The exploit pries open CVE-2021-31166, a bug with a CVSS score of 9.8 that was the baddest of the bad in Microsoft's Patch Tuesday release last week. [...]

Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh. [...]

Anurag Kahol, CTO at Bitglass, discusses options for detecting malicious or dangerous activity from within an organization. [...]

You can’t possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market. [...]

The latest Magecart iteration is finding success with a new PHP web shell skimmer. [...]

Keynoters from Cisco, Netflix and RSA highlighted lessons from the last year, and cybersecurity's new mandate in the post-pandemic world: Bounce back stronger. [...]

The criminal forum washed its hands of ransomware after DarkSide's pipeline attack & alleged shutdown: A "loss of servers" that didn't stop another attack. [...]

Pandemic and evolving IT demands are having a major, negative impact on CISOs' mental health, a survey found. [...]

The financially motivated cybercrime gang behind the Carbanak RAT is back with the Lizar malware, which can harvest all kinds of info from Windows machines. [...]

The RaaS that crippled Colonial Pipeline lost the servers it uses to pull off ransomware attacks, while REvil’s gonads shrank in response. [...]

A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymity in Chrome, Firefox, Microsoft Edge, Safari and even Tor. [...]

The DBIR – Verizon’s 2021 data breach report – shows spikes in sophisticated phishing, financially motivated cyberattacks and a criminal focus on web-application servers. [...]

According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key. [...]

An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships. [...]

Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them. [...]

The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads. [...]

The ‘Send My’ exploit can use Apple's locator service to collect and send information from nearby devices for later upload to iCloud servers. [...]

According to Keeper Security’s Workplace Password Malpractice Report, many remote workers aren’t following best practices for password security. [...]

FBI/CISA warn about the RaaS network behind the Colonial hack, Colonial restarts operations, and researchers details groups that rent the ransomware. [...]

Paper ballots and source-code transparency are recommended to improve election security. [...]

A new type of fraud is spiking across the platform: Selling fake vax records to people who want to lie their way into places where proof of vaccine is required. [...]

Argyle is paying workers to help hack payroll providers, researchers suspect. [...]

Wi-Fi devices going back to 1997 are vulnerable to attackers who can steal your data if they're in range. [...]

Microsoft's May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities. [...]

GitHub adds support for FIDO2 security keys for Git over SSH to fend off account hijacking and further its plan to stick a fork in the security bane of passwords. [...]