The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud. [...]

In a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds. [...]

In a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds. [...]

Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges. [...]

UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software. [...]

The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open. [...]

A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. [...]

A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. [...]

Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details. [...]

A well-crafted but fake government procurement portal offers the opportunity to submit a bid for lucrative government projects -- but harvests credentials instead. [...]

Praise be & pass the recipe for the software soup: There's too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable. [...]

It's time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking. [...]

It's a double-extortion play that uses the command-line password ‘KissMe’ to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art. [...]

Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said. [...]

UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next. [...]

Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike. [...]

Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers. [...]

As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. “Be afraid” was scrawled on the Foreign Ministry site. [...]

Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform. [...]

Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable. [...]

Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & Kim Kardashian to promote EMAX Tokens. [...]

US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools. [...]

GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates. [...]

Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered. [...]

Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access. [...]