New Realst macOS malware steals your cryptocurrency wallets
A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its…
CISA warns govt agencies to patch Adobe ColdFusion servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on…
Stolen Azure AD key offered widespread access to Microsoft cloud services
The Microsoft private encryption key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and…
Stolen Microsoft key offered widespread access to Microsoft cloud services
The Microsoft consumer signing key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and…
Google Cloud Build Flaw Enables Privilege Escalation, Code Tampering
Google's fix to the Bad.Build flaw only partially addresses the issue, say security researchers who discovered it.
FIN8 deploys ALPHV ransomware using Sardonic malware variant
A financially motivated cybercrime gang has been observed deploying BlackCat ransomware payloads on networks backdoored using a revamped Sardonic malware…
AVrecon malware infects 70,000 Linux routers to build botnet
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office…
Hackers Target Chinese Gamers With Microsoft-Signed Rootkit
Kernel mode driver can download second-stage payload directly to memory, allowing threat actors to evade endpoint detection and response tools.
New PyLoose Linux malware mines crypto directly from memory
A new fileless malware named PyLoose has been targeting cloud workloads to hijack their computational resources for Monero cryptocurrency mining.…
Microsoft Discloses 5 Zero-Days in Voluminous July Security Update
Fixes for more than 100 vulnerabilities affect numerous products, including Windows, Office, .Net, and Azure Active Directory, among others.