 340 percent in 2020. [...]

“No remedy available as of June 21, 2021," according to the researcher who discovered the easy-to-exploit, no-user-action-required bug. [...]

Cleanup in aisle "Oops": The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny. [...]

... until you reset network settings and stop connecting to a weirdly named network, that is. FUD is spreading. iOS Wi-Fi demolition is not. [...]

What's the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps? [...]

This is the fourth time in a bit over a year that Carnival’s admitted to breaches, with two of them being ransomware attacks. [...]

A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration. [...]

The top easy-to-crack, football-inspired password in a database of 1 billion unique, clear-text, breached passwords? You probably guessed it: "Football." [...]

SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware. [...]

Attackers could have used the bug to get read/write privileges for a victim user’s email, Teams chats, OneDrive, Sharepoint and loads of other services. [...]

Nearly all of the leaked data was for owners or wannabe owners of the automaker’s luxury brand of Audis, now at greater risk for phishing, ransomware or car theft. [...]

"We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)" REvil reportedly wrote. [...]

There were more than 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone. [...]

Misconfigured dashboards are yet again at the heart of a widespread, ongoing cryptocurrency campaign squeezing Monero and Ethereum from Kubernetes clusters. [...]