Researchers plan to introduce a revamp of PunkSpider, which helps identify flaws in websites so companies can make their back-end systems more secure, at DEF CON. [...]

Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam. [...]

No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich. [...]

No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich. [...]

Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email. [...]

The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP. [...]

Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure. [...]

A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin. [...]

Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection. [...]

Targets of Discord malware expand far beyond gamers. [...]

Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment. [...]

Expected cyberattacks on Tokyo Olympics likely include attempts to hijack video feeds, the Feds warn. [...]

The “Evernote for creatives” is anchoring a rapidly spiking phishing campaign, evading SEGs with ease. [...]

The software-engineering platform is urging users to patch the critical flaw ASAP. [...]

Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware. [...]

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. [...]

Ransomware is the threat of 2021. It’s impacting everything from large enterprises, hospitals, to other aspects of our critical infrastructure. Here, we’ll take a look at actual malware domain traffic and how it correlates to ransomware attacks in the news. [...]

Cheap, easy and prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes. [...]

Deep-pocketed clients' customers & suppliers could be in the attacker's net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM. [...]

Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches. [...]

Advanced EASM solutions are crucial to automating the discovery of the downstream third-party (or fourth-party, or fifth-party, etc.) IT infrastructures that your organization is exposed to, and may be vulnerable to attack, posing a critical risk for your organization. [...]

The newly documented code is a full-service malware-delivery threat that's spreading indiscriminately globally through paid search ads. [...]

Podcast: Nothing, says a ransomware negotiator who has tips on staying out of the sad subset of victims left in the lurch, mid-negotiation, after REvil's servers went up in smoke. [...]

Hackers are stealing the identities of those lost in the condo-collapse tragedy. [...]

HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs. [...]