CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. [...]

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. [...]

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack. [...]

Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds. [...]

Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims. [...]

DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails. [...]

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads. [...]

The increased proliferation of IoT devices paved the way for the rise of IoT botnets that amplifies DDoS attacks today. This is a dangerous warning that the possibility of a sophisticated DDoS attack and a prolonged service outage will prevent businesses from growing. [...]

300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services. [...]

Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction. [...]

Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets. [...]

Victims instructed to make a phone call that will direct them to a link for downloading malware. [...]

The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code. [...]

Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks. [...]

Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.' [...]

The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn. [...]

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. [...]

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers. [...]

Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found. [...]

Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes. [...]

In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the company’s risk of direct or collateral damage. [...]

Fortinet's Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams. [...]

Connections that show the cybercriminal teams are working together signal shifts in their respective tactics and an expansion of opportunities to target victims. [...]

The DoJ is charging its founder, 21-year-old Portuguese citizen Diogo Santos Coelho, on six criminal counts, including conspiracy, access device fraud and aggravated identity theft. [...]

For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits. [...]