Microsoft Exchange servers hacked in internal reply-chain attacks
Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen…
Attackers deploy Linux backdoor on e-stores compromised with software skimmer
Researchers discovered threat actors installing a Linux backdoor on compromised e-commerce servers after deploying a credit card skimmer […] The…
Hackers deploy Linux malware, web skimmer on e-commerce servers
Security researchers discovered that attackers are also deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card…
MacOS Zero-Day Used in Watering-Hole Attacks
Attackers targeted Chinese pro-democracy groups using a vulnerability fixed in September along with a second vulnerability fixed early in the…
‘Lyceum’ Threat Group Broadens Focus to ISPs
New report suggests attacker is targeting trusted supply chain companies in order to compromise large numbers of downstream customers.
Windows 10 App Installer abused in BazarLoader malware attacks
The TrickBot gang operators are now abusing the Windows 10 App Installer to deploy their BazarLoader malware on the systems…
New Application Security Toolkit Uncovers Dependency Confusion Attacks
The Dependency Combobulator is an open source Python-based toolkit that helps developers discover malicious software components that may have accidentally…
Lazarus hackers target researchers with trojanized IDA Pro
A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a…
Ironic twist: WP Reset PRO bug lets hackers wipe WordPress sites
A high severity security flaw in the WP Reset PRO WordPress plugin can let authenticated attackers wipe vulnerable websites, as…
Zoho ManageEngine Flaw Highlights Risks of Race to Patch
Attackers used a pre-auth vulnerability in a component of the enterprise management software suite to compromise businesses, highlighting the dangers…