The country's FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil's infrastructure. [...]

Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform. [...]

Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable. [...]

Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & Kim Kardashian to promote EMAX Tokens. [...]

US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools. [...]

GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates. [...]

Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered. [...]

Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access. [...]

A cloudy campaign delivers commodity remote-access trojans to steal information and execute code. [...]

Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users. [...]

Sponsored: Password security is highlighted in attorney general warning to New York state businesses. [...]

Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts. [...]

It's not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey. [...]

The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. [...]

The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots. [...]

Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk. [...]

The FBI warned that attackers are impersonating Health & Human Services and/or Amazon to mail BadUSB-poisoned USB devices to targets in transportation, insurance & defense. [...]

The malware establishes initial access on targeted machines, then waits for additional code to execute. [...]

Researchers offer more detail on the bug, which can allow attackers to completely take over targets. [...]

The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from Netgear, TP-Link, DLink, Western Digital, et al. [...]

Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications. [...]

Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found. [...]

End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare, federal cyberserurity CTO Matt Keller says. [...]

Fertility Centers of Illinois' security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files. [...]

Attackers are trading millions of records from a trio of pre-holiday breaches on an online forum. [...]