Russian APT ‘Winter Vivern’ Targets European Government, Military
TAG-70's sophisticated espionage campaign targeted a range of geopolitical targets, suggesting a highly capable and well-funded state-backed threat actor.
Ubuntu ‘command-not-found’ tool can be abused to spread malware
A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious…
Fat Patch Tuesday, February 2024 Edition
Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related…
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs
The Water Hydra cyberattacker group is one adversary using the zero-days to get past built-in Windows protections.
Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks
The developers behind a widespread worm are nesting further into networks by exploiting Windows escalation opportunities faster than organizations can…
CISA: Roundcube email server bug now exploited in attacks
CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks.…
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy…
Free Rhysida ransomware decryptor for Windows exploits RNG flaw
South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows…
Raspberry Robin malware evolves with early access to Windows exploits
Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible…
CISO Corner: DoD Regs, Neurodiverse Talent & Tel Aviv’s Light Rail
Also in this issue: How the SEC's reporting rules are being weaponized, quishing attacks plaguing execs, and tabletop exercises making…