Two powerful trojans with spyware and RAT capabilities are being delivered in side-by-side campaigns using a common infrastructure. [...]

However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community's focus on stopping ransomware attacks. [...]

The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor. [...]

The 'smishing' group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims. [...]

The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what's next. [...]

The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another. [...]

The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software. [...]

And customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the “real pain in the rear end” of manual inputting, inaccurate wages & more. [...]

A growing class of phishing kits – transparent reverse proxy kits – are being used to get past multi-factor authentication using MiTM tactics. [...]

The company's RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating. [...]

The popular bridge, which connects Ethereum, Solana blockchain & more, was shelled out by it's-not-saying. Wormhole is trying to negotiate with the attacker. [...]

Attackers are using socially engineered emails with.ppam file attachments that hide malware that can rewrite Windows registry settings on targeted machines. [...]

The Conti gang strikes again, disrupting the nom-merchant's supply chain and threatening empty supermarket shelves lasting for weeks. [...]

Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them. [...]

Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors. [...]

The notorious Iranian APT is fortifying its arsenal with new malicious tools and evasion tactics and may even be behind the Memento ransomware. [...]

The warning follows a Citizen Lab report that found the official, mandatory app has an encryption flaw that "can be trivially sidestepped." Besides burners, here are more tips on staying cyber-safe at the Games. [...]

Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn. [...]

ATO attacks are evolving. Jason Kent, hacker-in-residence at Cequence Security, discusses what new-style cyberattacks look like in the wild. [...]

The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages. [...]

LOLBins help attackers become invisible to security platforms. Uptycs provides a rundown of the most commonly abused native utilities for Windows, Linux and macOS – and advice for protection. [...]

The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update. [...]

The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also "hack every website you've ever visited." [...]

Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam. [...]

The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2. [...]