Attackers Create Synthetic Security Researchers to Steal IP
Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub…
Exclusive: US government agencies hit in global cyberattack
Several US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software,…
MOVEit Transfer customers warned of new flaw as PoC info surfaces
Progress warned MOVEit Transfer customers to restrict all HTTP access to their environments after info on a new SQL injection (SQLi)…
Fortinet: New FortiOS RCE bug “may have been exploited” in attacks
Fortinet says a critical FortiOS SSL VPN vulnerability that was patched last week "may have been exploited" in attacks impacting government,…
The Week in Ransomware – June 9th 2023 – It’s Clop… Again!
The week was dominated by fallout over the MOVEit Transfer data-theft attacks, with the Clop ransomware gang confirming that they…
Brand-New Security Bugs Affect All MOVEit Transfer Versions
Progress has issued a second patch for additional SQL flaws that are distinct from the zero-day that Cl0p ransomware gang…
New MOVEit Transfer critical flaws found after security audit, patch now
Progress Software warned customers today of newly found critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer (MFT)…
Russia says US hacked thousands of iPhones in iOS zero-click attacks
Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via…
Google triples rewards for Chrome sandbox escape chain exploits
Google announced today that bug bounty hunters who report sandbox escape chain exploits targeting its Chrome web browser are now…
Terminator antivirus killer is a vulnerable Windows driver in disguise
A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" on the Russian-speaking forum RAMP…