New zero-day exploit for Log4j Java library is an enterprise nightmare
Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing…
Researchers Explore Microsoft Outlook Phishing Techniques
Outlook features intended to improve collaboration and productivity may make social engineering attacks more effective, researchers find.
One-Third of Phishing Pages Active Less Than a Day
Security experts say the first hours in a phishing page's life are the most dangerous for users.
Dark Mirai botnet targeting RCE on popular TP-Link router
The botnet known as Dark Mirai (aka MANGA) has been observed exploiting a new vulnerability on the TP-Link TL-WR840N EU…
Newly Found Authentication Flaws Highlight Dangers of Coding From Scratch
Two vulnerabilities in a call-center software suite could allow an attacker to take over the application server, researchers found.
Microsoft: Secured-core servers help prevent ransomware attacks
Microsoft says the first Secured-core certified Windows Server and Microsoft Azure Stack HCI devices are now available to protect customers' networks…
Hackers infect random WordPress plugins to steal credit cards
Credit card swipers are being injected into random plugins of e-commerce WordPress sites, hiding from detection while stealing customer payment…
XE Group exposed for eight years of hacking, credit card theft
A relatively unknown group of Vietnamese hackers calling themselves 'XE Group' has been linked to eight years of for-profit hacking…
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat…
Grafana fixes zero-day vulnerability after exploits spread over Twitter
Open-source analytics and interactive visualization solution Grafana received an emergency update today to fix a high-severity, zero-day vulnerability that enabled…