The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said. [...]

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. [...]

Attackers are milking unpatched Hikvision video systems to drop a DDoS botnet, researchers warned. [...]

DoH! Nate Warfield, CTO of Prevailion, discusses new stealth tactics threat actors are using for C2, including Malleable C2 from Cobalt Strike's arsenal. [...]

Unauthenticated, remote attackers can achieve root-level RCE on SMA 100-series appliances. [...]

The flaws, which could enable attackers to disable security and gain kernel-level privileges, affect Amazon WorkSpaces and other cloud services that use USB over Ethernet. [...]

The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets. [...]

There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed. [...]

Underground arbitration system settles disputes between cybercriminals. [...]

The malware's unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely. [...]

One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing. [...]

BitMart confirmed it had been drained of ~$150 million in cryptocurrency assets, but a blockchain security firm said it's closer to $200 million. [...]

Tony Lauro, director of Security Technology & Strategy at Akamai, discusses VPNs, RDP, flat networks, BYOD and other network-security bugbears. [...]

U.S. military acknowledges targeting cybercriminals who launch attacks on U.S. companies. [...]

The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned. [...]

It's unknown who's behind the cyberattacks against at least nine employees' iPhones, who are all involved in Ugandan diplomacy. [...]

The culprit is misconfigured Kafdrop interfaces, used for centralized management of the open-source platform. [...]

Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes. [...]

Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data. [...]

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll! [...]

Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio. [...]

Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found. [...]

Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures, and/or prescription information. [...]

AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem. [...]

The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts. [...]