The prolific APT repeatedly compromised targets in healthcare, manufacturing, and government with new lightweight downloaders that blend into network traffic…
A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information…
Meta’s AI-Powered Ray-Bans Portend Privacy Issues
AI will make Meta's smart glasses more attractive for consumers. But can the company straddle cutting-edge functionality and responsible data…
Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug
CVE-2023-50164 is harder to exploit than the 2017 Struts bug behind the massive breach at Equifax, but don't underestimate the…
Iran-Linked ‘OilRig’ Cyberattackers Target Israel’s Critical Infrastructure, Over & Over
The prolific APT repeatedly compromised targets in healthcare, manufacturing, and government with new lightweight downloaders that blend into network traffic…
Hackers are exploiting critical Apache Struts flaw using public PoC
Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution,…
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three…
Kali Linux 2023.4 released with GNOME 45 and 15 new tools
Kali Linux 2023.4, the fourth and final version of 2023, is now available for download, with fifteen new tools and…
Stealthier version of P2Pinfect malware targets MIPS devices
The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined…
Web Shells Gain Sophistication for Stealth, Persistence
A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information…
Microsoft: Some Outlook.com users can’t send emails with attachments
In a Monday advisory, Microsoft warned Outlook.com users about issues they might encounter when sending emails containing attachments. [...]
Apple ‘Find My’ network can be abused to steal keylogged passwords
Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed…