The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts. [...]

The living-off-the-land binary (LOLBin) is anchoring a rash of cyberattacks bent on evading security detection to drop Qbot and Lokibot. [...]

Two powerful trojans with spyware and RAT capabilities are being delivered in side-by-side campaigns using a common infrastructure. [...]

The 'smishing' group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims. [...]

The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another. [...]

A growing class of phishing kits – transparent reverse proxy kits – are being used to get past multi-factor authentication using MiTM tactics. [...]

The company's RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating. [...]

The Conti gang strikes again, disrupting the nom-merchant's supply chain and threatening empty supermarket shelves lasting for weeks. [...]

The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages. [...]

Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned. [...]

A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users. [...]

The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open. [...]

A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. [...]

Zoho's comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. [...]

Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers. [...]

The country's FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil's infrastructure. [...]

A cloudy campaign delivers commodity remote-access trojans to steal information and execute code. [...]

The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. [...]

The malware establishes initial access on targeted machines, then waits for additional code to execute. [...]

Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications. [...]

ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch. [...]

The 'NoReboot' technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen. [...]

The accounts fell victim to credential-stuffing attacks, according to the New York State AG. [...]

A simple-to-exploit bug that allows bad actors to send emails from Uber's official system – skating past email security – went unaddressed despite flagging by multiple researchers. [...]

The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player. [...]