Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws
Today is Microsoft's February 2023 Patch Tuesday, and security updates fix three actively exploited zero-day vulnerabilities and a total of…
MagicWeb Mystery Highlights Nobelium Attacker’s Sophistication
The authentication bypass used by the Nobelium group, best known for the supply chain attack on SolarWinds, required a massive,…
Hacker develops new ‘Screenshotter’ malware to find high-value targets
A new threat actor tracked as TA886 targets organizations in the United States and Germany with new custom malware to…
Clop ransomware flaw allowed Linux victims to recover files for months
The Clop ransomware gang is now also using a malware variant that explicitly targets Linux servers, but a flaw in…
Atlassian warns of critical Jira Service Management auth flaw
A critical vulnerability in Atlassian's Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and…
Discrepancies Discovered in Vulnerability Severity Ratings
Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.
Russia’s Sandworm APT Launches Swarm of Wiper Attacks in Ukraine
The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical…
KeePass disputes vulnerability allowing stealthy password theft
The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to…
Researchers to release VMware vRealize Log RCE exploit, patch now
Security researchers with Horizon3's Attack Team will release next week an exploit targeting a vulnerability chain for gaining remote code…
Hackers use new SwiftSlicer wiper to destroy Windows domains
Security researchers have identified a new data-wiping malware they named SwiftSlicer that aims to overwrite crucial files used by the…