New SteganoAmor attacks use steganography to target 320 orgs globally
A new campaign conducted by the TA558 hacking group is concealing malicious code inside images using steganography to deliver various…
Crickets from Chirp Systems in Smart Lock Key Leak
The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that…
Telegram fixes Windows app zero-day used to launch Python scripts
Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically…
Intel and Lenovo servers impacted by 6-year-old BMC flaw
An almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been overlooked by many device…
Microsoft Patch Tuesday Tsunami: No Zero-Days, but an Asterisk
Microsoft patched a record number of 147 new CVEs this month, though only three are rated "Critical."
April’s Patch Tuesday Brings Record Number of Fixes
If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on…
Windows 10 KB5036892 update released with 23 new fixes, changes
Microsoft has released the KB5036892 cumulative update for Windows 10 21H2 and Windows 10 22H2 with twenty-three changes and two…
CISO Corner: Ivanti’s Mea Culpa; World Cup Hack; CISOs & Cyber Awareness
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also…
New Ivanti RCE flaw may impact 16,000 exposed VPN gateways
Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code…
Magecart Attackers Pioneer Persistent E-Commerce Backdoor
The infamous payment-skimmer cybercrime organization is exploiting CVE-2024-20720 in Magento for a novel approach to stealing card data.