Hundreds of U.S. news sites push malware in supply-chain attack
The compromised infrastructure of an undisclosed media company is being used by threat actors to deploy the SocGholish JavaScript malware…
ConnectWise fixes RCE bug exposing thousands of servers to attacks
ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager (SBM)…
Fodcha DDoS botnet reaches 1Tbps in power, injects ransoms in packets
A new version of the Fodcha DDoS botnet has emerged, featuring ransom demands embedded in packets and new features to…
Google Chrome Pays $57K (and Counting) in Bug Bounties for Latest Update
Chrome's Stable Channel 107 rollout includes security fixes from a slew of independent researchers, racking up nearly $60,000 in bounties.
Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit
A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who…
Android adware apps in Google Play downloaded over 20 million times
Security researchers at McAfee have discovered a set of 16 malicious clicker apps that managed to sneak into Google Play,…
Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability
The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's…
Microsoft data breach exposes customers’ contact info, emails
Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the…
New PHP information-stealing malware targets Facebook accounts
Threat analysts have spotted a new Ducktail campaign using a new infostealer variant and novel TTPs (tactics, techniques, and procedures),…
Fortinet urges admins to patch bug with public exploit immediately
Fortinet urges customers to urgently patch their appliances against a critical authentication bypass FortiOS, FortiProxy, and FortiSwitchManager vulnerability exploited in attacks. [...]