Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email. [...]

The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP. [...]

Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system. [...]

Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure. [...]

A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin. [...]

Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked. [...]

Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection. [...]

Keeper’s research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations. [...]

Targets of Discord malware expand far beyond gamers. [...]

Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today. [...]

Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment. [...]

The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it's unclear if the ransom was paid. [...]

Expected cyberattacks on Tokyo Olympics likely include attempts to hijack video feeds, the Feds warn. [...]

The “Evernote for creatives” is anchoring a rapidly spiking phishing campaign, evading SEGs with ease. [...]

The software-engineering platform is urging users to patch the critical flaw ASAP. [...]

Critical ICS vulnerabilities can be exploited through leading cloud-management platforms. [...]

Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware. [...]

A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems. [...]

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. [...]

Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change. [...]

Misconfigured permissions for Argo's web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers. [...]

Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware. [...]

Ransomware is the threat of 2021. It’s impacting everything from large enterprises, hospitals, to other aspects of our critical infrastructure. Here, we’ll take a look at actual malware domain traffic and how it correlates to ransomware attacks in the news. [...]

Cheap, easy and prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes. [...]

Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of dissidents, journalists and others. [...]