Remote code execution, privilege escalation to root and lateral movement through a victim's environment are all on offer for the unpatched or unaware. [...]

On top of the privacy spill, Peloton is also recalling all treadmills after the equipment was linked to 70 injuries and the death of one child. [...]

‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes. [...]

The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked. [...]

The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others. [...]

On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine. [...]

The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009. [...]

Jason Kent, hacker in residence at Cequence Security, says most retailers are applying 1970s solutions to the modern (and out-of-control) shopping-bot problem, and offers alternative ideas. [...]

An intense hunt for corporate account credentials will continue into next quarter, researchers predict. [...]

The San Diego-based hospital system diverted ambulances to other medical centers after a suspected ransomware attack. [...]

The 3+ years computer scientists spent concocting ways to defend against these supply-chain attacks against chip architecture? It's bound for the dustbin. [...]

Researchers warned that unpatched versions of HPE’s Edgeline Infrastructure Manager are open to remote authentication-bypass attacks. [...]

New deepfake products and services are cropping up across the Dark Web. [...]

It's coming in emails disguised as DHL Support shipping notices and is apparently getting prepped for leasing on the underground. [...]

The stealthy backdoor is likely being used by Chinese APTs, researchers said. [...]

The developer of the WeSteal cryptocurrency stealer can’t be bothered with fancy talk: they say flat-out that it’s “the leading way to make money in 2021”. [...]

Oliver Tavakoli, CTO of Vectra AI, discusses the differences between the massive supply-chain hack and the Exchange zero-day attacks, and their legacy and ramifications for security professionals. [...]

Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash. [...]

Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash. [...]

The RaaS operators have been posting, tweaking and taking down a goodbye note, saying that they'll be open-sourcing their data encryption malware for other crooks to use. [...]

The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console. [...]

Researchers fear wider exposure, amidst a tepid response from Experian. [...]

A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations. [...]

Sorry, we’ve upchucked your COVID test results and other medical and personal data into public GitHub storage buckets, the Wyoming Department of Health said. [...]

The perp faces jail time, but the incident highlights the growing cyber-abuse of QR codes. [...]