May 25, 2021 Apple Patches Actively Exploited Zero-Day MacOS Vulnerability Apple has released a patch to fix a zero-day vulnerability in macOS that is being actively exploited in the wild. The macOS vulnerability, tracked as ... Read more
May 24, 2021 SQL Injection Vulnerability in WP Statistics WordPress Plugin Allows Theft of Database Information A bug has been identified in a popular WordPress app that allows an unauthenticated attacker to steal sensitive database information. The WP Statistics plugin provides ... Read more
May 21, 2021 Large-Scale Malspam Campaign Detected Delivering the STRRAT Remote Access Trojan Microsoft has issued a warning about a massive malspam campaign that is being used to deliver the STRRAT remote access trojan (RAT). The campaign is ... Read more
May 19, 2021 Studies Provide Insights into Vulnerability Exploitation and the Best Patching Policies If you want to prevent threat actors from exploiting vulnerabilities and gaining access to your network, you need to make sure you patch promptly, but ... Read more
May 12, 2021 Adobe Patches 43 Vulnerabilities Including 1 Actively Exploited Flaw in Acrobat/Reader May 2021 Patch Tuesday has seen Adobe issue 43 updates to fix vulnerabilities in 12 different products, including a patch to fix a vulnerability in ... Read more
May 11, 2021 Train Company Under Fire for Insensitive Phishing Simulation Emails Phishing simulations are an important way to test resilience to phishing attacks, but a British train company has discovered these campaigns can easily backfire if ... Read more
May 5, 2021 Trifecta of Sophisticated Malware Distributed in Spear Phishing Campaign Three new sophisticated malware variants are being distributed by an Advanced Persistent Threat (APT) group in a large-scale global phishing campaign, according to a new ... Read more
May 4, 2021 Patch Released for Actively Exploited Pulse Connect Secure VPN Vulnerability Pulse Secure has released a patch for the actively exploited zero-day vulnerability – CVE-2021-22893 – in the Pulse Connect Secure SSL VPN appliance. Last week, ... Read more
April 29, 2021 Phishing Campaign Impersonates Click Studios to Deliver New Moserpass Malware Variant Last week, Click Studios alerted users of the Passwordstate enterprise password manager about a supply chain attack in which hackers successfully compromised the In-Place Upgrade ... Read more
April 27, 2021 Apple Patches Zero-day Flaw Actively Exploited by Shlayer Malware An actively exploited zero-day vulnerability in macOS has been patched by Apple. The vulnerability, one of the most serious flaws in macOS to be discovered, ... Read more
April 22, 2021 Bloomberg Clients Targeted in Phishing Campaign Distributing Remote Access Trojans Remote Access Trojans (RATs) according to a new report published by researchers at Cisco Talos. The relatively few emails that have been intercepted have made ... Read more
April 21, 2021 Actively Exploited Zero Day Vulnerability Identified in Pulse Secure Connect VPN A critical zero-day vulnerability has been identified in Pulse Secure VPN appliances that is being actively exploited by a Chinese advanced persistent threat group. The ... Read more
April 20, 2021 Patch These Actively Exploited SonicWall Vulnerabilities Now! SonicWall has released patches to correct three actively exploited vulnerabilities in its on-premises and hosted email security solutions. The vulnerabilities can be exploited remotely to ... Read more
April 19, 2021 Google Project Zero Adds 30-Day Grace Period to Vulnerability Disclosure Policy Google Project Zero has added a new grace period to its zero-day vulnerability disclosure policy and will now provide an additional 30 days after a ... Read more
April 12, 2021 IcedID Malware Distribution Increases as it Vies to Become the New Emotet A massive malspam campaign is underway distributing the IcedID banking Trojan. The malicious emails have Microsoft Excel attachments, which use Excel 4 macros to deliver ... Read more
April 9, 2021 Collaboration Platforms Increasingly Abused by Threat Actors for Data Exfiltration and Malware Delivery Teleworking has been growing in popularity over the past few years, but the national lockdowns imposed by governments to limit the spread of COVID-19 forced ... Read more
April 8, 2021 New Malware Variant with Worm-Like Capabilities Spoofs Netflix and Spreads via WhatsApp A new malware variant has been discovered by security researchers at Check Point that has been added to a fake Netflix application – FlixOnline – ... Read more
March 26, 2021 Purple Fox Malware Now Has Worm Capabilities for Propagating Across Windows Machines A new variant of Purple Fox malware has been detected by researchers at Guardicore Labs that has achieved far greater success at infecting systems thanks ... Read more
March 23, 2021 Adobe Issues Out-of-Band Patch for Critical ColdFusion Vulnerability A patch has been issued to correct a critical vulnerability – CVE-2021-21087 – in Adobe ColdFusion that could be exploited by a remote attacker to ... Read more
March 16, 2021 Google Fixes Actively Exploited Zero Day Vulnerability in the Chrome Browser Google has patched a zero-day vulnerability in its Chrome browser for Mac, Windows, and Linux. The vulnerability, which is the second zero-day to be patched ... Read more
March 12, 2021 TrickBot Becomes Biggest Malware Threat Following Emotet Takedown The Emotet botnet was the biggest malware threat until a joint law enforcement operation succeeded in taking the botnet down. Emotet was primarily used as ... Read more
March 9, 2021 Microsoft Fixes 82 Vulnerabilities on March 2021 Patch Tuesday Including One Actively Exploited 0Day Flaw March 2021 Patch Tuesday saw Microsoft deliver patches for 82 vulnerabilities across its product range, including fixes for 10 critical flaws and 2 zero-day vulnerabilities ... Read more
March 4, 2021 Multiple Threat Groups Now Exploiting Microsoft Exchange Server Zero-Day Flaws Multiple threat groups have been observed exploiting the four zero-day vulnerabilities in Microsoft Exchange Server that were patched earlier this week. Microsoft announced the four ... Read more
March 3, 2021 Microsoft Releases Out of Band Security Updates to Fix Actively Exploited Microsoft Exchange Server Flaws Microsoft has released patches to correct four zero-day vulnerabilities in Microsoft Exchange Server that are currently being chained together and exploited by a sophisticated Chinese ... Read more
March 2, 2021 Spear Phishing Campaign by Lazarus APT Group Targeting Defense Companies Security researchers at Kaspersky ICS CERT have identified a spear phishing campaign targeting defense companies that delivers an advanced malware dubbed ThreatNeedle. The campaign has ... Read more
February 17, 2021 Malvertising Gang Exploited WebKit Zero Day to Redirect Web Visitors to Scam Sites An unpatched zero-day vulnerability in WebKit-based browsers has been exploited by a threat group to redirect website visitors to scam sites for at least 8 ... Read more
February 10, 2021 Adobe Patches 50 Vulnerabilities Including 1 Actively Exploited Adobe Reader Bug On February 2021 Patch Tuesday Adobe released patches to correct 50 vulnerabilities across its range of products, including 34 critical severity flaws, one of which ... Read more
January 27, 2021 Europol Announces Takedown of the Emotet Botnet Europol has announced that following a global operation by law enforcement and judicial authorities, the Emotet botnet has been disrupted and law enforcement agencies have ... Read more
January 26, 2021 UK Residents Warned of COVID-19 Vaccine Phishing Emails Seeking Financial Information UK residents are being warned about a new phishing campaign that spoofs the National Health Service (NHS) and asks recipients to confirm that they want ... Read more
January 22, 2021 Mistake with Phishing Campaign Saw Stolen Credentials Accessible Through Google Searches A mistake by the operators of a phishing campaign has resulted in stolen credentials being accessible through Google searches. Compromised WordPress sites were used to ... Read more